search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8158 Want named threads API
[unleashed.git] / usr / src / cmd / svc / startd / graph.c
blob0e5253a281faa58e59eeaf986604d96f1790f23a
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2018 Joyent, Inc.
25 * Copyright (c) 2015, Syneto S.R.L. All rights reserved.
26 * Copyright 2016 Toomas Soome <tsoome@me.com>
27 * Copyright 2016 RackTop Systems.
28 */
29
30 /*
31 * graph.c - master restarter graph engine
32 *
33 * The graph engine keeps a dependency graph of all service instances on the
34 * system, as recorded in the repository. It decides when services should
35 * be brought up or down based on service states and dependencies and sends
36 * commands to restarters to effect any changes. It also executes
37 * administrator commands sent by svcadm via the repository.
38 *
39 * The graph is stored in uu_list_t *dgraph and its vertices are
40 * graph_vertex_t's, each of which has a name and an integer id unique to
41 * its name (see dict.c). A vertex's type attribute designates the type
42 * of object it represents: GVT_INST for service instances, GVT_SVC for
43 * service objects (since service instances may depend on another service,
44 * rather than service instance), GVT_FILE for files (which services may
45 * depend on), and GVT_GROUP for dependencies on multiple objects. GVT_GROUP
46 * vertices are necessary because dependency lists may have particular
47 * grouping types (require any, require all, optional, or exclude) and
48 * event-propagation characteristics.
49 *
50 * The initial graph is built by libscf_populate_graph() invoking
51 * dgraph_add_instance() for each instance in the repository. The function
52 * adds a GVT_SVC vertex for the service if one does not already exist, adds
53 * a GVT_INST vertex named by the FMRI of the instance, and sets up the edges.
54 * The resulting web of vertices & edges associated with an instance's vertex
55 * includes
56 *
57 * - an edge from the GVT_SVC vertex for the instance's service
58 *
59 * - an edge to the GVT_INST vertex of the instance's resarter, if its
60 * restarter is not svc.startd
61 *
62 * - edges from other GVT_INST vertices if the instance is a restarter
63 *
64 * - for each dependency property group in the instance's "running"
65 * snapshot, an edge to a GVT_GROUP vertex named by the FMRI of the
66 * instance and the name of the property group
67 *
68 * - for each value of the "entities" property in each dependency property
69 * group, an edge from the corresponding GVT_GROUP vertex to a
70 * GVT_INST, GVT_SVC, or GVT_FILE vertex
71 *
72 * - edges from GVT_GROUP vertices for each dependent instance
73 *
74 * After the edges are set up the vertex's GV_CONFIGURED flag is set. If
75 * there are problems, or if a service is mentioned in a dependency but does
76 * not exist in the repository, the GV_CONFIGURED flag will be clear.
77 *
78 * The graph and all of its vertices are protected by the dgraph_lock mutex.
79 * See restarter.c for more information.
80 *
81 * The properties of an instance fall into two classes: immediate and
82 * snapshotted. Immediate properties should have an immediate effect when
83 * changed. Snapshotted properties should be read from a snapshot, so they
84 * only change when the snapshot changes. The immediate properties used by
85 * the graph engine are general/enabled, general/restarter, and the properties
86 * in the restarter_actions property group. Since they are immediate, they
87 * are not read out of a snapshot. The snapshotted properties used by the
88 * graph engine are those in the property groups with type "dependency" and
89 * are read out of the "running" snapshot. The "running" snapshot is created
90 * by the the graph engine as soon as possible, and it is updated, along with
91 * in-core copies of the data (dependency information for the graph engine) on
92 * receipt of the refresh command from svcadm. In addition, the graph engine
93 * updates the "start" snapshot from the "running" snapshot whenever a service
94 * comes online.
95 *
96 * When a DISABLE event is requested by the administrator, svc.startd shutdown
97 * the dependents first before shutting down the requested service.
98 * In graph_enable_by_vertex, we create a subtree that contains the dependent
99 * vertices by marking those vertices with the GV_TOOFFLINE flag. And we mark
100 * the vertex to disable with the GV_TODISABLE flag. Once the tree is created,
101 * we send the _ADMIN_DISABLE event to the leaves. The leaves will then
102 * transition from STATE_ONLINE/STATE_DEGRADED to STATE_OFFLINE/STATE_MAINT.
103 * In gt_enter_offline and gt_enter_maint if the vertex was in a subtree then
104 * we clear the GV_TOOFFLINE flag and walk the dependencies to offline the new
105 * exposed leaves. We do the same until we reach the last leaf (the one with
106 * the GV_TODISABLE flag). If the vertex to disable is also part of a larger
107 * subtree (eg. multiple DISABLE events on vertices in the same subtree) then
108 * once the first vertex is disabled (GV_TODISABLE flag is removed), we
109 * continue to propagate the offline event to the vertex's dependencies.
110 *
111 *
112 * SMF state transition notifications
113 *
114 * When an instance of a service managed by SMF changes state, svc.startd may
115 * publish a GPEC sysevent. All transitions to or from maintenance, a
116 * transition cause by a hardware error will generate an event.
117 * Other transitions will generate an event if there exist notification
118 * parameter for that transition. Notification parameters are stored in the
119 * SMF repository for the service/instance they refer to. System-wide
120 * notification parameters are stored in the global instance.
121 * svc.startd can be told to send events for all SMF state transitions despite
122 * of notification parameters by setting options/info_events_all to true in
123 * restarter:default
124 *
125 * The set of transitions that generate events is cached in the
126 * dgraph_vertex_t gv_stn_tset for service/instance and in the global
127 * stn_global for the system-wide set. They are re-read when instances are
128 * refreshed.
129 *
130 * The GPEC events published by svc.startd are consumed by fmd(1M). After
131 * processing these events, fmd(1M) publishes the processed events to
132 * notification agents. The notification agents read the notification
133 * parameters from the SMF repository through libscf(3LIB) interfaces and send
134 * the notification, or not, based on those parameters.
135 *
136 * Subscription and publishing to the GPEC channels is done with the
137 * libfmevent(3LIB) wrappers fmev_[r]publish_*() and
138 * fmev_shdl_(un)subscribe().
139 *
140 */
141
142 #include <sys/uadmin.h>
143 #include <sys/wait.h>
144
145 #include <assert.h>
146 #include <errno.h>
147 #include <fcntl.h>
148 #include <fm/libfmevent.h>
149 #include <libscf.h>
150 #include <libscf_priv.h>
151 #include <librestart.h>
152 #include <libuutil.h>
153 #include <locale.h>
154 #include <poll.h>
155 #include <pthread.h>
156 #include <signal.h>
157 #include <stddef.h>
158 #include <stdio.h>
159 #include <stdlib.h>
160 #include <string.h>
161 #include <strings.h>
162 #include <sys/statvfs.h>
163 #include <sys/uadmin.h>
164 #include <zone.h>
165 #if defined(__x86)
166 #include <libbe.h>
167 #endif /* __x86 */
168
169 #include "startd.h"
170 #include "protocol.h"
171
172
173 #define MILESTONE_NONE ((graph_vertex_t *)1)
174
175 #define CONSOLE_LOGIN_FMRI "svc:/system/console-login:default"
176 #define FS_MINIMAL_FMRI "svc:/system/filesystem/minimal:default"
177
178 #define VERTEX_REMOVED 0 /* vertex has been freed */
179 #define VERTEX_INUSE 1 /* vertex is still in use */
180
181 #define IS_ENABLED(v) ((v)->gv_flags & (GV_ENABLED | GV_ENBLD_NOOVR))
182
183 /*
184 * stn_global holds the tset for the system wide notification parameters.
185 * It is updated on refresh of svc:/system/svc/global:default
186 *
187 * There are two assumptions that relax the need for a mutex:
188 * 1. 32-bit value assignments are atomic
189 * 2. Its value is consumed only in one point at
190 * dgraph_state_transition_notify(). There are no test and set races.
191 *
192 * If either assumption is broken, we'll need a mutex to synchronize
193 * access to stn_global
194 */
195 int32_t stn_global;
196 /*
197 * info_events_all holds a flag to override notification parameters and send
198 * Information events for all state transitions.
199 * same about the need of a mutex here.
200 */
201 int info_events_all;
202
203 /*
204 * Services in these states are not considered 'down' by the
205 * milestone/shutdown code.
206 */
207 #define up_state(state) ((state) == RESTARTER_STATE_ONLINE || \
208 (state) == RESTARTER_STATE_DEGRADED || \
209 (state) == RESTARTER_STATE_OFFLINE)
210
211 #define is_depgrp_bypassed(v) ((v->gv_type == GVT_GROUP) && \
212 ((v->gv_depgroup == DEPGRP_EXCLUDE_ALL) || \
213 (v->gv_restart < RERR_RESTART)))
214
215 #define is_inst_bypassed(v) ((v->gv_type == GVT_INST) && \
216 ((v->gv_flags & GV_TODISABLE) || \
217 (v->gv_flags & GV_TOOFFLINE)))
218
219 static uu_list_pool_t *graph_edge_pool, *graph_vertex_pool;
220 static uu_list_t *dgraph;
221 static pthread_mutex_t dgraph_lock;
222
223 /*
224 * milestone indicates the current subgraph. When NULL, it is the entire
225 * graph. When MILESTONE_NONE, it is the empty graph. Otherwise, it is all
226 * services on which the target vertex depends.
227 */
228 static graph_vertex_t *milestone = NULL;
229 static boolean_t initial_milestone_set = B_FALSE;
230 static pthread_cond_t initial_milestone_cv = PTHREAD_COND_INITIALIZER;
231
232 /* protected by dgraph_lock */
233 static boolean_t sulogin_thread_running = B_FALSE;
234 static boolean_t sulogin_running = B_FALSE;
235 static boolean_t console_login_ready = B_FALSE;
236
237 /* Number of services to come down to complete milestone transition. */
238 static uint_t non_subgraph_svcs;
239
240 /*
241 * These variables indicate what should be done when we reach the milestone
242 * target milestone, i.e., when non_subgraph_svcs == 0. They are acted upon in
243 * dgraph_set_instance_state().
244 */
245 static int halting = -1;
246 static boolean_t go_single_user_mode = B_FALSE;
247 static boolean_t go_to_level1 = B_FALSE;
248
249 /*
250 * Tracks when we started halting.
251 */
252 static time_t halting_time = 0;
253
254 /*
255 * This tracks the legacy runlevel to ensure we signal init and manage
256 * utmpx entries correctly.
257 */
258 static char current_runlevel = '\0';
259
260 /* Number of single user threads currently running */
261 static pthread_mutex_t single_user_thread_lock;
262 static int single_user_thread_count = 0;
263
264 /* Statistics for dependency cycle-checking */
265 static u_longlong_t dep_inserts = 0;
266 static u_longlong_t dep_cycle_ns = 0;
267 static u_longlong_t dep_insert_ns = 0;
268
269
270 static const char * const emsg_invalid_restarter =
271 "Transitioning %s to maintenance, restarter FMRI %s is invalid "
272 "(see 'svcs -xv' for details).\n";
273 static const char * const console_login_fmri = CONSOLE_LOGIN_FMRI;
274 static const char * const single_user_fmri = SCF_MILESTONE_SINGLE_USER;
275 static const char * const multi_user_fmri = SCF_MILESTONE_MULTI_USER;
276 static const char * const multi_user_svr_fmri = SCF_MILESTONE_MULTI_USER_SERVER;
277
278
279 /*
280 * These services define the system being "up". If none of them can come
281 * online, then we will run sulogin on the console. Note that the install ones
282 * are for the miniroot and when installing CDs after the first. can_come_up()
283 * does the decision making, and an sulogin_thread() runs sulogin, which can be
284 * started by dgraph_set_instance_state() or single_user_thread().
285 *
286 * NOTE: can_come_up() relies on SCF_MILESTONE_SINGLE_USER being the first
287 * entry, which is only used when booting_to_single_user (boot -s) is set.
288 * This is because when doing a "boot -s", sulogin is started from specials.c
289 * after milestone/single-user comes online, for backwards compatibility.
290 * In this case, SCF_MILESTONE_SINGLE_USER needs to be part of up_svcs
291 * to ensure sulogin will be spawned if milestone/single-user cannot be reached.
292 */
293 static const char * const up_svcs[] = {
294 SCF_MILESTONE_SINGLE_USER,
295 CONSOLE_LOGIN_FMRI,
296 "svc:/system/install-setup:default",
297 "svc:/system/install:default",
298 NULL
299 };
300
301 /* This array must have an element for each non-NULL element of up_svcs[]. */
302 static graph_vertex_t *up_svcs_p[] = { NULL, NULL, NULL, NULL };
303
304 /* These are for seed repository magic. See can_come_up(). */
305 static const char * const manifest_import = SCF_INSTANCE_MI;
306 static graph_vertex_t *manifest_import_p = NULL;
307
308
309 static char target_milestone_as_runlevel(void);
310 static void graph_runlevel_changed(char rl, int online);
311 static int dgraph_set_milestone(const char *, scf_handle_t *, boolean_t);
312 static boolean_t should_be_in_subgraph(graph_vertex_t *v);
313 static int mark_subtree(graph_edge_t *, void *);
314 static boolean_t insubtree_dependents_down(graph_vertex_t *);
315
316 /*
317 * graph_vertex_compare()
318 * This function can compare either int *id or * graph_vertex_t *gv
319 * values, as the vertex id is always the first element of a
320 * graph_vertex structure.
321 */
322 /* ARGSUSED */
323 static int
324 graph_vertex_compare(const void *lc_arg, const void *rc_arg, void *private)
325 {
326 int lc_id = ((const graph_vertex_t *)lc_arg)->gv_id;
327 int rc_id = *(int *)rc_arg;
328
329 if (lc_id > rc_id)
330 return (1);
331 if (lc_id < rc_id)
332 return (-1);
333 return (0);
334 }
335
336 void
337 graph_init()
338 {
339 graph_edge_pool = startd_list_pool_create("graph_edges",
340 sizeof (graph_edge_t), offsetof(graph_edge_t, ge_link), NULL,
341 UU_LIST_POOL_DEBUG);
342 assert(graph_edge_pool != NULL);
343
344 graph_vertex_pool = startd_list_pool_create("graph_vertices",
345 sizeof (graph_vertex_t), offsetof(graph_vertex_t, gv_link),
346 graph_vertex_compare, UU_LIST_POOL_DEBUG);
347 assert(graph_vertex_pool != NULL);
348
349 (void) pthread_mutex_init(&dgraph_lock, &mutex_attrs);
350 (void) pthread_mutex_init(&single_user_thread_lock, &mutex_attrs);
351 dgraph = startd_list_create(graph_vertex_pool, NULL, UU_LIST_SORTED);
352 assert(dgraph != NULL);
353
354 if (!st->st_initial)
355 current_runlevel = utmpx_get_runlevel();
356
357 log_framework(LOG_DEBUG, "Initialized graph\n");
358 }
359
360 static graph_vertex_t *
361 vertex_get_by_name(const char *name)
362 {
363 int id;
364
365 assert(MUTEX_HELD(&dgraph_lock));
366
367 id = dict_lookup_byname(name);
368 if (id == -1)
369 return (NULL);
370
371 return (uu_list_find(dgraph, &id, NULL, NULL));
372 }
373
374 static graph_vertex_t *
375 vertex_get_by_id(int id)
376 {
377 assert(MUTEX_HELD(&dgraph_lock));
378
379 if (id == -1)
380 return (NULL);
381
382 return (uu_list_find(dgraph, &id, NULL, NULL));
383 }
384
385 /*
386 * Creates a new vertex with the given name, adds it to the graph, and returns
387 * a pointer to it. The graph lock must be held by this thread on entry.
388 */
389 static graph_vertex_t *
390 graph_add_vertex(const char *name)
391 {
392 int id;
393 graph_vertex_t *v;
394 void *p;
395 uu_list_index_t idx;
396
397 assert(MUTEX_HELD(&dgraph_lock));
398
399 id = dict_insert(name);
400
401 v = startd_zalloc(sizeof (*v));
402
403 v->gv_id = id;
404
405 v->gv_name = startd_alloc(strlen(name) + 1);
406 (void) strcpy(v->gv_name, name);
407
408 v->gv_dependencies = startd_list_create(graph_edge_pool, v, 0);
409 v->gv_dependents = startd_list_create(graph_edge_pool, v, 0);
410
411 p = uu_list_find(dgraph, &id, NULL, &idx);
412 assert(p == NULL);
413
414 uu_list_node_init(v, &v->gv_link, graph_vertex_pool);
415 uu_list_insert(dgraph, v, idx);
416
417 return (v);
418 }
419
420 /*
421 * Removes v from the graph and frees it. The graph should be locked by this
422 * thread, and v should have no edges associated with it.
423 */
424 static void
425 graph_remove_vertex(graph_vertex_t *v)
426 {
427 assert(MUTEX_HELD(&dgraph_lock));
428
429 assert(uu_list_numnodes(v->gv_dependencies) == 0);
430 assert(uu_list_numnodes(v->gv_dependents) == 0);
431 assert(v->gv_refs == 0);
432
433 startd_free(v->gv_name, strlen(v->gv_name) + 1);
434 uu_list_destroy(v->gv_dependencies);
435 uu_list_destroy(v->gv_dependents);
436 uu_list_remove(dgraph, v);
437
438 startd_free(v, sizeof (graph_vertex_t));
439 }
440
441 static void
442 graph_add_edge(graph_vertex_t *fv, graph_vertex_t *tv)
443 {
444 graph_edge_t *e, *re;
445 int r;
446
447 assert(MUTEX_HELD(&dgraph_lock));
448
449 e = startd_alloc(sizeof (graph_edge_t));
450 re = startd_alloc(sizeof (graph_edge_t));
451
452 e->ge_parent = fv;
453 e->ge_vertex = tv;
454
455 re->ge_parent = tv;
456 re->ge_vertex = fv;
457
458 uu_list_node_init(e, &e->ge_link, graph_edge_pool);
459 r = uu_list_insert_before(fv->gv_dependencies, NULL, e);
460 assert(r == 0);
461
462 uu_list_node_init(re, &re->ge_link, graph_edge_pool);
463 r = uu_list_insert_before(tv->gv_dependents, NULL, re);
464 assert(r == 0);
465 }
466
467 static void
468 graph_remove_edge(graph_vertex_t *v, graph_vertex_t *dv)
469 {
470 graph_edge_t *e;
471
472 for (e = uu_list_first(v->gv_dependencies);
473 e != NULL;
474 e = uu_list_next(v->gv_dependencies, e)) {
475 if (e->ge_vertex == dv) {
476 uu_list_remove(v->gv_dependencies, e);
477 startd_free(e, sizeof (graph_edge_t));
478 break;
479 }
480 }
481
482 for (e = uu_list_first(dv->gv_dependents);
483 e != NULL;
484 e = uu_list_next(dv->gv_dependents, e)) {
485 if (e->ge_vertex == v) {
486 uu_list_remove(dv->gv_dependents, e);
487 startd_free(e, sizeof (graph_edge_t));
488 break;
489 }
490 }
491 }
492
493 static void
494 remove_inst_vertex(graph_vertex_t *v)
495 {
496 graph_edge_t *e;
497 graph_vertex_t *sv;
498 int i;
499
500 assert(MUTEX_HELD(&dgraph_lock));
501 assert(uu_list_numnodes(v->gv_dependents) == 1);
502 assert(uu_list_numnodes(v->gv_dependencies) == 0);
503 assert(v->gv_refs == 0);
504 assert((v->gv_flags & GV_CONFIGURED) == 0);
505
506 e = uu_list_first(v->gv_dependents);
507 sv = e->ge_vertex;
508 graph_remove_edge(sv, v);
509
510 for (i = 0; up_svcs[i] != NULL; ++i) {
511 if (up_svcs_p[i] == v)
512 up_svcs_p[i] = NULL;
513 }
514
515 if (manifest_import_p == v)
516 manifest_import_p = NULL;
517
518 graph_remove_vertex(v);
519
520 if (uu_list_numnodes(sv->gv_dependencies) == 0 &&
521 uu_list_numnodes(sv->gv_dependents) == 0 &&
522 sv->gv_refs == 0)
523 graph_remove_vertex(sv);
524 }
525
526 static void
527 graph_walk_dependents(graph_vertex_t *v, void (*func)(graph_vertex_t *, void *),
528 void *arg)
529 {
530 graph_edge_t *e;
531
532 for (e = uu_list_first(v->gv_dependents);
533 e != NULL;
534 e = uu_list_next(v->gv_dependents, e))
535 func(e->ge_vertex, arg);
536 }
537
538 static void
539 graph_walk_dependencies(graph_vertex_t *v,
540 void (*func)(graph_vertex_t *, void *), void *arg)
541 {
542 graph_edge_t *e;
543
544 assert(MUTEX_HELD(&dgraph_lock));
545
546 for (e = uu_list_first(v->gv_dependencies);
547 e != NULL;
548 e = uu_list_next(v->gv_dependencies, e)) {
549
550 func(e->ge_vertex, arg);
551 }
552 }
553
554 /*
555 * Generic graph walking function.
556 *
557 * Given a vertex, this function will walk either dependencies
558 * (WALK_DEPENDENCIES) or dependents (WALK_DEPENDENTS) of a vertex recursively
559 * for the entire graph. It will avoid cycles and never visit the same vertex
560 * twice.
561 *
562 * We avoid traversing exclusion dependencies, because they are allowed to
563 * create cycles in the graph. When propagating satisfiability, there is no
564 * need to walk exclusion dependencies because exclude_all_satisfied() doesn't
565 * test for satisfiability.
566 *
567 * The walker takes two callbacks. The first is called before examining the
568 * dependents of each vertex. The second is called on each vertex after
569 * examining its dependents. This allows is_path_to() to construct a path only
570 * after the target vertex has been found.
571 */
572 typedef enum {
573 WALK_DEPENDENTS,
574 WALK_DEPENDENCIES
575 } graph_walk_dir_t;
576
577 typedef int (*graph_walk_cb_t)(graph_vertex_t *, void *);
578
579 typedef struct graph_walk_info {
580 graph_walk_dir_t gi_dir;
581 uchar_t *gi_visited; /* vertex bitmap */
582 int (*gi_pre)(graph_vertex_t *, void *);
583 void (*gi_post)(graph_vertex_t *, void *);
584 void *gi_arg; /* callback arg */
585 int gi_ret; /* return value */
586 } graph_walk_info_t;
587
588 static int
589 graph_walk_recurse(graph_edge_t *e, graph_walk_info_t *gip)
590 {
591 uu_list_t *list;
592 int r;
593 graph_vertex_t *v = e->ge_vertex;
594 int i;
595 uint_t b;
596
597 i = v->gv_id / 8;
598 b = 1 << (v->gv_id % 8);
599
600 /*
601 * Check to see if we've visited this vertex already.
602 */
603 if (gip->gi_visited[i] & b)
604 return (UU_WALK_NEXT);
605
606 gip->gi_visited[i] |= b;
607
608 /*
609 * Don't follow exclusions.
610 */
611 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
612 return (UU_WALK_NEXT);
613
614 /*
615 * Call pre-visit callback. If this doesn't terminate the walk,
616 * continue search.
617 */
618 if ((gip->gi_ret = gip->gi_pre(v, gip->gi_arg)) == UU_WALK_NEXT) {
619 /*
620 * Recurse using appropriate list.
621 */
622 if (gip->gi_dir == WALK_DEPENDENTS)
623 list = v->gv_dependents;
624 else
625 list = v->gv_dependencies;
626
627 r = uu_list_walk(list, (uu_walk_fn_t *)graph_walk_recurse,
628 gip, 0);
629 assert(r == 0);
630 }
631
632 /*
633 * Callbacks must return either UU_WALK_NEXT or UU_WALK_DONE.
634 */
635 assert(gip->gi_ret == UU_WALK_NEXT || gip->gi_ret == UU_WALK_DONE);
636
637 /*
638 * If given a post-callback, call the function for every vertex.
639 */
640 if (gip->gi_post != NULL)
641 (void) gip->gi_post(v, gip->gi_arg);
642
643 /*
644 * Preserve the callback's return value. If the callback returns
645 * UU_WALK_DONE, then we propagate that to the caller in order to
646 * terminate the walk.
647 */
648 return (gip->gi_ret);
649 }
650
651 static void
652 graph_walk(graph_vertex_t *v, graph_walk_dir_t dir,
653 int (*pre)(graph_vertex_t *, void *),
654 void (*post)(graph_vertex_t *, void *), void *arg)
655 {
656 graph_walk_info_t gi;
657 graph_edge_t fake;
658 size_t sz = dictionary->dict_new_id / 8 + 1;
659
660 gi.gi_visited = startd_zalloc(sz);
661 gi.gi_pre = pre;
662 gi.gi_post = post;
663 gi.gi_arg = arg;
664 gi.gi_dir = dir;
665 gi.gi_ret = 0;
666
667 /*
668 * Fake up an edge for the first iteration
669 */
670 fake.ge_vertex = v;
671 (void) graph_walk_recurse(&fake, &gi);
672
673 startd_free(gi.gi_visited, sz);
674 }
675
676 typedef struct child_search {
677 int id; /* id of vertex to look for */
678 uint_t depth; /* recursion depth */
679 /*
680 * While the vertex is not found, path is NULL. After the search, if
681 * the vertex was found then path should point to a -1-terminated
682 * array of vertex id's which constitute the path to the vertex.
683 */
684 int *path;
685 } child_search_t;
686
687 static int
688 child_pre(graph_vertex_t *v, void *arg)
689 {
690 child_search_t *cs = arg;
691
692 cs->depth++;
693
694 if (v->gv_id == cs->id) {
695 cs->path = startd_alloc((cs->depth + 1) * sizeof (int));
696 cs->path[cs->depth] = -1;
697 return (UU_WALK_DONE);
698 }
699
700 return (UU_WALK_NEXT);
701 }
702
703 static void
704 child_post(graph_vertex_t *v, void *arg)
705 {
706 child_search_t *cs = arg;
707
708 cs->depth--;
709
710 if (cs->path != NULL)
711 cs->path[cs->depth] = v->gv_id;
712 }
713
714 /*
715 * Look for a path from from to to. If one exists, returns a pointer to
716 * a NULL-terminated array of pointers to the vertices along the path. If
717 * there is no path, returns NULL.
718 */
719 static int *
720 is_path_to(graph_vertex_t *from, graph_vertex_t *to)
721 {
722 child_search_t cs;
723
724 cs.id = to->gv_id;
725 cs.depth = 0;
726 cs.path = NULL;
727
728 graph_walk(from, WALK_DEPENDENCIES, child_pre, child_post, &cs);
729
730 return (cs.path);
731 }
732
733 /*
734 * Given an array of int's as returned by is_path_to, allocates a string of
735 * their names joined by newlines. Returns the size of the allocated buffer
736 * in *sz and frees path.
737 */
738 static void
739 path_to_str(int *path, char **cpp, size_t *sz)
740 {
741 int i;
742 graph_vertex_t *v;
743 size_t allocd, new_allocd;
744 char *new, *name;
745
746 assert(MUTEX_HELD(&dgraph_lock));
747 assert(path[0] != -1);
748
749 allocd = 1;
750 *cpp = startd_alloc(1);
751 (*cpp)[0] = '\0';
752
753 for (i = 0; path[i] != -1; ++i) {
754 name = NULL;
755
756 v = vertex_get_by_id(path[i]);
757
758 if (v == NULL)
759 name = "<deleted>";
760 else if (v->gv_type == GVT_INST || v->gv_type == GVT_SVC)
761 name = v->gv_name;
762
763 if (name != NULL) {
764 new_allocd = allocd + strlen(name) + 1;
765 new = startd_alloc(new_allocd);
766 (void) strcpy(new, *cpp);
767 (void) strcat(new, name);
768 (void) strcat(new, "\n");
769
770 startd_free(*cpp, allocd);
771
772 *cpp = new;
773 allocd = new_allocd;
774 }
775 }
776
777 startd_free(path, sizeof (int) * (i + 1));
778
779 *sz = allocd;
780 }
781
782
783 /*
784 * This function along with run_sulogin() implements an exclusion relationship
785 * between system/console-login and sulogin. run_sulogin() will fail if
786 * system/console-login is online, and the graph engine should call
787 * graph_clogin_start() to bring system/console-login online, which defers the
788 * start if sulogin is running.
789 */
790 static void
791 graph_clogin_start(graph_vertex_t *v)
792 {
793 assert(MUTEX_HELD(&dgraph_lock));
794
795 if (sulogin_running)
796 console_login_ready = B_TRUE;
797 else
798 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
799 }
800
801 static void
802 graph_su_start(graph_vertex_t *v)
803 {
804 /*
805 * /etc/inittab used to have the initial /sbin/rcS as a 'sysinit'
806 * entry with a runlevel of 'S', before jumping to the final
807 * target runlevel (as set in initdefault). We mimic that legacy
808 * behavior here.
809 */
810 utmpx_set_runlevel('S', '0', B_FALSE);
811 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
812 }
813
814 static void
815 graph_post_su_online(void)
816 {
817 graph_runlevel_changed('S', 1);
818 }
819
820 static void
821 graph_post_su_disable(void)
822 {
823 graph_runlevel_changed('S', 0);
824 }
825
826 static void
827 graph_post_mu_online(void)
828 {
829 graph_runlevel_changed('2', 1);
830 }
831
832 static void
833 graph_post_mu_disable(void)
834 {
835 graph_runlevel_changed('2', 0);
836 }
837
838 static void
839 graph_post_mus_online(void)
840 {
841 graph_runlevel_changed('3', 1);
842 }
843
844 static void
845 graph_post_mus_disable(void)
846 {
847 graph_runlevel_changed('3', 0);
848 }
849
850 static struct special_vertex_info {
851 const char *name;
852 void (*start_f)(graph_vertex_t *);
853 void (*post_online_f)(void);
854 void (*post_disable_f)(void);
855 } special_vertices[] = {
856 { CONSOLE_LOGIN_FMRI, graph_clogin_start, NULL, NULL },
857 { SCF_MILESTONE_SINGLE_USER, graph_su_start,
858 graph_post_su_online, graph_post_su_disable },
859 { SCF_MILESTONE_MULTI_USER, NULL,
860 graph_post_mu_online, graph_post_mu_disable },
861 { SCF_MILESTONE_MULTI_USER_SERVER, NULL,
862 graph_post_mus_online, graph_post_mus_disable },
863 { NULL },
864 };
865
866
867 void
868 vertex_send_event(graph_vertex_t *v, restarter_event_type_t e)
869 {
870 switch (e) {
871 case RESTARTER_EVENT_TYPE_ADD_INSTANCE:
872 assert(v->gv_state == RESTARTER_STATE_UNINIT);
873
874 MUTEX_LOCK(&st->st_load_lock);
875 st->st_load_instances++;
876 MUTEX_UNLOCK(&st->st_load_lock);
877 break;
878
879 case RESTARTER_EVENT_TYPE_ENABLE:
880 log_framework(LOG_DEBUG, "Enabling %s.\n", v->gv_name);
881 assert(v->gv_state == RESTARTER_STATE_UNINIT ||
882 v->gv_state == RESTARTER_STATE_DISABLED ||
883 v->gv_state == RESTARTER_STATE_MAINT);
884 break;
885
886 case RESTARTER_EVENT_TYPE_DISABLE:
887 case RESTARTER_EVENT_TYPE_ADMIN_DISABLE:
888 log_framework(LOG_DEBUG, "Disabling %s.\n", v->gv_name);
889 assert(v->gv_state != RESTARTER_STATE_DISABLED);
890 break;
891
892 case RESTARTER_EVENT_TYPE_STOP_RESET:
893 case RESTARTER_EVENT_TYPE_STOP:
894 log_framework(LOG_DEBUG, "Stopping %s.\n", v->gv_name);
895 assert(v->gv_state == RESTARTER_STATE_DEGRADED ||
896 v->gv_state == RESTARTER_STATE_ONLINE);
897 break;
898
899 case RESTARTER_EVENT_TYPE_START:
900 log_framework(LOG_DEBUG, "Starting %s.\n", v->gv_name);
901 assert(v->gv_state == RESTARTER_STATE_OFFLINE);
902 break;
903
904 case RESTARTER_EVENT_TYPE_REMOVE_INSTANCE:
905 case RESTARTER_EVENT_TYPE_ADMIN_DEGRADED:
906 case RESTARTER_EVENT_TYPE_ADMIN_REFRESH:
907 case RESTARTER_EVENT_TYPE_ADMIN_RESTART:
908 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF:
909 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON:
910 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE:
911 case RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE:
912 case RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY:
913 break;
914
915 default:
916 #ifndef NDEBUG
917 uu_warn("%s:%d: Bad event %d.\n", __FILE__, __LINE__, e);
918 #endif
919 abort();
920 }
921
922 restarter_protocol_send_event(v->gv_name, v->gv_restarter_channel, e,
923 v->gv_reason);
924 }
925
926 static void
927 graph_unset_restarter(graph_vertex_t *v)
928 {
929 assert(MUTEX_HELD(&dgraph_lock));
930 assert(v->gv_flags & GV_CONFIGURED);
931
932 vertex_send_event(v, RESTARTER_EVENT_TYPE_REMOVE_INSTANCE);
933
934 if (v->gv_restarter_id != -1) {
935 graph_vertex_t *rv;
936
937 rv = vertex_get_by_id(v->gv_restarter_id);
938 graph_remove_edge(v, rv);
939 }
940
941 v->gv_restarter_id = -1;
942 v->gv_restarter_channel = NULL;
943 }
944
945 /*
946 * Return VERTEX_REMOVED when the vertex passed in argument is deleted from the
947 * dgraph otherwise return VERTEX_INUSE.
948 */
949 static int
950 free_if_unrefed(graph_vertex_t *v)
951 {
952 assert(MUTEX_HELD(&dgraph_lock));
953
954 if (v->gv_refs > 0)
955 return (VERTEX_INUSE);
956
957 if (v->gv_type == GVT_SVC &&
958 uu_list_numnodes(v->gv_dependents) == 0 &&
959 uu_list_numnodes(v->gv_dependencies) == 0) {
960 graph_remove_vertex(v);
961 return (VERTEX_REMOVED);
962 } else if (v->gv_type == GVT_INST &&
963 (v->gv_flags & GV_CONFIGURED) == 0 &&
964 uu_list_numnodes(v->gv_dependents) == 1 &&
965 uu_list_numnodes(v->gv_dependencies) == 0) {
966 remove_inst_vertex(v);
967 return (VERTEX_REMOVED);
968 }
969
970 return (VERTEX_INUSE);
971 }
972
973 static void
974 delete_depgroup(graph_vertex_t *v)
975 {
976 graph_edge_t *e;
977 graph_vertex_t *dv;
978
979 assert(MUTEX_HELD(&dgraph_lock));
980 assert(v->gv_type == GVT_GROUP);
981 assert(uu_list_numnodes(v->gv_dependents) == 0);
982
983 while ((e = uu_list_first(v->gv_dependencies)) != NULL) {
984 dv = e->ge_vertex;
985
986 graph_remove_edge(v, dv);
987
988 switch (dv->gv_type) {
989 case GVT_INST: /* instance dependency */
990 case GVT_SVC: /* service dependency */
991 (void) free_if_unrefed(dv);
992 break;
993
994 case GVT_FILE: /* file dependency */
995 assert(uu_list_numnodes(dv->gv_dependencies) == 0);
996 if (uu_list_numnodes(dv->gv_dependents) == 0)
997 graph_remove_vertex(dv);
998 break;
999
1000 default:
1001 #ifndef NDEBUG
1002 uu_warn("%s:%d: Unexpected node type %d", __FILE__,
1003 __LINE__, dv->gv_type);
1004 #endif
1005 abort();
1006 }
1007 }
1008
1009 graph_remove_vertex(v);
1010 }
1011
1012 static int
1013 delete_instance_deps_cb(graph_edge_t *e, void **ptrs)
1014 {
1015 graph_vertex_t *v = ptrs[0];
1016 boolean_t delete_restarter_dep = (boolean_t)ptrs[1];
1017 graph_vertex_t *dv;
1018
1019 dv = e->ge_vertex;
1020
1021 /*
1022 * We have four possibilities here:
1023 * - GVT_INST: restarter
1024 * - GVT_GROUP - GVT_INST: instance dependency
1025 * - GVT_GROUP - GVT_SVC - GV_INST: service dependency
1026 * - GVT_GROUP - GVT_FILE: file dependency
1027 */
1028 switch (dv->gv_type) {
1029 case GVT_INST: /* restarter */
1030 assert(dv->gv_id == v->gv_restarter_id);
1031 if (delete_restarter_dep)
1032 graph_remove_edge(v, dv);
1033 break;
1034
1035 case GVT_GROUP: /* pg dependency */
1036 graph_remove_edge(v, dv);
1037 delete_depgroup(dv);
1038 break;
1039
1040 case GVT_FILE:
1041 /* These are currently not direct dependencies */
1042
1043 default:
1044 #ifndef NDEBUG
1045 uu_warn("%s:%d: Bad vertex type %d.\n", __FILE__, __LINE__,
1046 dv->gv_type);
1047 #endif
1048 abort();
1049 }
1050
1051 return (UU_WALK_NEXT);
1052 }
1053
1054 static void
1055 delete_instance_dependencies(graph_vertex_t *v, boolean_t delete_restarter_dep)
1056 {
1057 void *ptrs[2];
1058 int r;
1059
1060 assert(MUTEX_HELD(&dgraph_lock));
1061 assert(v->gv_type == GVT_INST);
1062
1063 ptrs[0] = v;
1064 ptrs[1] = (void *)delete_restarter_dep;
1065
1066 r = uu_list_walk(v->gv_dependencies,
1067 (uu_walk_fn_t *)delete_instance_deps_cb, &ptrs, UU_WALK_ROBUST);
1068 assert(r == 0);
1069 }
1070
1071 /*
1072 * int graph_insert_vertex_unconfigured()
1073 * Insert a vertex without sending any restarter events. If the vertex
1074 * already exists or creation is successful, return a pointer to it in *vp.
1075 *
1076 * If type is not GVT_GROUP, dt can remain unset.
1077 *
1078 * Returns 0, EEXIST, or EINVAL if the arguments are invalid (i.e., fmri
1079 * doesn't agree with type, or type doesn't agree with dt).
1080 */
1081 static int
1082 graph_insert_vertex_unconfigured(const char *fmri, gv_type_t type,
1083 depgroup_type_t dt, restarter_error_t rt, graph_vertex_t **vp)
1084 {
1085 int r;
1086 int i;
1087
1088 assert(MUTEX_HELD(&dgraph_lock));
1089
1090 switch (type) {
1091 case GVT_SVC:
1092 case GVT_INST:
1093 if (strncmp(fmri, "svc:", sizeof ("svc:") - 1) != 0)
1094 return (EINVAL);
1095 break;
1096
1097 case GVT_FILE:
1098 if (strncmp(fmri, "file:", sizeof ("file:") - 1) != 0)
1099 return (EINVAL);
1100 break;
1101
1102 case GVT_GROUP:
1103 if (dt <= 0 || rt < 0)
1104 return (EINVAL);
1105 break;
1106
1107 default:
1108 #ifndef NDEBUG
1109 uu_warn("%s:%d: Unknown type %d.\n", __FILE__, __LINE__, type);
1110 #endif
1111 abort();
1112 }
1113
1114 *vp = vertex_get_by_name(fmri);
1115 if (*vp != NULL)
1116 return (EEXIST);
1117
1118 *vp = graph_add_vertex(fmri);
1119
1120 (*vp)->gv_type = type;
1121 (*vp)->gv_depgroup = dt;
1122 (*vp)->gv_restart = rt;
1123
1124 (*vp)->gv_flags = 0;
1125 (*vp)->gv_state = RESTARTER_STATE_NONE;
1126
1127 for (i = 0; special_vertices[i].name != NULL; ++i) {
1128 if (strcmp(fmri, special_vertices[i].name) == 0) {
1129 (*vp)->gv_start_f = special_vertices[i].start_f;
1130 (*vp)->gv_post_online_f =
1131 special_vertices[i].post_online_f;
1132 (*vp)->gv_post_disable_f =
1133 special_vertices[i].post_disable_f;
1134 break;
1135 }
1136 }
1137
1138 (*vp)->gv_restarter_id = -1;
1139 (*vp)->gv_restarter_channel = 0;
1140
1141 if (type == GVT_INST) {
1142 char *sfmri;
1143 graph_vertex_t *sv;
1144
1145 sfmri = inst_fmri_to_svc_fmri(fmri);
1146 sv = vertex_get_by_name(sfmri);
1147 if (sv == NULL) {
1148 r = graph_insert_vertex_unconfigured(sfmri, GVT_SVC, 0,
1149 0, &sv);
1150 assert(r == 0);
1151 }
1152 startd_free(sfmri, max_scf_fmri_size);
1153
1154 graph_add_edge(sv, *vp);
1155 }
1156
1157 /*
1158 * If this vertex is in the subgraph, mark it as so, for both
1159 * GVT_INST and GVT_SERVICE verteces.
1160 * A GVT_SERVICE vertex can only be in the subgraph if another instance
1161 * depends on it, in which case it's already been added to the graph
1162 * and marked as in the subgraph (by refresh_vertex()). If a
1163 * GVT_SERVICE vertex was freshly added (by the code above), it means
1164 * that it has no dependents, and cannot be in the subgraph.
1165 * Regardless of this, we still check that gv_flags includes
1166 * GV_INSUBGRAPH in the event that future behavior causes the above
1167 * code to add a GVT_SERVICE vertex which should be in the subgraph.
1168 */
1169
1170 (*vp)->gv_flags |= (should_be_in_subgraph(*vp)? GV_INSUBGRAPH : 0);
1171
1172 return (0);
1173 }
1174
1175 /*
1176 * Returns 0 on success or ELOOP if the dependency would create a cycle.
1177 */
1178 static int
1179 graph_insert_dependency(graph_vertex_t *fv, graph_vertex_t *tv, int **pathp)
1180 {
1181 hrtime_t now;
1182
1183 assert(MUTEX_HELD(&dgraph_lock));
1184
1185 /* cycle detection */
1186 now = gethrtime();
1187
1188 /* Don't follow exclusions. */
1189 if (!(fv->gv_type == GVT_GROUP &&
1190 fv->gv_depgroup == DEPGRP_EXCLUDE_ALL)) {
1191 *pathp = is_path_to(tv, fv);
1192 if (*pathp)
1193 return (ELOOP);
1194 }
1195
1196 dep_cycle_ns += gethrtime() - now;
1197 ++dep_inserts;
1198 now = gethrtime();
1199
1200 graph_add_edge(fv, tv);
1201
1202 dep_insert_ns += gethrtime() - now;
1203
1204 /* Check if the dependency adds the "to" vertex to the subgraph */
1205 tv->gv_flags |= (should_be_in_subgraph(tv) ? GV_INSUBGRAPH : 0);
1206
1207 return (0);
1208 }
1209
1210 static int
1211 inst_running(graph_vertex_t *v)
1212 {
1213 assert(v->gv_type == GVT_INST);
1214
1215 if (v->gv_state == RESTARTER_STATE_ONLINE ||
1216 v->gv_state == RESTARTER_STATE_DEGRADED)
1217 return (1);
1218
1219 return (0);
1220 }
1221
1222 /*
1223 * The dependency evaluation functions return
1224 * 1 - dependency satisfied
1225 * 0 - dependency unsatisfied
1226 * -1 - dependency unsatisfiable (without administrator intervention)
1227 *
1228 * The functions also take a boolean satbility argument. When true, the
1229 * functions may recurse in order to determine satisfiability.
1230 */
1231 static int require_any_satisfied(graph_vertex_t *, boolean_t);
1232 static int dependency_satisfied(graph_vertex_t *, boolean_t);
1233
1234 /*
1235 * A require_all dependency is unsatisfied if any elements are unsatisfied. It
1236 * is unsatisfiable if any elements are unsatisfiable.
1237 */
1238 static int
1239 require_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1240 {
1241 graph_edge_t *edge;
1242 int i;
1243 boolean_t any_unsatisfied;
1244
1245 if (uu_list_numnodes(groupv->gv_dependencies) == 0)
1246 return (1);
1247
1248 any_unsatisfied = B_FALSE;
1249
1250 for (edge = uu_list_first(groupv->gv_dependencies);
1251 edge != NULL;
1252 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1253 i = dependency_satisfied(edge->ge_vertex, satbility);
1254 if (i == 1)
1255 continue;
1256
1257 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1258 "require_all(%s): %s is unsatisfi%s.\n", groupv->gv_name,
1259 edge->ge_vertex->gv_name, i == 0 ? "ed" : "able");
1260
1261 if (!satbility)
1262 return (0);
1263
1264 if (i == -1)
1265 return (-1);
1266
1267 any_unsatisfied = B_TRUE;
1268 }
1269
1270 return (any_unsatisfied ? 0 : 1);
1271 }
1272
1273 /*
1274 * A require_any dependency is satisfied if any element is satisfied. It is
1275 * satisfiable if any element is satisfiable.
1276 */
1277 static int
1278 require_any_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1279 {
1280 graph_edge_t *edge;
1281 int s;
1282 boolean_t satisfiable;
1283
1284 if (uu_list_numnodes(groupv->gv_dependencies) == 0)
1285 return (1);
1286
1287 satisfiable = B_FALSE;
1288
1289 for (edge = uu_list_first(groupv->gv_dependencies);
1290 edge != NULL;
1291 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1292 s = dependency_satisfied(edge->ge_vertex, satbility);
1293
1294 if (s == 1)
1295 return (1);
1296
1297 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1298 "require_any(%s): %s is unsatisfi%s.\n",
1299 groupv->gv_name, edge->ge_vertex->gv_name,
1300 s == 0 ? "ed" : "able");
1301
1302 if (satbility && s == 0)
1303 satisfiable = B_TRUE;
1304 }
1305
1306 return ((!satbility || satisfiable) ? 0 : -1);
1307 }
1308
1309 /*
1310 * An optional_all dependency only considers elements which are configured,
1311 * enabled, and not in maintenance. If any are unsatisfied, then the dependency
1312 * is unsatisfied.
1313 *
1314 * Offline dependencies which are waiting for a dependency to come online are
1315 * unsatisfied. Offline dependences which cannot possibly come online
1316 * (unsatisfiable) are always considered satisfied.
1317 */
1318 static int
1319 optional_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1320 {
1321 graph_edge_t *edge;
1322 graph_vertex_t *v;
1323 boolean_t any_qualified;
1324 boolean_t any_unsatisfied;
1325 int i;
1326
1327 any_qualified = B_FALSE;
1328 any_unsatisfied = B_FALSE;
1329
1330 for (edge = uu_list_first(groupv->gv_dependencies);
1331 edge != NULL;
1332 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1333 v = edge->ge_vertex;
1334
1335 switch (v->gv_type) {
1336 case GVT_INST:
1337 /* Skip missing instances */
1338 if ((v->gv_flags & GV_CONFIGURED) == 0)
1339 continue;
1340
1341 if (v->gv_state == RESTARTER_STATE_MAINT)
1342 continue;
1343
1344 any_qualified = B_TRUE;
1345 if (v->gv_state == RESTARTER_STATE_OFFLINE ||
1346 v->gv_state == RESTARTER_STATE_DISABLED) {
1347 /*
1348 * For offline/disabled dependencies,
1349 * treat unsatisfiable as satisfied.
1350 */
1351 i = dependency_satisfied(v, B_TRUE);
1352 if (i == -1)
1353 i = 1;
1354 } else {
1355 i = dependency_satisfied(v, satbility);
1356 }
1357 break;
1358
1359 case GVT_FILE:
1360 any_qualified = B_TRUE;
1361 i = dependency_satisfied(v, satbility);
1362
1363 break;
1364
1365 case GVT_SVC: {
1366 any_qualified = B_TRUE;
1367 i = optional_all_satisfied(v, satbility);
1368
1369 break;
1370 }
1371
1372 case GVT_GROUP:
1373 default:
1374 #ifndef NDEBUG
1375 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
1376 __LINE__, v->gv_type);
1377 #endif
1378 abort();
1379 }
1380
1381 if (i == 1)
1382 continue;
1383
1384 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1385 "optional_all(%s): %s is unsatisfi%s.\n", groupv->gv_name,
1386 v->gv_name, i == 0 ? "ed" : "able");
1387
1388 if (!satbility)
1389 return (0);
1390 if (i == -1)
1391 return (-1);
1392 any_unsatisfied = B_TRUE;
1393 }
1394
1395 if (!any_qualified)
1396 return (1);
1397
1398 return (any_unsatisfied ? 0 : 1);
1399 }
1400
1401 /*
1402 * An exclude_all dependency is unsatisfied if any non-service element is
1403 * satisfied or any service instance which is configured, enabled, and not in
1404 * maintenance is satisfied. Usually when unsatisfied, it is also
1405 * unsatisfiable.
1406 */
1407 #define LOG_EXCLUDE(u, v) \
1408 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, \
1409 "exclude_all(%s): %s is satisfied.\n", \
1410 (u)->gv_name, (v)->gv_name)
1411
1412 /* ARGSUSED */
1413 static int
1414 exclude_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1415 {
1416 graph_edge_t *edge, *e2;
1417 graph_vertex_t *v, *v2;
1418
1419 for (edge = uu_list_first(groupv->gv_dependencies);
1420 edge != NULL;
1421 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1422 v = edge->ge_vertex;
1423
1424 switch (v->gv_type) {
1425 case GVT_INST:
1426 if ((v->gv_flags & GV_CONFIGURED) == 0)
1427 continue;
1428
1429 switch (v->gv_state) {
1430 case RESTARTER_STATE_ONLINE:
1431 case RESTARTER_STATE_DEGRADED:
1432 LOG_EXCLUDE(groupv, v);
1433 return (v->gv_flags & GV_ENABLED ? -1 : 0);
1434
1435 case RESTARTER_STATE_OFFLINE:
1436 case RESTARTER_STATE_UNINIT:
1437 LOG_EXCLUDE(groupv, v);
1438 return (0);
1439
1440 case RESTARTER_STATE_DISABLED:
1441 case RESTARTER_STATE_MAINT:
1442 continue;
1443
1444 default:
1445 #ifndef NDEBUG
1446 uu_warn("%s:%d: Unexpected vertex state %d.\n",
1447 __FILE__, __LINE__, v->gv_state);
1448 #endif
1449 abort();
1450 }
1451 /* NOTREACHED */
1452
1453 case GVT_SVC:
1454 break;
1455
1456 case GVT_FILE:
1457 if (!file_ready(v))
1458 continue;
1459 LOG_EXCLUDE(groupv, v);
1460 return (-1);
1461
1462 case GVT_GROUP:
1463 default:
1464 #ifndef NDEBUG
1465 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
1466 __LINE__, v->gv_type);
1467 #endif
1468 abort();
1469 }
1470
1471 /* v represents a service */
1472 if (uu_list_numnodes(v->gv_dependencies) == 0)
1473 continue;
1474
1475 for (e2 = uu_list_first(v->gv_dependencies);
1476 e2 != NULL;
1477 e2 = uu_list_next(v->gv_dependencies, e2)) {
1478 v2 = e2->ge_vertex;
1479 assert(v2->gv_type == GVT_INST);
1480
1481 if ((v2->gv_flags & GV_CONFIGURED) == 0)
1482 continue;
1483
1484 switch (v2->gv_state) {
1485 case RESTARTER_STATE_ONLINE:
1486 case RESTARTER_STATE_DEGRADED:
1487 LOG_EXCLUDE(groupv, v2);
1488 return (v2->gv_flags & GV_ENABLED ? -1 : 0);
1489
1490 case RESTARTER_STATE_OFFLINE:
1491 case RESTARTER_STATE_UNINIT:
1492 LOG_EXCLUDE(groupv, v2);
1493 return (0);
1494
1495 case RESTARTER_STATE_DISABLED:
1496 case RESTARTER_STATE_MAINT:
1497 continue;
1498
1499 default:
1500 #ifndef NDEBUG
1501 uu_warn("%s:%d: Unexpected vertex type %d.\n",
1502 __FILE__, __LINE__, v2->gv_type);
1503 #endif
1504 abort();
1505 }
1506 }
1507 }
1508
1509 return (1);
1510 }
1511
1512 /*
1513 * int instance_satisfied()
1514 * Determine if all the dependencies are satisfied for the supplied instance
1515 * vertex. Return 1 if they are, 0 if they aren't, and -1 if they won't be
1516 * without administrator intervention.
1517 */
1518 static int
1519 instance_satisfied(graph_vertex_t *v, boolean_t satbility)
1520 {
1521 assert(v->gv_type == GVT_INST);
1522 assert(!inst_running(v));
1523
1524 return (require_all_satisfied(v, satbility));
1525 }
1526
1527 /*
1528 * Decide whether v can satisfy a dependency. v can either be a child of
1529 * a group vertex, or of an instance vertex.
1530 */
1531 static int
1532 dependency_satisfied(graph_vertex_t *v, boolean_t satbility)
1533 {
1534 switch (v->gv_type) {
1535 case GVT_INST:
1536 if ((v->gv_flags & GV_CONFIGURED) == 0) {
1537 if (v->gv_flags & GV_DEATHROW) {
1538 /*
1539 * A dependency on an instance with GV_DEATHROW
1540 * flag is always considered as satisfied.
1541 */
1542 return (1);
1543 }
1544 return (-1);
1545 }
1546
1547 /*
1548 * Vertices may be transitioning so we try to figure out if
1549 * the end state is likely to satisfy the dependency instead
1550 * of assuming the dependency is unsatisfied/unsatisfiable.
1551 *
1552 * Support for optional_all dependencies depends on us getting
1553 * this right because unsatisfiable dependencies are treated
1554 * as being satisfied.
1555 */
1556 switch (v->gv_state) {
1557 case RESTARTER_STATE_ONLINE:
1558 case RESTARTER_STATE_DEGRADED:
1559 if (v->gv_flags & GV_TODISABLE)
1560 return (-1);
1561 if (v->gv_flags & GV_TOOFFLINE)
1562 return (0);
1563 return (1);
1564
1565 case RESTARTER_STATE_OFFLINE:
1566 if (!satbility || v->gv_flags & GV_TODISABLE)
1567 return (satbility ? -1 : 0);
1568 return (instance_satisfied(v, satbility) != -1 ?
1569 0 : -1);
1570
1571 case RESTARTER_STATE_DISABLED:
1572 if (!satbility || !(v->gv_flags & GV_ENABLED))
1573 return (satbility ? -1 : 0);
1574 return (instance_satisfied(v, satbility) != -1 ?
1575 0 : -1);
1576
1577 case RESTARTER_STATE_MAINT:
1578 return (-1);
1579
1580 case RESTARTER_STATE_UNINIT:
1581 return (0);
1582
1583 default:
1584 #ifndef NDEBUG
1585 uu_warn("%s:%d: Unexpected vertex state %d.\n",
1586 __FILE__, __LINE__, v->gv_state);
1587 #endif
1588 abort();
1589 /* NOTREACHED */
1590 }
1591
1592 case GVT_SVC:
1593 if (uu_list_numnodes(v->gv_dependencies) == 0)
1594 return (-1);
1595 return (require_any_satisfied(v, satbility));
1596
1597 case GVT_FILE:
1598 /* i.e., we assume files will not be automatically generated */
1599 return (file_ready(v) ? 1 : -1);
1600
1601 case GVT_GROUP:
1602 break;
1603
1604 default:
1605 #ifndef NDEBUG
1606 uu_warn("%s:%d: Unexpected node type %d.\n", __FILE__, __LINE__,
1607 v->gv_type);
1608 #endif
1609 abort();
1610 /* NOTREACHED */
1611 }
1612
1613 switch (v->gv_depgroup) {
1614 case DEPGRP_REQUIRE_ANY:
1615 return (require_any_satisfied(v, satbility));
1616
1617 case DEPGRP_REQUIRE_ALL:
1618 return (require_all_satisfied(v, satbility));
1619
1620 case DEPGRP_OPTIONAL_ALL:
1621 return (optional_all_satisfied(v, satbility));
1622
1623 case DEPGRP_EXCLUDE_ALL:
1624 return (exclude_all_satisfied(v, satbility));
1625
1626 default:
1627 #ifndef NDEBUG
1628 uu_warn("%s:%d: Unknown dependency grouping %d.\n", __FILE__,
1629 __LINE__, v->gv_depgroup);
1630 #endif
1631 abort();
1632 }
1633 }
1634
1635 void
1636 graph_start_if_satisfied(graph_vertex_t *v)
1637 {
1638 if (v->gv_state == RESTARTER_STATE_OFFLINE &&
1639 instance_satisfied(v, B_FALSE) == 1) {
1640 if (v->gv_start_f == NULL)
1641 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
1642 else
1643 v->gv_start_f(v);
1644 }
1645 }
1646
1647 /*
1648 * propagate_satbility()
1649 *
1650 * This function is used when the given vertex changes state in such a way that
1651 * one of its dependents may become unsatisfiable. This happens when an
1652 * instance transitions between offline -> online, or from !running ->
1653 * maintenance, as well as when an instance is removed from the graph.
1654 *
1655 * We have to walk all the dependents, since optional_all dependencies several
1656 * levels up could become (un)satisfied, instead of unsatisfiable. For example,
1657 *
1658 * +-----+ optional_all +-----+ require_all +-----+
1659 * | A |--------------->| B |-------------->| C |
1660 * +-----+ +-----+ +-----+
1661 *
1662 * offline -> maintenance
1663 *
1664 * If C goes into maintenance, it's not enough simply to check B. Because A has
1665 * an optional dependency, what was previously an unsatisfiable situation is now
1666 * satisfied (B will never come online, even though its state hasn't changed).
1667 *
1668 * Note that it's not necessary to continue examining dependents after reaching
1669 * an optional_all dependency. It's not possible for an optional_all dependency
1670 * to change satisfiability without also coming online, in which case we get a
1671 * start event and propagation continues naturally. However, it does no harm to
1672 * continue propagating satisfiability (as it is a relatively rare event), and
1673 * keeps the walker code simple and generic.
1674 */
1675 /*ARGSUSED*/
1676 static int
1677 satbility_cb(graph_vertex_t *v, void *arg)
1678 {
1679 if (is_inst_bypassed(v))
1680 return (UU_WALK_NEXT);
1681
1682 if (v->gv_type == GVT_INST)
1683 graph_start_if_satisfied(v);
1684
1685 return (UU_WALK_NEXT);
1686 }
1687
1688 static void
1689 propagate_satbility(graph_vertex_t *v)
1690 {
1691 graph_walk(v, WALK_DEPENDENTS, satbility_cb, NULL, NULL);
1692 }
1693
1694 static void propagate_stop(graph_vertex_t *, void *);
1695
1696 /*
1697 * propagate_start()
1698 *
1699 * This function is used to propagate a start event to the dependents of the
1700 * given vertex. Any dependents that are offline but have their dependencies
1701 * satisfied are started. Any dependents that are online and have restart_on
1702 * set to "restart" or "refresh" are restarted because their dependencies have
1703 * just changed. This only happens with optional_all dependencies.
1704 */
1705 static void
1706 propagate_start(graph_vertex_t *v, void *arg)
1707 {
1708 restarter_error_t err = (restarter_error_t)arg;
1709
1710 if (is_inst_bypassed(v))
1711 return;
1712
1713 switch (v->gv_type) {
1714 case GVT_INST:
1715 /* Restarter */
1716 if (inst_running(v)) {
1717 if (err == RERR_RESTART || err == RERR_REFRESH) {
1718 vertex_send_event(v,
1719 RESTARTER_EVENT_TYPE_STOP_RESET);
1720 }
1721 } else {
1722 graph_start_if_satisfied(v);
1723 }
1724 break;
1725
1726 case GVT_GROUP:
1727 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) {
1728 graph_walk_dependents(v, propagate_stop,
1729 (void *)RERR_RESTART);
1730 break;
1731 }
1732 err = v->gv_restart;
1733 /* FALLTHROUGH */
1734
1735 case GVT_SVC:
1736 graph_walk_dependents(v, propagate_start, (void *)err);
1737 break;
1738
1739 case GVT_FILE:
1740 #ifndef NDEBUG
1741 uu_warn("%s:%d: propagate_start() encountered GVT_FILE.\n",
1742 __FILE__, __LINE__);
1743 #endif
1744 abort();
1745 /* NOTREACHED */
1746
1747 default:
1748 #ifndef NDEBUG
1749 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__,
1750 v->gv_type);
1751 #endif
1752 abort();
1753 }
1754 }
1755
1756 /*
1757 * propagate_stop()
1758 *
1759 * This function is used to propagate a stop event to the dependents of the
1760 * given vertex. Any dependents that are online (or in degraded state) with
1761 * the restart_on property set to "restart" or "refresh" will be stopped as
1762 * their dependencies have just changed, propagate_start() will start them
1763 * again once their dependencies have been re-satisfied.
1764 */
1765 static void
1766 propagate_stop(graph_vertex_t *v, void *arg)
1767 {
1768 restarter_error_t err = (restarter_error_t)arg;
1769
1770 if (is_inst_bypassed(v))
1771 return;
1772
1773 switch (v->gv_type) {
1774 case GVT_INST:
1775 /* Restarter */
1776 if (err > RERR_NONE && inst_running(v)) {
1777 if (err == RERR_RESTART || err == RERR_REFRESH) {
1778 vertex_send_event(v,
1779 RESTARTER_EVENT_TYPE_STOP_RESET);
1780 } else {
1781 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP);
1782 }
1783 }
1784 break;
1785
1786 case GVT_SVC:
1787 graph_walk_dependents(v, propagate_stop, arg);
1788 break;
1789
1790 case GVT_FILE:
1791 #ifndef NDEBUG
1792 uu_warn("%s:%d: propagate_stop() encountered GVT_FILE.\n",
1793 __FILE__, __LINE__);
1794 #endif
1795 abort();
1796 /* NOTREACHED */
1797
1798 case GVT_GROUP:
1799 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) {
1800 graph_walk_dependents(v, propagate_start,
1801 (void *)RERR_NONE);
1802 break;
1803 }
1804
1805 if (err == RERR_NONE || err > v->gv_restart)
1806 break;
1807
1808 graph_walk_dependents(v, propagate_stop, arg);
1809 break;
1810
1811 default:
1812 #ifndef NDEBUG
1813 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__,
1814 v->gv_type);
1815 #endif
1816 abort();
1817 }
1818 }
1819
1820 void
1821 offline_vertex(graph_vertex_t *v)
1822 {
1823 scf_handle_t *h = libscf_handle_create_bound_loop();
1824 scf_instance_t *scf_inst = safe_scf_instance_create(h);
1825 scf_propertygroup_t *pg = safe_scf_pg_create(h);
1826 restarter_instance_state_t state, next_state;
1827 int r;
1828
1829 assert(v->gv_type == GVT_INST);
1830
1831 if (scf_inst == NULL)
1832 bad_error("safe_scf_instance_create", scf_error());
1833 if (pg == NULL)
1834 bad_error("safe_scf_pg_create", scf_error());
1835
1836 /* if the vertex is already going offline, return */
1837 rep_retry:
1838 if (scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, scf_inst, NULL,
1839 NULL, SCF_DECODE_FMRI_EXACT) != 0) {
1840 switch (scf_error()) {
1841 case SCF_ERROR_CONNECTION_BROKEN:
1842 libscf_handle_rebind(h);
1843 goto rep_retry;
1844
1845 case SCF_ERROR_NOT_FOUND:
1846 scf_pg_destroy(pg);
1847 scf_instance_destroy(scf_inst);
1848 (void) scf_handle_unbind(h);
1849 scf_handle_destroy(h);
1850 return;
1851 }
1852 uu_die("Can't decode FMRI %s: %s\n", v->gv_name,
1853 scf_strerror(scf_error()));
1854 }
1855
1856 r = scf_instance_get_pg(scf_inst, SCF_PG_RESTARTER, pg);
1857 if (r != 0) {
1858 switch (scf_error()) {
1859 case SCF_ERROR_CONNECTION_BROKEN:
1860 libscf_handle_rebind(h);
1861 goto rep_retry;
1862
1863 case SCF_ERROR_NOT_SET:
1864 case SCF_ERROR_NOT_FOUND:
1865 scf_pg_destroy(pg);
1866 scf_instance_destroy(scf_inst);
1867 (void) scf_handle_unbind(h);
1868 scf_handle_destroy(h);
1869 return;
1870
1871 default:
1872 bad_error("scf_instance_get_pg", scf_error());
1873 }
1874 } else {
1875 r = libscf_read_states(pg, &state, &next_state);
1876 if (r == 0 && (next_state == RESTARTER_STATE_OFFLINE ||
1877 next_state == RESTARTER_STATE_DISABLED)) {
1878 log_framework(LOG_DEBUG,
1879 "%s: instance is already going down.\n",
1880 v->gv_name);
1881 scf_pg_destroy(pg);
1882 scf_instance_destroy(scf_inst);
1883 (void) scf_handle_unbind(h);
1884 scf_handle_destroy(h);
1885 return;
1886 }
1887 }
1888
1889 scf_pg_destroy(pg);
1890 scf_instance_destroy(scf_inst);
1891 (void) scf_handle_unbind(h);
1892 scf_handle_destroy(h);
1893
1894 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP_RESET);
1895 }
1896
1897 /*
1898 * void graph_enable_by_vertex()
1899 * If admin is non-zero, this is an administrative request for change
1900 * of the enabled property. Thus, send the ADMIN_DISABLE rather than
1901 * a plain DISABLE restarter event.
1902 */
1903 void
1904 graph_enable_by_vertex(graph_vertex_t *vertex, int enable, int admin)
1905 {
1906 graph_vertex_t *v;
1907 int r;
1908
1909 assert(MUTEX_HELD(&dgraph_lock));
1910 assert((vertex->gv_flags & GV_CONFIGURED));
1911
1912 vertex->gv_flags = (vertex->gv_flags & ~GV_ENABLED) |
1913 (enable ? GV_ENABLED : 0);
1914
1915 if (enable) {
1916 if (vertex->gv_state != RESTARTER_STATE_OFFLINE &&
1917 vertex->gv_state != RESTARTER_STATE_DEGRADED &&
1918 vertex->gv_state != RESTARTER_STATE_ONLINE) {
1919 /*
1920 * In case the vertex was notified to go down,
1921 * but now can return online, clear the _TOOFFLINE
1922 * and _TODISABLE flags.
1923 */
1924 vertex->gv_flags &= ~GV_TOOFFLINE;
1925 vertex->gv_flags &= ~GV_TODISABLE;
1926
1927 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ENABLE);
1928 }
1929
1930 /*
1931 * Wait for state update from restarter before sending _START or
1932 * _STOP.
1933 */
1934
1935 return;
1936 }
1937
1938 if (vertex->gv_state == RESTARTER_STATE_DISABLED)
1939 return;
1940
1941 if (!admin) {
1942 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_DISABLE);
1943
1944 /*
1945 * Wait for state update from restarter before sending _START or
1946 * _STOP.
1947 */
1948
1949 return;
1950 }
1951
1952 /*
1953 * If it is a DISABLE event requested by the administrator then we are
1954 * offlining the dependents first.
1955 */
1956
1957 /*
1958 * Set GV_TOOFFLINE for the services we are offlining. We cannot
1959 * clear the GV_TOOFFLINE bits from all the services because
1960 * other DISABLE events might be handled at the same time.
1961 */
1962 vertex->gv_flags |= GV_TOOFFLINE;
1963
1964 /* remember which vertex to disable... */
1965 vertex->gv_flags |= GV_TODISABLE;
1966
1967 log_framework(LOG_DEBUG, "Marking in-subtree vertices before "
1968 "disabling %s.\n", vertex->gv_name);
1969
1970 /* set GV_TOOFFLINE for its dependents */
1971 r = uu_list_walk(vertex->gv_dependents, (uu_walk_fn_t *)mark_subtree,
1972 NULL, 0);
1973 assert(r == 0);
1974
1975 /* disable the instance now if there is nothing else to offline */
1976 if (insubtree_dependents_down(vertex) == B_TRUE) {
1977 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ADMIN_DISABLE);
1978 return;
1979 }
1980
1981 /*
1982 * This loop is similar to the one used for the graph reversal shutdown
1983 * and could be improved in term of performance for the subtree reversal
1984 * disable case.
1985 */
1986 for (v = uu_list_first(dgraph); v != NULL;
1987 v = uu_list_next(dgraph, v)) {
1988 /* skip the vertex we are disabling for now */
1989 if (v == vertex)
1990 continue;
1991
1992 if (v->gv_type != GVT_INST ||
1993 (v->gv_flags & GV_CONFIGURED) == 0 ||
1994 (v->gv_flags & GV_ENABLED) == 0 ||
1995 (v->gv_flags & GV_TOOFFLINE) == 0)
1996 continue;
1997
1998 if ((v->gv_state != RESTARTER_STATE_ONLINE) &&
1999 (v->gv_state != RESTARTER_STATE_DEGRADED)) {
2000 /* continue if there is nothing to offline */
2001 continue;
2002 }
2003
2004 /*
2005 * Instances which are up need to come down before we're
2006 * done, but we can only offline the leaves here. An
2007 * instance is a leaf when all its dependents are down.
2008 */
2009 if (insubtree_dependents_down(v) == B_TRUE) {
2010 log_framework(LOG_DEBUG, "Offlining in-subtree "
2011 "instance %s for %s.\n",
2012 v->gv_name, vertex->gv_name);
2013 offline_vertex(v);
2014 }
2015 }
2016 }
2017
2018 static int configure_vertex(graph_vertex_t *, scf_instance_t *);
2019
2020 /*
2021 * Set the restarter for v to fmri_arg. That is, make sure a vertex for
2022 * fmri_arg exists, make v depend on it, and send _ADD_INSTANCE for v. If
2023 * v is already configured and fmri_arg indicates the current restarter, do
2024 * nothing. If v is configured and fmri_arg is a new restarter, delete v's
2025 * dependency on the restarter, send _REMOVE_INSTANCE for v, and set the new
2026 * restarter. Returns 0 on success, EINVAL if the FMRI is invalid,
2027 * ECONNABORTED if the repository connection is broken, and ELOOP
2028 * if the dependency would create a cycle. In the last case, *pathp will
2029 * point to a -1-terminated array of ids which compose the path from v to
2030 * restarter_fmri.
2031 */
2032 int
2033 graph_change_restarter(graph_vertex_t *v, const char *fmri_arg, scf_handle_t *h,
2034 int **pathp)
2035 {
2036 char *restarter_fmri = NULL;
2037 graph_vertex_t *rv;
2038 int err;
2039 int id;
2040
2041 assert(MUTEX_HELD(&dgraph_lock));
2042
2043 if (fmri_arg[0] != '\0') {
2044 err = fmri_canonify(fmri_arg, &restarter_fmri, B_TRUE);
2045 if (err != 0) {
2046 assert(err == EINVAL);
2047 return (err);
2048 }
2049 }
2050
2051 if (restarter_fmri == NULL ||
2052 strcmp(restarter_fmri, SCF_SERVICE_STARTD) == 0) {
2053 if (v->gv_flags & GV_CONFIGURED) {
2054 if (v->gv_restarter_id == -1) {
2055 if (restarter_fmri != NULL)
2056 startd_free(restarter_fmri,
2057 max_scf_fmri_size);
2058 return (0);
2059 }
2060
2061 graph_unset_restarter(v);
2062 }
2063
2064 /* Master restarter, nothing to do. */
2065 v->gv_restarter_id = -1;
2066 v->gv_restarter_channel = NULL;
2067 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE);
2068 return (0);
2069 }
2070
2071 if (v->gv_flags & GV_CONFIGURED) {
2072 id = dict_lookup_byname(restarter_fmri);
2073 if (id != -1 && v->gv_restarter_id == id) {
2074 startd_free(restarter_fmri, max_scf_fmri_size);
2075 return (0);
2076 }
2077
2078 graph_unset_restarter(v);
2079 }
2080
2081 err = graph_insert_vertex_unconfigured(restarter_fmri, GVT_INST, 0,
2082 RERR_NONE, &rv);
2083 startd_free(restarter_fmri, max_scf_fmri_size);
2084 assert(err == 0 || err == EEXIST);
2085
2086 if (rv->gv_delegate_initialized == 0) {
2087 if ((rv->gv_delegate_channel = restarter_protocol_init_delegate(
2088 rv->gv_name)) == NULL)
2089 return (EINVAL);
2090 rv->gv_delegate_initialized = 1;
2091 }
2092 v->gv_restarter_id = rv->gv_id;
2093 v->gv_restarter_channel = rv->gv_delegate_channel;
2094
2095 err = graph_insert_dependency(v, rv, pathp);
2096 if (err != 0) {
2097 assert(err == ELOOP);
2098 return (ELOOP);
2099 }
2100
2101 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE);
2102
2103 if (!(rv->gv_flags & GV_CONFIGURED)) {
2104 scf_instance_t *inst;
2105
2106 err = libscf_fmri_get_instance(h, rv->gv_name, &inst);
2107 switch (err) {
2108 case 0:
2109 err = configure_vertex(rv, inst);
2110 scf_instance_destroy(inst);
2111 switch (err) {
2112 case 0:
2113 case ECANCELED:
2114 break;
2115
2116 case ECONNABORTED:
2117 return (ECONNABORTED);
2118
2119 default:
2120 bad_error("configure_vertex", err);
2121 }
2122 break;
2123
2124 case ECONNABORTED:
2125 return (ECONNABORTED);
2126
2127 case ENOENT:
2128 break;
2129
2130 case ENOTSUP:
2131 /*
2132 * The fmri doesn't specify an instance - translate
2133 * to EINVAL.
2134 */
2135 return (EINVAL);
2136
2137 case EINVAL:
2138 default:
2139 bad_error("libscf_fmri_get_instance", err);
2140 }
2141 }
2142
2143 return (0);
2144 }
2145
2146
2147 /*
2148 * Add all of the instances of the service named by fmri to the graph.
2149 * Returns
2150 * 0 - success
2151 * ENOENT - service indicated by fmri does not exist
2152 *
2153 * In both cases *reboundp will be B_TRUE if the handle was rebound, or B_FALSE
2154 * otherwise.
2155 */
2156 static int
2157 add_service(const char *fmri, scf_handle_t *h, boolean_t *reboundp)
2158 {
2159 scf_service_t *svc;
2160 scf_instance_t *inst;
2161 scf_iter_t *iter;
2162 char *inst_fmri;
2163 int ret, r;
2164
2165 *reboundp = B_FALSE;
2166
2167 svc = safe_scf_service_create(h);
2168 inst = safe_scf_instance_create(h);
2169 iter = safe_scf_iter_create(h);
2170 inst_fmri = startd_alloc(max_scf_fmri_size);
2171
2172 rebound:
2173 if (scf_handle_decode_fmri(h, fmri, NULL, svc, NULL, NULL, NULL,
2174 SCF_DECODE_FMRI_EXACT) != 0) {
2175 switch (scf_error()) {
2176 case SCF_ERROR_CONNECTION_BROKEN:
2177 default:
2178 libscf_handle_rebind(h);
2179 *reboundp = B_TRUE;
2180 goto rebound;
2181
2182 case SCF_ERROR_NOT_FOUND:
2183 ret = ENOENT;
2184 goto out;
2185
2186 case SCF_ERROR_INVALID_ARGUMENT:
2187 case SCF_ERROR_CONSTRAINT_VIOLATED:
2188 case SCF_ERROR_NOT_BOUND:
2189 case SCF_ERROR_HANDLE_MISMATCH:
2190 bad_error("scf_handle_decode_fmri", scf_error());
2191 }
2192 }
2193
2194 if (scf_iter_service_instances(iter, svc) != 0) {
2195 switch (scf_error()) {
2196 case SCF_ERROR_CONNECTION_BROKEN:
2197 default:
2198 libscf_handle_rebind(h);
2199 *reboundp = B_TRUE;
2200 goto rebound;
2201
2202 case SCF_ERROR_DELETED:
2203 ret = ENOENT;
2204 goto out;
2205
2206 case SCF_ERROR_HANDLE_MISMATCH:
2207 case SCF_ERROR_NOT_BOUND:
2208 case SCF_ERROR_NOT_SET:
2209 bad_error("scf_iter_service_instances", scf_error());
2210 }
2211 }
2212
2213 for (;;) {
2214 r = scf_iter_next_instance(iter, inst);
2215 if (r == 0)
2216 break;
2217 if (r != 1) {
2218 switch (scf_error()) {
2219 case SCF_ERROR_CONNECTION_BROKEN:
2220 default:
2221 libscf_handle_rebind(h);
2222 *reboundp = B_TRUE;
2223 goto rebound;
2224
2225 case SCF_ERROR_DELETED:
2226 ret = ENOENT;
2227 goto out;
2228
2229 case SCF_ERROR_HANDLE_MISMATCH:
2230 case SCF_ERROR_NOT_BOUND:
2231 case SCF_ERROR_NOT_SET:
2232 case SCF_ERROR_INVALID_ARGUMENT:
2233 bad_error("scf_iter_next_instance",
2234 scf_error());
2235 }
2236 }
2237
2238 if (scf_instance_to_fmri(inst, inst_fmri, max_scf_fmri_size) <
2239 0) {
2240 switch (scf_error()) {
2241 case SCF_ERROR_CONNECTION_BROKEN:
2242 libscf_handle_rebind(h);
2243 *reboundp = B_TRUE;
2244 goto rebound;
2245
2246 case SCF_ERROR_DELETED:
2247 continue;
2248
2249 case SCF_ERROR_NOT_BOUND:
2250 case SCF_ERROR_NOT_SET:
2251 bad_error("scf_instance_to_fmri", scf_error());
2252 }
2253 }
2254
2255 r = dgraph_add_instance(inst_fmri, inst, B_FALSE);
2256 switch (r) {
2257 case 0:
2258 case ECANCELED:
2259 break;
2260
2261 case EEXIST:
2262 continue;
2263
2264 case ECONNABORTED:
2265 libscf_handle_rebind(h);
2266 *reboundp = B_TRUE;
2267 goto rebound;
2268
2269 case EINVAL:
2270 default:
2271 bad_error("dgraph_add_instance", r);
2272 }
2273 }
2274
2275 ret = 0;
2276
2277 out:
2278 startd_free(inst_fmri, max_scf_fmri_size);
2279 scf_iter_destroy(iter);
2280 scf_instance_destroy(inst);
2281 scf_service_destroy(svc);
2282 return (ret);
2283 }
2284
2285 struct depfmri_info {
2286 graph_vertex_t *v; /* GVT_GROUP vertex */
2287 gv_type_t type; /* type of dependency */
2288 const char *inst_fmri; /* FMRI of parental GVT_INST vert. */
2289 const char *pg_name; /* Name of dependency pg */
2290 scf_handle_t *h;
2291 int err; /* return error code */
2292 int **pathp; /* return circular dependency path */
2293 };
2294
2295 /*
2296 * Find or create a vertex for fmri and make info->v depend on it.
2297 * Returns
2298 * 0 - success
2299 * nonzero - failure
2300 *
2301 * On failure, sets info->err to
2302 * EINVAL - fmri is invalid
2303 * fmri does not match info->type
2304 * ELOOP - Adding the dependency creates a circular dependency. *info->pathp
2305 * will point to an array of the ids of the members of the cycle.
2306 * ECONNABORTED - repository connection was broken
2307 * ECONNRESET - succeeded, but repository connection was reset
2308 */
2309 static int
2310 process_dependency_fmri(const char *fmri, struct depfmri_info *info)
2311 {
2312 int err;
2313 graph_vertex_t *depgroup_v, *v;
2314 char *fmri_copy, *cfmri;
2315 size_t fmri_copy_sz;
2316 const char *scope, *service, *instance, *pg;
2317 scf_instance_t *inst;
2318 boolean_t rebound;
2319
2320 assert(MUTEX_HELD(&dgraph_lock));
2321
2322 /* Get or create vertex for FMRI */
2323 depgroup_v = info->v;
2324
2325 if (strncmp(fmri, "file:", sizeof ("file:") - 1) == 0) {
2326 if (info->type != GVT_FILE) {
2327 log_framework(LOG_NOTICE,
2328 "FMRI \"%s\" is not allowed for the \"%s\" "
2329 "dependency's type of instance %s.\n", fmri,
2330 info->pg_name, info->inst_fmri);
2331 return (info->err = EINVAL);
2332 }
2333
2334 err = graph_insert_vertex_unconfigured(fmri, info->type, 0,
2335 RERR_NONE, &v);
2336 switch (err) {
2337 case 0:
2338 break;
2339
2340 case EEXIST:
2341 assert(v->gv_type == GVT_FILE);
2342 break;
2343
2344 case EINVAL: /* prevented above */
2345 default:
2346 bad_error("graph_insert_vertex_unconfigured", err);
2347 }
2348 } else {
2349 if (info->type != GVT_INST) {
2350 log_framework(LOG_NOTICE,
2351 "FMRI \"%s\" is not allowed for the \"%s\" "
2352 "dependency's type of instance %s.\n", fmri,
2353 info->pg_name, info->inst_fmri);
2354 return (info->err = EINVAL);
2355 }
2356
2357 /*
2358 * We must canonify fmri & add a vertex for it.
2359 */
2360 fmri_copy_sz = strlen(fmri) + 1;
2361 fmri_copy = startd_alloc(fmri_copy_sz);
2362 (void) strcpy(fmri_copy, fmri);
2363
2364 /* Determine if the FMRI is a property group or instance */
2365 if (scf_parse_svc_fmri(fmri_copy, &scope, &service,
2366 &instance, &pg, NULL) != 0) {
2367 startd_free(fmri_copy, fmri_copy_sz);
2368 log_framework(LOG_NOTICE,
2369 "Dependency \"%s\" of %s has invalid FMRI "
2370 "\"%s\".\n", info->pg_name, info->inst_fmri,
2371 fmri);
2372 return (info->err = EINVAL);
2373 }
2374
2375 if (service == NULL || pg != NULL) {
2376 startd_free(fmri_copy, fmri_copy_sz);
2377 log_framework(LOG_NOTICE,
2378 "Dependency \"%s\" of %s does not designate a "
2379 "service or instance.\n", info->pg_name,
2380 info->inst_fmri);
2381 return (info->err = EINVAL);
2382 }
2383
2384 if (scope == NULL || strcmp(scope, SCF_SCOPE_LOCAL) == 0) {
2385 cfmri = uu_msprintf("svc:/%s%s%s",
2386 service, instance ? ":" : "", instance ? instance :
2387 "");
2388 } else {
2389 cfmri = uu_msprintf("svc://%s/%s%s%s",
2390 scope, service, instance ? ":" : "", instance ?
2391 instance : "");
2392 }
2393
2394 startd_free(fmri_copy, fmri_copy_sz);
2395
2396 err = graph_insert_vertex_unconfigured(cfmri, instance ?
2397 GVT_INST : GVT_SVC, instance ? 0 : DEPGRP_REQUIRE_ANY,
2398 RERR_NONE, &v);
2399 uu_free(cfmri);
2400 switch (err) {
2401 case 0:
2402 break;
2403
2404 case EEXIST:
2405 /* Verify v. */
2406 if (instance != NULL)
2407 assert(v->gv_type == GVT_INST);
2408 else
2409 assert(v->gv_type == GVT_SVC);
2410 break;
2411
2412 default:
2413 bad_error("graph_insert_vertex_unconfigured", err);
2414 }
2415 }
2416
2417 /* Add dependency from depgroup_v to new vertex */
2418 info->err = graph_insert_dependency(depgroup_v, v, info->pathp);
2419 switch (info->err) {
2420 case 0:
2421 break;
2422
2423 case ELOOP:
2424 return (ELOOP);
2425
2426 default:
2427 bad_error("graph_insert_dependency", info->err);
2428 }
2429
2430 /* This must be after we insert the dependency, to avoid looping. */
2431 switch (v->gv_type) {
2432 case GVT_INST:
2433 if ((v->gv_flags & GV_CONFIGURED) != 0)
2434 break;
2435
2436 inst = safe_scf_instance_create(info->h);
2437
2438 rebound = B_FALSE;
2439
2440 rebound:
2441 err = libscf_lookup_instance(v->gv_name, inst);
2442 switch (err) {
2443 case 0:
2444 err = configure_vertex(v, inst);
2445 switch (err) {
2446 case 0:
2447 case ECANCELED:
2448 break;
2449
2450 case ECONNABORTED:
2451 libscf_handle_rebind(info->h);
2452 rebound = B_TRUE;
2453 goto rebound;
2454
2455 default:
2456 bad_error("configure_vertex", err);
2457 }
2458 break;
2459
2460 case ENOENT:
2461 break;
2462
2463 case ECONNABORTED:
2464 libscf_handle_rebind(info->h);
2465 rebound = B_TRUE;
2466 goto rebound;
2467
2468 case EINVAL:
2469 case ENOTSUP:
2470 default:
2471 bad_error("libscf_fmri_get_instance", err);
2472 }
2473
2474 scf_instance_destroy(inst);
2475
2476 if (rebound)
2477 return (info->err = ECONNRESET);
2478 break;
2479
2480 case GVT_SVC:
2481 (void) add_service(v->gv_name, info->h, &rebound);
2482 if (rebound)
2483 return (info->err = ECONNRESET);
2484 }
2485
2486 return (0);
2487 }
2488
2489 struct deppg_info {
2490 graph_vertex_t *v; /* GVT_INST vertex */
2491 int err; /* return error */
2492 int **pathp; /* return circular dependency path */
2493 };
2494
2495 /*
2496 * Make info->v depend on a new GVT_GROUP node for this property group,
2497 * and then call process_dependency_fmri() for the values of the entity
2498 * property. Return 0 on success, or if something goes wrong return nonzero
2499 * and set info->err to ECONNABORTED, EINVAL, or the error code returned by
2500 * process_dependency_fmri().
2501 */
2502 static int
2503 process_dependency_pg(scf_propertygroup_t *pg, struct deppg_info *info)
2504 {
2505 scf_handle_t *h;
2506 depgroup_type_t deptype;
2507 restarter_error_t rerr;
2508 struct depfmri_info linfo;
2509 char *fmri, *pg_name;
2510 size_t fmri_sz;
2511 graph_vertex_t *depgrp;
2512 scf_property_t *prop;
2513 int err;
2514 int empty;
2515 scf_error_t scferr;
2516 ssize_t len;
2517
2518 assert(MUTEX_HELD(&dgraph_lock));
2519
2520 h = scf_pg_handle(pg);
2521
2522 pg_name = startd_alloc(max_scf_name_size);
2523
2524 len = scf_pg_get_name(pg, pg_name, max_scf_name_size);
2525 if (len < 0) {
2526 startd_free(pg_name, max_scf_name_size);
2527 switch (scf_error()) {
2528 case SCF_ERROR_CONNECTION_BROKEN:
2529 default:
2530 return (info->err = ECONNABORTED);
2531
2532 case SCF_ERROR_DELETED:
2533 return (info->err = 0);
2534
2535 case SCF_ERROR_NOT_SET:
2536 bad_error("scf_pg_get_name", scf_error());
2537 }
2538 }
2539
2540 /*
2541 * Skip over empty dependency groups. Since dependency property
2542 * groups are updated atomically, they are either empty or
2543 * fully populated.
2544 */
2545 empty = depgroup_empty(h, pg);
2546 if (empty < 0) {
2547 log_error(LOG_INFO,
2548 "Error reading dependency group \"%s\" of %s: %s\n",
2549 pg_name, info->v->gv_name, scf_strerror(scf_error()));
2550 startd_free(pg_name, max_scf_name_size);
2551 return (info->err = EINVAL);
2552
2553 } else if (empty == 1) {
2554 log_framework(LOG_DEBUG,
2555 "Ignoring empty dependency group \"%s\" of %s\n",
2556 pg_name, info->v->gv_name);
2557 startd_free(pg_name, max_scf_name_size);
2558 return (info->err = 0);
2559 }
2560
2561 fmri_sz = strlen(info->v->gv_name) + 1 + len + 1;
2562 fmri = startd_alloc(fmri_sz);
2563
2564 (void) snprintf(fmri, fmri_sz, "%s>%s", info->v->gv_name,
2565 pg_name);
2566
2567 /* Validate the pg before modifying the graph */
2568 deptype = depgroup_read_grouping(h, pg);
2569 if (deptype == DEPGRP_UNSUPPORTED) {
2570 log_error(LOG_INFO,
2571 "Dependency \"%s\" of %s has an unknown grouping value.\n",
2572 pg_name, info->v->gv_name);
2573 startd_free(fmri, fmri_sz);
2574 startd_free(pg_name, max_scf_name_size);
2575 return (info->err = EINVAL);
2576 }
2577
2578 rerr = depgroup_read_restart(h, pg);
2579 if (rerr == RERR_UNSUPPORTED) {
2580 log_error(LOG_INFO,
2581 "Dependency \"%s\" of %s has an unknown restart_on value."
2582 "\n", pg_name, info->v->gv_name);
2583 startd_free(fmri, fmri_sz);
2584 startd_free(pg_name, max_scf_name_size);
2585 return (info->err = EINVAL);
2586 }
2587
2588 prop = safe_scf_property_create(h);
2589
2590 if (scf_pg_get_property(pg, SCF_PROPERTY_ENTITIES, prop) != 0) {
2591 scferr = scf_error();
2592 scf_property_destroy(prop);
2593 if (scferr == SCF_ERROR_DELETED) {
2594 startd_free(fmri, fmri_sz);
2595 startd_free(pg_name, max_scf_name_size);
2596 return (info->err = 0);
2597 } else if (scferr != SCF_ERROR_NOT_FOUND) {
2598 startd_free(fmri, fmri_sz);
2599 startd_free(pg_name, max_scf_name_size);
2600 return (info->err = ECONNABORTED);
2601 }
2602
2603 log_error(LOG_INFO,
2604 "Dependency \"%s\" of %s is missing a \"%s\" property.\n",
2605 pg_name, info->v->gv_name, SCF_PROPERTY_ENTITIES);
2606
2607 startd_free(fmri, fmri_sz);
2608 startd_free(pg_name, max_scf_name_size);
2609
2610 return (info->err = EINVAL);
2611 }
2612
2613 /* Create depgroup vertex for pg */
2614 err = graph_insert_vertex_unconfigured(fmri, GVT_GROUP, deptype,
2615 rerr, &depgrp);
2616 assert(err == 0);
2617 startd_free(fmri, fmri_sz);
2618
2619 /* Add dependency from inst vertex to new vertex */
2620 err = graph_insert_dependency(info->v, depgrp, info->pathp);
2621 /* ELOOP can't happen because this should be a new vertex */
2622 assert(err == 0);
2623
2624 linfo.v = depgrp;
2625 linfo.type = depgroup_read_scheme(h, pg);
2626 linfo.inst_fmri = info->v->gv_name;
2627 linfo.pg_name = pg_name;
2628 linfo.h = h;
2629 linfo.err = 0;
2630 linfo.pathp = info->pathp;
2631 err = walk_property_astrings(prop, (callback_t)process_dependency_fmri,
2632 &linfo);
2633
2634 scf_property_destroy(prop);
2635 startd_free(pg_name, max_scf_name_size);
2636
2637 switch (err) {
2638 case 0:
2639 case EINTR:
2640 return (info->err = linfo.err);
2641
2642 case ECONNABORTED:
2643 case EINVAL:
2644 return (info->err = err);
2645
2646 case ECANCELED:
2647 return (info->err = 0);
2648
2649 case ECONNRESET:
2650 return (info->err = ECONNABORTED);
2651
2652 default:
2653 bad_error("walk_property_astrings", err);
2654 /* NOTREACHED */
2655 }
2656 }
2657
2658 /*
2659 * Build the dependency info for v from the repository. Returns 0 on success,
2660 * ECONNABORTED on repository disconnection, EINVAL if the repository
2661 * configuration is invalid, and ELOOP if a dependency would cause a cycle.
2662 * In the last case, *pathp will point to a -1-terminated array of ids which
2663 * constitute the rest of the dependency cycle.
2664 */
2665 static int
2666 set_dependencies(graph_vertex_t *v, scf_instance_t *inst, int **pathp)
2667 {
2668 struct deppg_info info;
2669 int err;
2670 uint_t old_configured;
2671
2672 assert(MUTEX_HELD(&dgraph_lock));
2673
2674 /*
2675 * Mark the vertex as configured during dependency insertion to avoid
2676 * dependency cycles (which can appear in the graph if one of the
2677 * vertices is an exclusion-group).
2678 */
2679 old_configured = v->gv_flags & GV_CONFIGURED;
2680 v->gv_flags |= GV_CONFIGURED;
2681
2682 info.err = 0;
2683 info.v = v;
2684 info.pathp = pathp;
2685
2686 err = walk_dependency_pgs(inst, (callback_t)process_dependency_pg,
2687 &info);
2688
2689 if (!old_configured)
2690 v->gv_flags &= ~GV_CONFIGURED;
2691
2692 switch (err) {
2693 case 0:
2694 case EINTR:
2695 return (info.err);
2696
2697 case ECONNABORTED:
2698 return (ECONNABORTED);
2699
2700 case ECANCELED:
2701 /* Should get delete event, so return 0. */
2702 return (0);
2703
2704 default:
2705 bad_error("walk_dependency_pgs", err);
2706 /* NOTREACHED */
2707 }
2708 }
2709
2710
2711 static void
2712 handle_cycle(const char *fmri, int *path)
2713 {
2714 const char *cp;
2715 size_t sz;
2716
2717 assert(MUTEX_HELD(&dgraph_lock));
2718
2719 path_to_str(path, (char **)&cp, &sz);
2720
2721 log_error(LOG_ERR, "Transitioning %s to maintenance "
2722 "because it completes a dependency cycle (see svcs -xv for "
2723 "details):\n%s", fmri ? fmri : "?", cp);
2724
2725 startd_free((void *)cp, sz);
2726 }
2727
2728 /*
2729 * Increment the vertex's reference count to prevent the vertex removal
2730 * from the dgraph.
2731 */
2732 static void
2733 vertex_ref(graph_vertex_t *v)
2734 {
2735 assert(MUTEX_HELD(&dgraph_lock));
2736
2737 v->gv_refs++;
2738 }
2739
2740 /*
2741 * Decrement the vertex's reference count and remove the vertex from
2742 * the dgraph when possible.
2743 *
2744 * Return VERTEX_REMOVED when the vertex has been removed otherwise
2745 * return VERTEX_INUSE.
2746 */
2747 static int
2748 vertex_unref(graph_vertex_t *v)
2749 {
2750 assert(MUTEX_HELD(&dgraph_lock));
2751 assert(v->gv_refs > 0);
2752
2753 v->gv_refs--;
2754
2755 return (free_if_unrefed(v));
2756 }
2757
2758 /*
2759 * When run on the dependencies of a vertex, populates list with
2760 * graph_edge_t's which point to the service vertices or the instance
2761 * vertices (no GVT_GROUP nodes) on which the vertex depends.
2762 *
2763 * Increment the vertex's reference count once the vertex is inserted
2764 * in the list. The vertex won't be able to be deleted from the dgraph
2765 * while it is referenced.
2766 */
2767 static int
2768 append_svcs_or_insts(graph_edge_t *e, uu_list_t *list)
2769 {
2770 graph_vertex_t *v = e->ge_vertex;
2771 graph_edge_t *new;
2772 int r;
2773
2774 switch (v->gv_type) {
2775 case GVT_INST:
2776 case GVT_SVC:
2777 break;
2778
2779 case GVT_GROUP:
2780 r = uu_list_walk(v->gv_dependencies,
2781 (uu_walk_fn_t *)append_svcs_or_insts, list, 0);
2782 assert(r == 0);
2783 return (UU_WALK_NEXT);
2784
2785 case GVT_FILE:
2786 return (UU_WALK_NEXT);
2787
2788 default:
2789 #ifndef NDEBUG
2790 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
2791 __LINE__, v->gv_type);
2792 #endif
2793 abort();
2794 }
2795
2796 new = startd_alloc(sizeof (*new));
2797 new->ge_vertex = v;
2798 uu_list_node_init(new, &new->ge_link, graph_edge_pool);
2799 r = uu_list_insert_before(list, NULL, new);
2800 assert(r == 0);
2801
2802 /*
2803 * Because we are inserting the vertex in a list, we don't want
2804 * the vertex to be freed while the list is in use. In order to
2805 * achieve that, increment the vertex's reference count.
2806 */
2807 vertex_ref(v);
2808
2809 return (UU_WALK_NEXT);
2810 }
2811
2812 static boolean_t
2813 should_be_in_subgraph(graph_vertex_t *v)
2814 {
2815 graph_edge_t *e;
2816
2817 if (v == milestone)
2818 return (B_TRUE);
2819
2820 /*
2821 * v is in the subgraph if any of its dependents are in the subgraph.
2822 * Except for EXCLUDE_ALL dependents. And OPTIONAL dependents only
2823 * count if we're enabled.
2824 */
2825 for (e = uu_list_first(v->gv_dependents);
2826 e != NULL;
2827 e = uu_list_next(v->gv_dependents, e)) {
2828 graph_vertex_t *dv = e->ge_vertex;
2829
2830 if (!(dv->gv_flags & GV_INSUBGRAPH))
2831 continue;
2832
2833 /*
2834 * Don't include instances that are optional and disabled.
2835 */
2836 if (v->gv_type == GVT_INST && dv->gv_type == GVT_SVC) {
2837
2838 int in = 0;
2839 graph_edge_t *ee;
2840
2841 for (ee = uu_list_first(dv->gv_dependents);
2842 ee != NULL;
2843 ee = uu_list_next(dv->gv_dependents, ee)) {
2844
2845 graph_vertex_t *ddv = e->ge_vertex;
2846
2847 if (ddv->gv_type == GVT_GROUP &&
2848 ddv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
2849 continue;
2850
2851 if (ddv->gv_type == GVT_GROUP &&
2852 ddv->gv_depgroup == DEPGRP_OPTIONAL_ALL &&
2853 !(v->gv_flags & GV_ENBLD_NOOVR))
2854 continue;
2855
2856 in = 1;
2857 }
2858 if (!in)
2859 continue;
2860 }
2861 if (v->gv_type == GVT_INST &&
2862 dv->gv_type == GVT_GROUP &&
2863 dv->gv_depgroup == DEPGRP_OPTIONAL_ALL &&
2864 !(v->gv_flags & GV_ENBLD_NOOVR))
2865 continue;
2866
2867 /* Don't include excluded services and instances */
2868 if (dv->gv_type == GVT_GROUP &&
2869 dv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
2870 continue;
2871
2872 return (B_TRUE);
2873 }
2874
2875 return (B_FALSE);
2876 }
2877
2878 /*
2879 * Ensures that GV_INSUBGRAPH is set properly for v and its descendents. If
2880 * any bits change, manipulate the repository appropriately. Returns 0 or
2881 * ECONNABORTED.
2882 */
2883 static int
2884 eval_subgraph(graph_vertex_t *v, scf_handle_t *h)
2885 {
2886 boolean_t old = (v->gv_flags & GV_INSUBGRAPH) != 0;
2887 boolean_t new;
2888 graph_edge_t *e;
2889 scf_instance_t *inst;
2890 int ret = 0, r;
2891
2892 assert(milestone != NULL && milestone != MILESTONE_NONE);
2893
2894 new = should_be_in_subgraph(v);
2895
2896 if (new == old)
2897 return (0);
2898
2899 log_framework(LOG_DEBUG, new ? "Adding %s to the subgraph.\n" :
2900 "Removing %s from the subgraph.\n", v->gv_name);
2901
2902 v->gv_flags = (v->gv_flags & ~GV_INSUBGRAPH) |
2903 (new ? GV_INSUBGRAPH : 0);
2904
2905 if (v->gv_type == GVT_INST && (v->gv_flags & GV_CONFIGURED)) {
2906 int err;
2907
2908 get_inst:
2909 err = libscf_fmri_get_instance(h, v->gv_name, &inst);
2910 if (err != 0) {
2911 switch (err) {
2912 case ECONNABORTED:
2913 libscf_handle_rebind(h);
2914 ret = ECONNABORTED;
2915 goto get_inst;
2916
2917 case ENOENT:
2918 break;
2919
2920 case EINVAL:
2921 case ENOTSUP:
2922 default:
2923 bad_error("libscf_fmri_get_instance", err);
2924 }
2925 } else {
2926 const char *f;
2927
2928 if (new) {
2929 err = libscf_delete_enable_ovr(inst);
2930 f = "libscf_delete_enable_ovr";
2931 } else {
2932 err = libscf_set_enable_ovr(inst, 0);
2933 f = "libscf_set_enable_ovr";
2934 }
2935 scf_instance_destroy(inst);
2936 switch (err) {
2937 case 0:
2938 case ECANCELED:
2939 break;
2940
2941 case ECONNABORTED:
2942 libscf_handle_rebind(h);
2943 /*
2944 * We must continue so the graph is updated,
2945 * but we must return ECONNABORTED so any
2946 * libscf state held by any callers is reset.
2947 */
2948 ret = ECONNABORTED;
2949 goto get_inst;
2950
2951 case EROFS:
2952 case EPERM:
2953 log_error(LOG_WARNING,
2954 "Could not set %s/%s for %s: %s.\n",
2955 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
2956 v->gv_name, strerror(err));
2957 break;
2958
2959 default:
2960 bad_error(f, err);
2961 }
2962 }
2963 }
2964
2965 for (e = uu_list_first(v->gv_dependencies);
2966 e != NULL;
2967 e = uu_list_next(v->gv_dependencies, e)) {
2968 r = eval_subgraph(e->ge_vertex, h);
2969 if (r != 0) {
2970 assert(r == ECONNABORTED);
2971 ret = ECONNABORTED;
2972 }
2973 }
2974
2975 return (ret);
2976 }
2977
2978 /*
2979 * Delete the (property group) dependencies of v & create new ones based on
2980 * inst. If doing so would create a cycle, log a message and put the instance
2981 * into maintenance. Update GV_INSUBGRAPH flags as necessary. Returns 0 or
2982 * ECONNABORTED.
2983 */
2984 int
2985 refresh_vertex(graph_vertex_t *v, scf_instance_t *inst)
2986 {
2987 int err;
2988 int *path;
2989 char *fmri;
2990 int r;
2991 scf_handle_t *h = scf_instance_handle(inst);
2992 uu_list_t *old_deps;
2993 int ret = 0;
2994 graph_edge_t *e;
2995 graph_vertex_t *vv;
2996
2997 assert(MUTEX_HELD(&dgraph_lock));
2998 assert(v->gv_type == GVT_INST);
2999
3000 log_framework(LOG_DEBUG, "Graph engine: Refreshing %s.\n", v->gv_name);
3001
3002 if (milestone > MILESTONE_NONE) {
3003 /*
3004 * In case some of v's dependencies are being deleted we must
3005 * make a list of them now for GV_INSUBGRAPH-flag evaluation
3006 * after the new dependencies are in place.
3007 */
3008 old_deps = startd_list_create(graph_edge_pool, NULL, 0);
3009
3010 err = uu_list_walk(v->gv_dependencies,
3011 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0);
3012 assert(err == 0);
3013 }
3014
3015 delete_instance_dependencies(v, B_FALSE);
3016
3017 err = set_dependencies(v, inst, &path);
3018 switch (err) {
3019 case 0:
3020 break;
3021
3022 case ECONNABORTED:
3023 ret = err;
3024 goto out;
3025
3026 case EINVAL:
3027 case ELOOP:
3028 r = libscf_instance_get_fmri(inst, &fmri);
3029 switch (r) {
3030 case 0:
3031 break;
3032
3033 case ECONNABORTED:
3034 ret = ECONNABORTED;
3035 goto out;
3036
3037 case ECANCELED:
3038 ret = 0;
3039 goto out;
3040
3041 default:
3042 bad_error("libscf_instance_get_fmri", r);
3043 }
3044
3045 if (err == EINVAL) {
3046 log_error(LOG_ERR, "Transitioning %s "
3047 "to maintenance due to misconfiguration.\n",
3048 fmri ? fmri : "?");
3049 vertex_send_event(v,
3050 RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY);
3051 } else {
3052 handle_cycle(fmri, path);
3053 vertex_send_event(v,
3054 RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE);
3055 }
3056 startd_free(fmri, max_scf_fmri_size);
3057 ret = 0;
3058 goto out;
3059
3060 default:
3061 bad_error("set_dependencies", err);
3062 }
3063
3064 if (milestone > MILESTONE_NONE) {
3065 boolean_t aborted = B_FALSE;
3066
3067 for (e = uu_list_first(old_deps);
3068 e != NULL;
3069 e = uu_list_next(old_deps, e)) {
3070 vv = e->ge_vertex;
3071
3072 if (vertex_unref(vv) == VERTEX_INUSE &&
3073 eval_subgraph(vv, h) == ECONNABORTED)
3074 aborted = B_TRUE;
3075 }
3076
3077 for (e = uu_list_first(v->gv_dependencies);
3078 e != NULL;
3079 e = uu_list_next(v->gv_dependencies, e)) {
3080 if (eval_subgraph(e->ge_vertex, h) ==
3081 ECONNABORTED)
3082 aborted = B_TRUE;
3083 }
3084
3085 if (aborted) {
3086 ret = ECONNABORTED;
3087 goto out;
3088 }
3089 }
3090
3091 graph_start_if_satisfied(v);
3092
3093 ret = 0;
3094
3095 out:
3096 if (milestone > MILESTONE_NONE) {
3097 void *cookie = NULL;
3098
3099 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL)
3100 startd_free(e, sizeof (*e));
3101
3102 uu_list_destroy(old_deps);
3103 }
3104
3105 return (ret);
3106 }
3107
3108 /*
3109 * Set up v according to inst. That is, make sure it depends on its
3110 * restarter and set up its dependencies. Send the ADD_INSTANCE command to
3111 * the restarter, and send ENABLE or DISABLE as appropriate.
3112 *
3113 * Returns 0 on success, ECONNABORTED on repository disconnection, or
3114 * ECANCELED if inst is deleted.
3115 */
3116 static int
3117 configure_vertex(graph_vertex_t *v, scf_instance_t *inst)
3118 {
3119 scf_handle_t *h;
3120 scf_propertygroup_t *pg;
3121 scf_snapshot_t *snap;
3122 char *restarter_fmri = startd_alloc(max_scf_value_size);
3123 int enabled, enabled_ovr;
3124 int err;
3125 int *path;
3126 int deathrow;
3127 int32_t tset;
3128
3129 restarter_fmri[0] = '\0';
3130
3131 assert(MUTEX_HELD(&dgraph_lock));
3132 assert(v->gv_type == GVT_INST);
3133 assert((v->gv_flags & GV_CONFIGURED) == 0);
3134
3135 /* GV_INSUBGRAPH should already be set properly. */
3136 assert(should_be_in_subgraph(v) ==
3137 ((v->gv_flags & GV_INSUBGRAPH) != 0));
3138
3139 /*
3140 * If the instance fmri is in the deathrow list then set the
3141 * GV_DEATHROW flag on the vertex and create and set to true the
3142 * SCF_PROPERTY_DEATHROW boolean property in the non-persistent
3143 * repository for this instance fmri.
3144 */
3145 if ((v->gv_flags & GV_DEATHROW) ||
3146 (is_fmri_in_deathrow(v->gv_name) == B_TRUE)) {
3147 if ((v->gv_flags & GV_DEATHROW) == 0) {
3148 /*
3149 * Set flag GV_DEATHROW, create and set to true
3150 * the SCF_PROPERTY_DEATHROW property in the
3151 * non-persistent repository for this instance fmri.
3152 */
3153 v->gv_flags |= GV_DEATHROW;
3154
3155 switch (err = libscf_set_deathrow(inst, 1)) {
3156 case 0:
3157 break;
3158
3159 case ECONNABORTED:
3160 case ECANCELED:
3161 startd_free(restarter_fmri, max_scf_value_size);
3162 return (err);
3163
3164 case EROFS:
3165 log_error(LOG_WARNING, "Could not set %s/%s "
3166 "for deathrow %s: %s.\n",
3167 SCF_PG_DEATHROW, SCF_PROPERTY_DEATHROW,
3168 v->gv_name, strerror(err));
3169 break;
3170
3171 case EPERM:
3172 uu_die("Permission denied.\n");
3173 /* NOTREACHED */
3174
3175 default:
3176 bad_error("libscf_set_deathrow", err);
3177 }
3178 log_framework(LOG_DEBUG, "Deathrow, graph set %s.\n",
3179 v->gv_name);
3180 }
3181 startd_free(restarter_fmri, max_scf_value_size);
3182 return (0);
3183 }
3184
3185 h = scf_instance_handle(inst);
3186
3187 /*
3188 * Using a temporary deathrow boolean property, set through
3189 * libscf_set_deathrow(), only for fmris on deathrow, is necessary
3190 * because deathrow_fini() may already have been called, and in case
3191 * of a refresh, GV_DEATHROW may need to be set again.
3192 * libscf_get_deathrow() sets deathrow to 1 only if this instance
3193 * has a temporary boolean property named 'deathrow' valued true
3194 * in a property group 'deathrow', -1 or 0 in all other cases.
3195 */
3196 err = libscf_get_deathrow(h, inst, &deathrow);
3197 switch (err) {
3198 case 0:
3199 break;
3200
3201 case ECONNABORTED:
3202 case ECANCELED:
3203 startd_free(restarter_fmri, max_scf_value_size);
3204 return (err);
3205
3206 default:
3207 bad_error("libscf_get_deathrow", err);
3208 }
3209
3210 if (deathrow == 1) {
3211 v->gv_flags |= GV_DEATHROW;
3212 startd_free(restarter_fmri, max_scf_value_size);
3213 return (0);
3214 }
3215
3216 log_framework(LOG_DEBUG, "Graph adding %s.\n", v->gv_name);
3217
3218 /*
3219 * If the instance does not have a restarter property group,
3220 * initialize its state to uninitialized/none, in case the restarter
3221 * is not enabled.
3222 */
3223 pg = safe_scf_pg_create(h);
3224
3225 if (scf_instance_get_pg(inst, SCF_PG_RESTARTER, pg) != 0) {
3226 instance_data_t idata;
3227 uint_t count = 0, msecs = ALLOC_DELAY;
3228
3229 switch (scf_error()) {
3230 case SCF_ERROR_NOT_FOUND:
3231 break;
3232
3233 case SCF_ERROR_CONNECTION_BROKEN:
3234 default:
3235 scf_pg_destroy(pg);
3236 startd_free(restarter_fmri, max_scf_value_size);
3237 return (ECONNABORTED);
3238
3239 case SCF_ERROR_DELETED:
3240 scf_pg_destroy(pg);
3241 startd_free(restarter_fmri, max_scf_value_size);
3242 return (ECANCELED);
3243
3244 case SCF_ERROR_NOT_SET:
3245 bad_error("scf_instance_get_pg", scf_error());
3246 }
3247
3248 switch (err = libscf_instance_get_fmri(inst,
3249 (char **)&idata.i_fmri)) {
3250 case 0:
3251 break;
3252
3253 case ECONNABORTED:
3254 case ECANCELED:
3255 scf_pg_destroy(pg);
3256 startd_free(restarter_fmri, max_scf_value_size);
3257 return (err);
3258
3259 default:
3260 bad_error("libscf_instance_get_fmri", err);
3261 }
3262
3263 idata.i_state = RESTARTER_STATE_NONE;
3264 idata.i_next_state = RESTARTER_STATE_NONE;
3265
3266 init_state:
3267 switch (err = _restarter_commit_states(h, &idata,
3268 RESTARTER_STATE_UNINIT, RESTARTER_STATE_NONE,
3269 restarter_get_str_short(restarter_str_insert_in_graph))) {
3270 case 0:
3271 break;
3272
3273 case ENOMEM:
3274 ++count;
3275 if (count < ALLOC_RETRY) {
3276 (void) poll(NULL, 0, msecs);
3277 msecs *= ALLOC_DELAY_MULT;
3278 goto init_state;
3279 }
3280
3281 uu_die("Insufficient memory.\n");
3282 /* NOTREACHED */
3283
3284 case ECONNABORTED:
3285 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3286 scf_pg_destroy(pg);
3287 startd_free(restarter_fmri, max_scf_value_size);
3288 return (ECONNABORTED);
3289
3290 case ENOENT:
3291 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3292 scf_pg_destroy(pg);
3293 startd_free(restarter_fmri, max_scf_value_size);
3294 return (ECANCELED);
3295
3296 case EPERM:
3297 case EACCES:
3298 case EROFS:
3299 log_error(LOG_NOTICE, "Could not initialize state for "
3300 "%s: %s.\n", idata.i_fmri, strerror(err));
3301 break;
3302
3303 case EINVAL:
3304 default:
3305 bad_error("_restarter_commit_states", err);
3306 }
3307
3308 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3309 }
3310
3311 scf_pg_destroy(pg);
3312
3313 if (milestone != NULL) {
3314 /*
3315 * Make sure the enable-override is set properly before we
3316 * read whether we should be enabled.
3317 */
3318 if (milestone == MILESTONE_NONE ||
3319 !(v->gv_flags & GV_INSUBGRAPH)) {
3320 /*
3321 * This might seem unjustified after the milestone
3322 * transition has completed (non_subgraph_svcs == 0),
3323 * but it's important because when we boot to
3324 * a milestone, we set the milestone before populating
3325 * the graph, and all of the new non-subgraph services
3326 * need to be disabled here.
3327 */
3328 switch (err = libscf_set_enable_ovr(inst, 0)) {
3329 case 0:
3330 break;
3331
3332 case ECONNABORTED:
3333 case ECANCELED:
3334 startd_free(restarter_fmri, max_scf_value_size);
3335 return (err);
3336
3337 case EROFS:
3338 log_error(LOG_WARNING,
3339 "Could not set %s/%s for %s: %s.\n",
3340 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
3341 v->gv_name, strerror(err));
3342 break;
3343
3344 case EPERM:
3345 uu_die("Permission denied.\n");
3346 /* NOTREACHED */
3347
3348 default:
3349 bad_error("libscf_set_enable_ovr", err);
3350 }
3351 } else {
3352 assert(v->gv_flags & GV_INSUBGRAPH);
3353 switch (err = libscf_delete_enable_ovr(inst)) {
3354 case 0:
3355 break;
3356
3357 case ECONNABORTED:
3358 case ECANCELED:
3359 startd_free(restarter_fmri, max_scf_value_size);
3360 return (err);
3361
3362 case EPERM:
3363 uu_die("Permission denied.\n");
3364 /* NOTREACHED */
3365
3366 default:
3367 bad_error("libscf_delete_enable_ovr", err);
3368 }
3369 }
3370 }
3371
3372 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled,
3373 &enabled_ovr, &restarter_fmri);
3374 switch (err) {
3375 case 0:
3376 break;
3377
3378 case ECONNABORTED:
3379 case ECANCELED:
3380 startd_free(restarter_fmri, max_scf_value_size);
3381 return (err);
3382
3383 case ENOENT:
3384 log_framework(LOG_DEBUG,
3385 "Ignoring %s because it has no general property group.\n",
3386 v->gv_name);
3387 startd_free(restarter_fmri, max_scf_value_size);
3388 return (0);
3389
3390 default:
3391 bad_error("libscf_get_basic_instance_data", err);
3392 }
3393
3394 if ((tset = libscf_get_stn_tset(inst)) == -1) {
3395 log_framework(LOG_WARNING,
3396 "Failed to get notification parameters for %s: %s\n",
3397 v->gv_name, scf_strerror(scf_error()));
3398 v->gv_stn_tset = 0;
3399 } else {
3400 v->gv_stn_tset = tset;
3401 }
3402 if (strcmp(v->gv_name, SCF_INSTANCE_GLOBAL) == 0)
3403 stn_global = v->gv_stn_tset;
3404
3405 if (enabled == -1) {
3406 startd_free(restarter_fmri, max_scf_value_size);
3407 return (0);
3408 }
3409
3410 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) |
3411 (enabled ? GV_ENBLD_NOOVR : 0);
3412
3413 if (enabled_ovr != -1)
3414 enabled = enabled_ovr;
3415
3416 v->gv_state = RESTARTER_STATE_UNINIT;
3417
3418 snap = libscf_get_or_make_running_snapshot(inst, v->gv_name, B_TRUE);
3419 scf_snapshot_destroy(snap);
3420
3421 /* Set up the restarter. (Sends _ADD_INSTANCE on success.) */
3422 err = graph_change_restarter(v, restarter_fmri, h, &path);
3423 if (err != 0) {
3424 instance_data_t idata;
3425 uint_t count = 0, msecs = ALLOC_DELAY;
3426 restarter_str_t reason;
3427
3428 if (err == ECONNABORTED) {
3429 startd_free(restarter_fmri, max_scf_value_size);
3430 return (err);
3431 }
3432
3433 assert(err == EINVAL || err == ELOOP);
3434
3435 if (err == EINVAL) {
3436 log_framework(LOG_ERR, emsg_invalid_restarter,
3437 v->gv_name, restarter_fmri);
3438 reason = restarter_str_invalid_restarter;
3439 } else {
3440 handle_cycle(v->gv_name, path);
3441 reason = restarter_str_dependency_cycle;
3442 }
3443
3444 startd_free(restarter_fmri, max_scf_value_size);
3445
3446 /*
3447 * We didn't register the instance with the restarter, so we
3448 * must set maintenance mode ourselves.
3449 */
3450 err = libscf_instance_get_fmri(inst, (char **)&idata.i_fmri);
3451 if (err != 0) {
3452 assert(err == ECONNABORTED || err == ECANCELED);
3453 return (err);
3454 }
3455
3456 idata.i_state = RESTARTER_STATE_NONE;
3457 idata.i_next_state = RESTARTER_STATE_NONE;
3458
3459 set_maint:
3460 switch (err = _restarter_commit_states(h, &idata,
3461 RESTARTER_STATE_MAINT, RESTARTER_STATE_NONE,
3462 restarter_get_str_short(reason))) {
3463 case 0:
3464 break;
3465
3466 case ENOMEM:
3467 ++count;
3468 if (count < ALLOC_RETRY) {
3469 (void) poll(NULL, 0, msecs);
3470 msecs *= ALLOC_DELAY_MULT;
3471 goto set_maint;
3472 }
3473
3474 uu_die("Insufficient memory.\n");
3475 /* NOTREACHED */
3476
3477 case ECONNABORTED:
3478 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3479 return (ECONNABORTED);
3480
3481 case ENOENT:
3482 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3483 return (ECANCELED);
3484
3485 case EPERM:
3486 case EACCES:
3487 case EROFS:
3488 log_error(LOG_NOTICE, "Could not initialize state for "
3489 "%s: %s.\n", idata.i_fmri, strerror(err));
3490 break;
3491
3492 case EINVAL:
3493 default:
3494 bad_error("_restarter_commit_states", err);
3495 }
3496
3497 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3498
3499 v->gv_state = RESTARTER_STATE_MAINT;
3500
3501 goto out;
3502 }
3503 startd_free(restarter_fmri, max_scf_value_size);
3504
3505 /* Add all the other dependencies. */
3506 err = refresh_vertex(v, inst);
3507 if (err != 0) {
3508 assert(err == ECONNABORTED);
3509 return (err);
3510 }
3511
3512 out:
3513 v->gv_flags |= GV_CONFIGURED;
3514
3515 graph_enable_by_vertex(v, enabled, 0);
3516
3517 return (0);
3518 }
3519
3520
3521 static void
3522 kill_user_procs(void)
3523 {
3524 (void) fputs("svc.startd: Killing user processes.\n", stdout);
3525
3526 /*
3527 * Despite its name, killall's role is to get select user processes--
3528 * basically those representing terminal-based logins-- to die. Victims
3529 * are located by killall in the utmp database. Since these are most
3530 * often shell based logins, and many shells mask SIGTERM (but are
3531 * responsive to SIGHUP) we first HUP and then shortly thereafter
3532 * kill -9.
3533 */
3534 (void) fork_with_timeout("/usr/sbin/killall HUP", 1, 5);
3535 (void) fork_with_timeout("/usr/sbin/killall KILL", 1, 5);
3536
3537 /*
3538 * Note the selection of user id's 0, 1 and 15, subsequently
3539 * inverted by -v. 15 is reserved for dladmd. Yes, this is a
3540 * kludge-- a better policy is needed.
3541 *
3542 * Note that fork_with_timeout will only wait out the 1 second
3543 * "grace time" if pkill actually returns 0. So if there are
3544 * no matches, this will run to completion much more quickly.
3545 */
3546 (void) fork_with_timeout("/usr/bin/pkill -TERM -v -u 0,1,15", 1, 5);
3547 (void) fork_with_timeout("/usr/bin/pkill -KILL -v -u 0,1,15", 1, 5);
3548 }
3549
3550 static void
3551 do_uadmin(void)
3552 {
3553 const char * const resetting = "/etc/svc/volatile/resetting";
3554 int fd;
3555 struct statvfs vfs;
3556 time_t now;
3557 struct tm nowtm;
3558 char down_buf[256], time_buf[256];
3559 uintptr_t mdep;
3560 #if defined(__x86)
3561 char *fbarg = NULL;
3562 #endif /* __x86 */
3563
3564 mdep = NULL;
3565 fd = creat(resetting, 0777);
3566 if (fd >= 0)
3567 startd_close(fd);
3568 else
3569 uu_warn("Could not create \"%s\"", resetting);
3570
3571 /* Kill dhcpagent if we're not using nfs for root */
3572 if ((statvfs("/", &vfs) == 0) &&
3573 (strncmp(vfs.f_basetype, "nfs", sizeof ("nfs") - 1) != 0))
3574 fork_with_timeout("/usr/bin/pkill -x -u 0 dhcpagent", 0, 5);
3575
3576 /*
3577 * Call sync(2) now, before we kill off user processes. This takes
3578 * advantage of the several seconds of pause we have before the
3579 * killalls are done. Time we can make good use of to get pages
3580 * moving out to disk.
3581 *
3582 * Inside non-global zones, we don't bother, and it's better not to
3583 * anyway, since sync(2) can have system-wide impact.
3584 */
3585 if (getzoneid() == 0)
3586 sync();
3587
3588 kill_user_procs();
3589
3590 /*
3591 * Note that this must come after the killing of user procs, since
3592 * killall relies on utmpx, and this command affects the contents of
3593 * said file.
3594 */
3595 if (access("/usr/lib/acct/closewtmp", X_OK) == 0)
3596 fork_with_timeout("/usr/lib/acct/closewtmp", 0, 5);
3597
3598 /*
3599 * For patches which may be installed as the system is shutting
3600 * down, we need to ensure, one more time, that the boot archive
3601 * really is up to date.
3602 */
3603 if (getzoneid() == 0 && access("/usr/sbin/bootadm", X_OK) == 0)
3604 fork_with_timeout("/usr/sbin/bootadm -ea update_all", 0, 3600);
3605
3606 /*
3607 * Right now, fast reboot is supported only on i386.
3608 * scf_is_fastboot_default() should take care of it.
3609 * If somehow we got there on unsupported platform -
3610 * print warning and fall back to regular reboot.
3611 */
3612 if (halting == AD_FASTREBOOT) {
3613 #if defined(__x86)
3614 if (be_get_boot_args(&fbarg, BE_ENTRY_DEFAULT) == 0) {
3615 mdep = (uintptr_t)fbarg;
3616 } else {
3617 /*
3618 * Failed to read BE info, fall back to normal reboot
3619 */
3620 halting = AD_BOOT;
3621 uu_warn("Failed to get fast reboot arguments.\n"
3622 "Falling back to regular reboot.\n");
3623 }
3624 #else /* __x86 */
3625 halting = AD_BOOT;
3626 uu_warn("Fast reboot configured, but not supported by "
3627 "this ISA\n");
3628 #endif /* __x86 */
3629 }
3630
3631 fork_with_timeout("/sbin/umountall -l", 0, 5);
3632 fork_with_timeout("/sbin/umount /tmp /var/adm /var/run /var "
3633 ">/dev/null 2>&1", 0, 5);
3634
3635 /*
3636 * Try to get to consistency for whatever UFS filesystems are left.
3637 * This is pretty expensive, so we save it for the end in the hopes of
3638 * minimizing what it must do. The other option would be to start in
3639 * parallel with the killall's, but lockfs tends to throw out much more
3640 * than is needed, and so subsequent commands (like umountall) take a
3641 * long time to get going again.
3642 *
3643 * Inside of zones, we don't bother, since we're not about to terminate
3644 * the whole OS instance.
3645 *
3646 * On systems using only ZFS, this call to lockfs -fa is a no-op.
3647 */
3648 if (getzoneid() == 0) {
3649 if (access("/usr/sbin/lockfs", X_OK) == 0)
3650 fork_with_timeout("/usr/sbin/lockfs -fa", 0, 30);
3651
3652 sync(); /* once more, with feeling */
3653 }
3654
3655 fork_with_timeout("/sbin/umount /usr >/dev/null 2>&1", 0, 5);
3656
3657 /*
3658 * Construct and emit the last words from userland:
3659 * "<timestamp> The system is down. Shutdown took <N> seconds."
3660 *
3661 * Normally we'd use syslog, but with /var and other things
3662 * potentially gone, try to minimize the external dependencies.
3663 */
3664 now = time(NULL);
3665 (void) localtime_r(&now, &nowtm);
3666
3667 if (strftime(down_buf, sizeof (down_buf),
3668 "%b %e %T The system is down.", &nowtm) == 0) {
3669 (void) strlcpy(down_buf, "The system is down.",
3670 sizeof (down_buf));
3671 }
3672
3673 if (halting_time != 0 && halting_time <= now) {
3674 (void) snprintf(time_buf, sizeof (time_buf),
3675 " Shutdown took %lu seconds.", now - halting_time);
3676 } else {
3677 time_buf[0] = '\0';
3678 }
3679 (void) printf("%s%s\n", down_buf, time_buf);
3680
3681 (void) uadmin(A_SHUTDOWN, halting, mdep);
3682 uu_warn("uadmin() failed");
3683
3684 #if defined(__x86)
3685 if (halting == AD_FASTREBOOT)
3686 free(fbarg);
3687 #endif /* __x86 */
3688
3689 if (remove(resetting) != 0 && errno != ENOENT)
3690 uu_warn("Could not remove \"%s\"", resetting);
3691 }
3692
3693 /*
3694 * If any of the up_svcs[] are online or satisfiable, return true. If they are
3695 * all missing, disabled, in maintenance, or unsatisfiable, return false.
3696 */
3697 boolean_t
3698 can_come_up(void)
3699 {
3700 int i;
3701
3702 assert(MUTEX_HELD(&dgraph_lock));
3703
3704 /*
3705 * If we are booting to single user (boot -s),
3706 * SCF_MILESTONE_SINGLE_USER is needed to come up because startd
3707 * spawns sulogin after single-user is online (see specials.c).
3708 */
3709 i = (booting_to_single_user ? 0 : 1);
3710
3711 for (; up_svcs[i] != NULL; ++i) {
3712 if (up_svcs_p[i] == NULL) {
3713 up_svcs_p[i] = vertex_get_by_name(up_svcs[i]);
3714
3715 if (up_svcs_p[i] == NULL)
3716 continue;
3717 }
3718
3719 /*
3720 * Ignore unconfigured services (the ones that have been
3721 * mentioned in a dependency from other services, but do
3722 * not exist in the repository). Services which exist
3723 * in the repository but don't have general/enabled
3724 * property will be also ignored.
3725 */
3726 if (!(up_svcs_p[i]->gv_flags & GV_CONFIGURED))
3727 continue;
3728
3729 switch (up_svcs_p[i]->gv_state) {
3730 case RESTARTER_STATE_ONLINE:
3731 case RESTARTER_STATE_DEGRADED:
3732 /*
3733 * Deactivate verbose boot once a login service has been
3734 * reached.
3735 */
3736 st->st_log_login_reached = 1;
3737 /*FALLTHROUGH*/
3738 case RESTARTER_STATE_UNINIT:
3739 return (B_TRUE);
3740
3741 case RESTARTER_STATE_OFFLINE:
3742 if (instance_satisfied(up_svcs_p[i], B_TRUE) != -1)
3743 return (B_TRUE);
3744 log_framework(LOG_DEBUG,
3745 "can_come_up(): %s is unsatisfiable.\n",
3746 up_svcs_p[i]->gv_name);
3747 continue;
3748
3749 case RESTARTER_STATE_DISABLED:
3750 case RESTARTER_STATE_MAINT:
3751 log_framework(LOG_DEBUG,
3752 "can_come_up(): %s is in state %s.\n",
3753 up_svcs_p[i]->gv_name,
3754 instance_state_str[up_svcs_p[i]->gv_state]);
3755 continue;
3756
3757 default:
3758 #ifndef NDEBUG
3759 uu_warn("%s:%d: Unexpected vertex state %d.\n",
3760 __FILE__, __LINE__, up_svcs_p[i]->gv_state);
3761 #endif
3762 abort();
3763 }
3764 }
3765
3766 /*
3767 * In the seed repository, console-login is unsatisfiable because
3768 * services are missing. To behave correctly in that case we don't want
3769 * to return false until manifest-import is online.
3770 */
3771
3772 if (manifest_import_p == NULL) {
3773 manifest_import_p = vertex_get_by_name(manifest_import);
3774
3775 if (manifest_import_p == NULL)
3776 return (B_FALSE);
3777 }
3778
3779 switch (manifest_import_p->gv_state) {
3780 case RESTARTER_STATE_ONLINE:
3781 case RESTARTER_STATE_DEGRADED:
3782 case RESTARTER_STATE_DISABLED:
3783 case RESTARTER_STATE_MAINT:
3784 break;
3785
3786 case RESTARTER_STATE_OFFLINE:
3787 if (instance_satisfied(manifest_import_p, B_TRUE) == -1)
3788 break;
3789 /* FALLTHROUGH */
3790
3791 case RESTARTER_STATE_UNINIT:
3792 return (B_TRUE);
3793 }
3794
3795 return (B_FALSE);
3796 }
3797
3798 /*
3799 * Runs sulogin. Returns
3800 * 0 - success
3801 * EALREADY - sulogin is already running
3802 * EBUSY - console-login is running
3803 */
3804 static int
3805 run_sulogin(const char *msg)
3806 {
3807 graph_vertex_t *v;
3808
3809 assert(MUTEX_HELD(&dgraph_lock));
3810
3811 if (sulogin_running)
3812 return (EALREADY);
3813
3814 v = vertex_get_by_name(console_login_fmri);
3815 if (v != NULL && inst_running(v))
3816 return (EBUSY);
3817
3818 sulogin_running = B_TRUE;
3819
3820 MUTEX_UNLOCK(&dgraph_lock);
3821
3822 fork_sulogin(B_FALSE, msg);
3823
3824 MUTEX_LOCK(&dgraph_lock);
3825
3826 sulogin_running = B_FALSE;
3827
3828 if (console_login_ready) {
3829 v = vertex_get_by_name(console_login_fmri);
3830
3831 if (v != NULL && v->gv_state == RESTARTER_STATE_OFFLINE) {
3832 if (v->gv_start_f == NULL)
3833 vertex_send_event(v,
3834 RESTARTER_EVENT_TYPE_START);
3835 else
3836 v->gv_start_f(v);
3837 }
3838
3839 console_login_ready = B_FALSE;
3840 }
3841
3842 return (0);
3843 }
3844
3845 /*
3846 * The sulogin thread runs sulogin while can_come_up() is false. run_sulogin()
3847 * keeps sulogin from stepping on console-login's toes.
3848 */
3849 /* ARGSUSED */
3850 static void *
3851 sulogin_thread(void *unused)
3852 {
3853 (void) pthread_setname_np(pthread_self(), "sulogin");
3854
3855 MUTEX_LOCK(&dgraph_lock);
3856
3857 assert(sulogin_thread_running);
3858
3859 do {
3860 (void) run_sulogin("Console login service(s) cannot run\n");
3861 } while (!can_come_up());
3862
3863 sulogin_thread_running = B_FALSE;
3864 MUTEX_UNLOCK(&dgraph_lock);
3865
3866 return (NULL);
3867 }
3868
3869 /* ARGSUSED */
3870 void *
3871 single_user_thread(void *unused)
3872 {
3873 uint_t left;
3874 scf_handle_t *h;
3875 scf_instance_t *inst;
3876 scf_property_t *prop;
3877 scf_value_t *val;
3878 const char *msg;
3879 char *buf;
3880 int r;
3881
3882 (void) pthread_setname_np(pthread_self(), "single_user");
3883
3884 MUTEX_LOCK(&single_user_thread_lock);
3885 single_user_thread_count++;
3886
3887 if (!booting_to_single_user)
3888 kill_user_procs();
3889
3890 if (go_single_user_mode || booting_to_single_user) {
3891 msg = "SINGLE USER MODE\n";
3892 } else {
3893 assert(go_to_level1);
3894
3895 fork_rc_script('1', "start", B_TRUE);
3896
3897 uu_warn("The system is ready for administration.\n");
3898
3899 msg = "";
3900 }
3901
3902 MUTEX_UNLOCK(&single_user_thread_lock);
3903
3904 for (;;) {
3905 MUTEX_LOCK(&dgraph_lock);
3906 r = run_sulogin(msg);
3907 MUTEX_UNLOCK(&dgraph_lock);
3908 if (r == 0)
3909 break;
3910
3911 assert(r == EALREADY || r == EBUSY);
3912
3913 left = 3;
3914 while (left > 0)
3915 left = sleep(left);
3916 }
3917
3918 MUTEX_LOCK(&single_user_thread_lock);
3919
3920 /*
3921 * If another single user thread has started, let it finish changing
3922 * the run level.
3923 */
3924 if (single_user_thread_count > 1) {
3925 single_user_thread_count--;
3926 MUTEX_UNLOCK(&single_user_thread_lock);
3927 return (NULL);
3928 }
3929
3930 h = libscf_handle_create_bound_loop();
3931 inst = scf_instance_create(h);
3932 prop = safe_scf_property_create(h);
3933 val = safe_scf_value_create(h);
3934 buf = startd_alloc(max_scf_fmri_size);
3935
3936 lookup:
3937 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst,
3938 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
3939 switch (scf_error()) {
3940 case SCF_ERROR_NOT_FOUND:
3941 r = libscf_create_self(h);
3942 if (r == 0)
3943 goto lookup;
3944 assert(r == ECONNABORTED);
3945 /* FALLTHROUGH */
3946
3947 case SCF_ERROR_CONNECTION_BROKEN:
3948 libscf_handle_rebind(h);
3949 goto lookup;
3950
3951 case SCF_ERROR_INVALID_ARGUMENT:
3952 case SCF_ERROR_CONSTRAINT_VIOLATED:
3953 case SCF_ERROR_NOT_BOUND:
3954 case SCF_ERROR_HANDLE_MISMATCH:
3955 default:
3956 bad_error("scf_handle_decode_fmri", scf_error());
3957 }
3958 }
3959
3960 MUTEX_LOCK(&dgraph_lock);
3961
3962 r = scf_instance_delete_prop(inst, SCF_PG_OPTIONS_OVR,
3963 SCF_PROPERTY_MILESTONE);
3964 switch (r) {
3965 case 0:
3966 case ECANCELED:
3967 break;
3968
3969 case ECONNABORTED:
3970 MUTEX_UNLOCK(&dgraph_lock);
3971 libscf_handle_rebind(h);
3972 goto lookup;
3973
3974 case EPERM:
3975 case EACCES:
3976 case EROFS:
3977 log_error(LOG_WARNING, "Could not clear temporary milestone: "
3978 "%s.\n", strerror(r));
3979 break;
3980
3981 default:
3982 bad_error("scf_instance_delete_prop", r);
3983 }
3984
3985 MUTEX_UNLOCK(&dgraph_lock);
3986
3987 r = libscf_get_milestone(inst, prop, val, buf, max_scf_fmri_size);
3988 switch (r) {
3989 case ECANCELED:
3990 case ENOENT:
3991 case EINVAL:
3992 (void) strcpy(buf, "all");
3993 /* FALLTHROUGH */
3994
3995 case 0:
3996 uu_warn("Returning to milestone %s.\n", buf);
3997 break;
3998
3999 case ECONNABORTED:
4000 libscf_handle_rebind(h);
4001 goto lookup;
4002
4003 default:
4004 bad_error("libscf_get_milestone", r);
4005 }
4006
4007 r = dgraph_set_milestone(buf, h, B_FALSE);
4008 switch (r) {
4009 case 0:
4010 case ECONNRESET:
4011 case EALREADY:
4012 case EINVAL:
4013 case ENOENT:
4014 break;
4015
4016 default:
4017 bad_error("dgraph_set_milestone", r);
4018 }
4019
4020 /*
4021 * See graph_runlevel_changed().
4022 */
4023 MUTEX_LOCK(&dgraph_lock);
4024 utmpx_set_runlevel(target_milestone_as_runlevel(), 'S', B_TRUE);
4025 MUTEX_UNLOCK(&dgraph_lock);
4026
4027 startd_free(buf, max_scf_fmri_size);
4028 scf_value_destroy(val);
4029 scf_property_destroy(prop);
4030 scf_instance_destroy(inst);
4031 scf_handle_destroy(h);
4032
4033 /*
4034 * We'll give ourselves 3 seconds to respond to all of the enablings
4035 * that setting the milestone should have created before checking
4036 * whether to run sulogin.
4037 */
4038 left = 3;
4039 while (left > 0)
4040 left = sleep(left);
4041
4042 MUTEX_LOCK(&dgraph_lock);
4043 /*
4044 * Clearing these variables will allow the sulogin thread to run. We
4045 * check here in case there aren't any more state updates anytime soon.
4046 */
4047 go_to_level1 = go_single_user_mode = booting_to_single_user = B_FALSE;
4048 if (!sulogin_thread_running && !can_come_up()) {
4049 (void) startd_thread_create(sulogin_thread, NULL);
4050 sulogin_thread_running = B_TRUE;
4051 }
4052 MUTEX_UNLOCK(&dgraph_lock);
4053 single_user_thread_count--;
4054 MUTEX_UNLOCK(&single_user_thread_lock);
4055 return (NULL);
4056 }
4057
4058
4059 /*
4060 * Dependency graph operations API. These are handle-independent thread-safe
4061 * graph manipulation functions which are the entry points for the event
4062 * threads below.
4063 */
4064
4065 /*
4066 * If a configured vertex exists for inst_fmri, return EEXIST. If no vertex
4067 * exists for inst_fmri, add one. Then fetch the restarter from inst, make
4068 * this vertex dependent on it, and send _ADD_INSTANCE to the restarter.
4069 * Fetch whether the instance should be enabled from inst and send _ENABLE or
4070 * _DISABLE as appropriate. Finally rummage through inst's dependency
4071 * property groups and add vertices and edges as appropriate. If anything
4072 * goes wrong after sending _ADD_INSTANCE, send _ADMIN_MAINT_ON to put the
4073 * instance in maintenance. Don't send _START or _STOP until we get a state
4074 * update in case we're being restarted and the service is already running.
4075 *
4076 * To support booting to a milestone, we must also make sure all dependencies
4077 * encountered are configured, if they exist in the repository.
4078 *
4079 * Returns 0 on success, ECONNABORTED on repository disconnection, EINVAL if
4080 * inst_fmri is an invalid (or not canonical) FMRI, ECANCELED if inst is
4081 * deleted, or EEXIST if a configured vertex for inst_fmri already exists.
4082 */
4083 int
4084 dgraph_add_instance(const char *inst_fmri, scf_instance_t *inst,
4085 boolean_t lock_graph)
4086 {
4087 graph_vertex_t *v;
4088 int err;
4089
4090 if (strcmp(inst_fmri, SCF_SERVICE_STARTD) == 0)
4091 return (0);
4092
4093 /* Check for a vertex for inst_fmri. */
4094 if (lock_graph) {
4095 MUTEX_LOCK(&dgraph_lock);
4096 } else {
4097 assert(MUTEX_HELD(&dgraph_lock));
4098 }
4099
4100 v = vertex_get_by_name(inst_fmri);
4101
4102 if (v != NULL) {
4103 assert(v->gv_type == GVT_INST);
4104
4105 if (v->gv_flags & GV_CONFIGURED) {
4106 if (lock_graph)
4107 MUTEX_UNLOCK(&dgraph_lock);
4108 return (EEXIST);
4109 }
4110 } else {
4111 /* Add the vertex. */
4112 err = graph_insert_vertex_unconfigured(inst_fmri, GVT_INST, 0,
4113 RERR_NONE, &v);
4114 if (err != 0) {
4115 assert(err == EINVAL);
4116 if (lock_graph)
4117 MUTEX_UNLOCK(&dgraph_lock);
4118 return (EINVAL);
4119 }
4120 }
4121
4122 err = configure_vertex(v, inst);
4123
4124 if (lock_graph)
4125 MUTEX_UNLOCK(&dgraph_lock);
4126
4127 return (err);
4128 }
4129
4130 /*
4131 * Locate the vertex for this property group's instance. If it doesn't exist
4132 * or is unconfigured, call dgraph_add_instance() & return. Otherwise fetch
4133 * the restarter for the instance, and if it has changed, send
4134 * _REMOVE_INSTANCE to the old restarter, remove the dependency, make sure the
4135 * new restarter has a vertex, add a new dependency, and send _ADD_INSTANCE to
4136 * the new restarter. Then fetch whether the instance should be enabled, and
4137 * if it is different from what we had, or if we changed the restarter, send
4138 * the appropriate _ENABLE or _DISABLE command.
4139 *
4140 * Returns 0 on success, ENOTSUP if the pg's parent is not an instance,
4141 * ECONNABORTED on repository disconnection, ECANCELED if the instance is
4142 * deleted, or -1 if the instance's general property group is deleted or if
4143 * its enabled property is misconfigured.
4144 */
4145 static int
4146 dgraph_update_general(scf_propertygroup_t *pg)
4147 {
4148 scf_handle_t *h;
4149 scf_instance_t *inst;
4150 char *fmri;
4151 char *restarter_fmri;
4152 graph_vertex_t *v;
4153 int err;
4154 int enabled, enabled_ovr;
4155 int oldflags;
4156
4157 /* Find the vertex for this service */
4158 h = scf_pg_handle(pg);
4159
4160 inst = safe_scf_instance_create(h);
4161
4162 if (scf_pg_get_parent_instance(pg, inst) != 0) {
4163 switch (scf_error()) {
4164 case SCF_ERROR_CONSTRAINT_VIOLATED:
4165 return (ENOTSUP);
4166
4167 case SCF_ERROR_CONNECTION_BROKEN:
4168 default:
4169 return (ECONNABORTED);
4170
4171 case SCF_ERROR_DELETED:
4172 return (0);
4173
4174 case SCF_ERROR_NOT_SET:
4175 bad_error("scf_pg_get_parent_instance", scf_error());
4176 }
4177 }
4178
4179 err = libscf_instance_get_fmri(inst, &fmri);
4180 switch (err) {
4181 case 0:
4182 break;
4183
4184 case ECONNABORTED:
4185 scf_instance_destroy(inst);
4186 return (ECONNABORTED);
4187
4188 case ECANCELED:
4189 scf_instance_destroy(inst);
4190 return (0);
4191
4192 default:
4193 bad_error("libscf_instance_get_fmri", err);
4194 }
4195
4196 log_framework(LOG_DEBUG,
4197 "Graph engine: Reloading general properties for %s.\n", fmri);
4198
4199 MUTEX_LOCK(&dgraph_lock);
4200
4201 v = vertex_get_by_name(fmri);
4202 if (v == NULL || !(v->gv_flags & GV_CONFIGURED)) {
4203 /* Will get the up-to-date properties. */
4204 MUTEX_UNLOCK(&dgraph_lock);
4205 err = dgraph_add_instance(fmri, inst, B_TRUE);
4206 startd_free(fmri, max_scf_fmri_size);
4207 scf_instance_destroy(inst);
4208 return (err == ECANCELED ? 0 : err);
4209 }
4210
4211 /* Read enabled & restarter from repository. */
4212 restarter_fmri = startd_alloc(max_scf_value_size);
4213 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled,
4214 &enabled_ovr, &restarter_fmri);
4215 if (err != 0 || enabled == -1) {
4216 MUTEX_UNLOCK(&dgraph_lock);
4217 scf_instance_destroy(inst);
4218 startd_free(fmri, max_scf_fmri_size);
4219
4220 switch (err) {
4221 case ENOENT:
4222 case 0:
4223 startd_free(restarter_fmri, max_scf_value_size);
4224 return (-1);
4225
4226 case ECONNABORTED:
4227 case ECANCELED:
4228 startd_free(restarter_fmri, max_scf_value_size);
4229 return (err);
4230
4231 default:
4232 bad_error("libscf_get_basic_instance_data", err);
4233 }
4234 }
4235
4236 oldflags = v->gv_flags;
4237 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) |
4238 (enabled ? GV_ENBLD_NOOVR : 0);
4239
4240 if (enabled_ovr != -1)
4241 enabled = enabled_ovr;
4242
4243 /*
4244 * If GV_ENBLD_NOOVR has changed, then we need to re-evaluate the
4245 * subgraph.
4246 */
4247 if (milestone > MILESTONE_NONE && v->gv_flags != oldflags)
4248 (void) eval_subgraph(v, h);
4249
4250 scf_instance_destroy(inst);
4251
4252 /* Ignore restarter change for now. */
4253
4254 startd_free(restarter_fmri, max_scf_value_size);
4255 startd_free(fmri, max_scf_fmri_size);
4256
4257 /*
4258 * Always send _ENABLE or _DISABLE. We could avoid this if the
4259 * restarter didn't change and the enabled value didn't change, but
4260 * that's not easy to check and improbable anyway, so we'll just do
4261 * this.
4262 */
4263 graph_enable_by_vertex(v, enabled, 1);
4264
4265 MUTEX_UNLOCK(&dgraph_lock);
4266
4267 return (0);
4268 }
4269
4270 /*
4271 * Delete all of the property group dependencies of v, update inst's running
4272 * snapshot, and add the dependencies in the new snapshot. If any of the new
4273 * dependencies would create a cycle, send _ADMIN_MAINT_ON. Otherwise
4274 * reevaluate v's dependencies, send _START or _STOP as appropriate, and do
4275 * the same for v's dependents.
4276 *
4277 * Returns
4278 * 0 - success
4279 * ECONNABORTED - repository connection broken
4280 * ECANCELED - inst was deleted
4281 * EINVAL - inst is invalid (e.g., missing general/enabled)
4282 * -1 - libscf_snapshots_refresh() failed
4283 */
4284 static int
4285 dgraph_refresh_instance(graph_vertex_t *v, scf_instance_t *inst)
4286 {
4287 int r;
4288 int enabled;
4289 int32_t tset;
4290
4291 assert(MUTEX_HELD(&dgraph_lock));
4292 assert(v->gv_type == GVT_INST);
4293
4294 /* Only refresh services with valid general/enabled properties. */
4295 r = libscf_get_basic_instance_data(scf_instance_handle(inst), inst,
4296 v->gv_name, &enabled, NULL, NULL);
4297 switch (r) {
4298 case 0:
4299 break;
4300
4301 case ECONNABORTED:
4302 case ECANCELED:
4303 return (r);
4304
4305 case ENOENT:
4306 log_framework(LOG_DEBUG,
4307 "Ignoring %s because it has no general property group.\n",
4308 v->gv_name);
4309 return (EINVAL);
4310
4311 default:
4312 bad_error("libscf_get_basic_instance_data", r);
4313 }
4314
4315 if ((tset = libscf_get_stn_tset(inst)) == -1) {
4316 log_framework(LOG_WARNING,
4317 "Failed to get notification parameters for %s: %s\n",
4318 v->gv_name, scf_strerror(scf_error()));
4319 tset = 0;
4320 }
4321 v->gv_stn_tset = tset;
4322 if (strcmp(v->gv_name, SCF_INSTANCE_GLOBAL) == 0)
4323 stn_global = tset;
4324
4325 if (enabled == -1)
4326 return (EINVAL);
4327
4328 r = libscf_snapshots_refresh(inst, v->gv_name);
4329 if (r != 0) {
4330 if (r != -1)
4331 bad_error("libscf_snapshots_refresh", r);
4332
4333 /* error logged */
4334 return (r);
4335 }
4336
4337 r = refresh_vertex(v, inst);
4338 if (r != 0 && r != ECONNABORTED)
4339 bad_error("refresh_vertex", r);
4340 return (r);
4341 }
4342
4343 /*
4344 * Returns true only if none of this service's dependents are 'up' -- online
4345 * or degraded (offline is considered down in this situation). This function
4346 * is somehow similar to is_nonsubgraph_leaf() but works on subtrees.
4347 */
4348 static boolean_t
4349 insubtree_dependents_down(graph_vertex_t *v)
4350 {
4351 graph_vertex_t *vv;
4352 graph_edge_t *e;
4353
4354 assert(MUTEX_HELD(&dgraph_lock));
4355
4356 for (e = uu_list_first(v->gv_dependents); e != NULL;
4357 e = uu_list_next(v->gv_dependents, e)) {
4358 vv = e->ge_vertex;
4359 if (vv->gv_type == GVT_INST) {
4360 if ((vv->gv_flags & GV_CONFIGURED) == 0)
4361 continue;
4362
4363 if ((vv->gv_flags & GV_TOOFFLINE) == 0)
4364 continue;
4365
4366 if ((vv->gv_state == RESTARTER_STATE_ONLINE) ||
4367 (vv->gv_state == RESTARTER_STATE_DEGRADED))
4368 return (B_FALSE);
4369 } else {
4370 /*
4371 * Skip all excluded dependents and decide whether
4372 * to offline the service based on the restart_on
4373 * attribute.
4374 */
4375 if (is_depgrp_bypassed(vv))
4376 continue;
4377
4378 /*
4379 * For dependency groups or service vertices, keep
4380 * traversing to see if instances are running.
4381 */
4382 if (insubtree_dependents_down(vv) == B_FALSE)
4383 return (B_FALSE);
4384 }
4385 }
4386
4387 return (B_TRUE);
4388 }
4389
4390 /*
4391 * Returns true only if none of this service's dependents are 'up' -- online,
4392 * degraded, or offline.
4393 */
4394 static int
4395 is_nonsubgraph_leaf(graph_vertex_t *v)
4396 {
4397 graph_vertex_t *vv;
4398 graph_edge_t *e;
4399
4400 assert(MUTEX_HELD(&dgraph_lock));
4401
4402 for (e = uu_list_first(v->gv_dependents);
4403 e != NULL;
4404 e = uu_list_next(v->gv_dependents, e)) {
4405
4406 vv = e->ge_vertex;
4407 if (vv->gv_type == GVT_INST) {
4408 if ((vv->gv_flags & GV_CONFIGURED) == 0)
4409 continue;
4410
4411 if (vv->gv_flags & GV_INSUBGRAPH)
4412 continue;
4413
4414 if (up_state(vv->gv_state))
4415 return (0);
4416 } else {
4417 /*
4418 * For dependency group or service vertices, keep
4419 * traversing to see if instances are running.
4420 *
4421 * We should skip exclude_all dependencies otherwise
4422 * the vertex will never be considered as a leaf
4423 * if the dependent is offline. The main reason for
4424 * this is that disable_nonsubgraph_leaves() skips
4425 * exclusion dependencies.
4426 */
4427 if (vv->gv_type == GVT_GROUP &&
4428 vv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
4429 continue;
4430
4431 if (!is_nonsubgraph_leaf(vv))
4432 return (0);
4433 }
4434 }
4435
4436 return (1);
4437 }
4438
4439 /*
4440 * Disable v temporarily. Attempt to do this by setting its enabled override
4441 * property in the repository. If that fails, send a _DISABLE command.
4442 * Returns 0 on success and ECONNABORTED if the repository connection is
4443 * broken.
4444 */
4445 static int
4446 disable_service_temporarily(graph_vertex_t *v, scf_handle_t *h)
4447 {
4448 const char * const emsg = "Could not temporarily disable %s because "
4449 "%s. Will stop service anyways. Repository status for the "
4450 "service may be inaccurate.\n";
4451 const char * const emsg_cbroken =
4452 "the repository connection was broken";
4453
4454 scf_instance_t *inst;
4455 int r;
4456
4457 inst = scf_instance_create(h);
4458 if (inst == NULL) {
4459 char buf[100];
4460
4461 (void) snprintf(buf, sizeof (buf),
4462 "scf_instance_create() failed (%s)",
4463 scf_strerror(scf_error()));
4464 log_error(LOG_WARNING, emsg, v->gv_name, buf);
4465
4466 graph_enable_by_vertex(v, 0, 0);
4467 return (0);
4468 }
4469
4470 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst,
4471 NULL, NULL, SCF_DECODE_FMRI_EXACT);
4472 if (r != 0) {
4473 switch (scf_error()) {
4474 case SCF_ERROR_CONNECTION_BROKEN:
4475 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken);
4476 graph_enable_by_vertex(v, 0, 0);
4477 return (ECONNABORTED);
4478
4479 case SCF_ERROR_NOT_FOUND:
4480 return (0);
4481
4482 case SCF_ERROR_HANDLE_MISMATCH:
4483 case SCF_ERROR_INVALID_ARGUMENT:
4484 case SCF_ERROR_CONSTRAINT_VIOLATED:
4485 case SCF_ERROR_NOT_BOUND:
4486 default:
4487 bad_error("scf_handle_decode_fmri",
4488 scf_error());
4489 }
4490 }
4491
4492 r = libscf_set_enable_ovr(inst, 0);
4493 switch (r) {
4494 case 0:
4495 scf_instance_destroy(inst);
4496 return (0);
4497
4498 case ECANCELED:
4499 scf_instance_destroy(inst);
4500 return (0);
4501
4502 case ECONNABORTED:
4503 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken);
4504 graph_enable_by_vertex(v, 0, 0);
4505 return (ECONNABORTED);
4506
4507 case EPERM:
4508 log_error(LOG_WARNING, emsg, v->gv_name,
4509 "the repository denied permission");
4510 graph_enable_by_vertex(v, 0, 0);
4511 return (0);
4512
4513 case EROFS:
4514 log_error(LOG_WARNING, emsg, v->gv_name,
4515 "the repository is read-only");
4516 graph_enable_by_vertex(v, 0, 0);
4517 return (0);
4518
4519 default:
4520 bad_error("libscf_set_enable_ovr", r);
4521 /* NOTREACHED */
4522 }
4523 }
4524
4525 /*
4526 * Of the transitive instance dependencies of v, offline those which are
4527 * in the subtree and which are leaves (i.e., have no dependents which are
4528 * "up").
4529 */
4530 void
4531 offline_subtree_leaves(graph_vertex_t *v, void *arg)
4532 {
4533 assert(MUTEX_HELD(&dgraph_lock));
4534
4535 /* If v isn't an instance, recurse on its dependencies. */
4536 if (v->gv_type != GVT_INST) {
4537 graph_walk_dependencies(v, offline_subtree_leaves, arg);
4538 return;
4539 }
4540
4541 /*
4542 * If v is not in the subtree, so should all of its dependencies,
4543 * so do nothing.
4544 */
4545 if ((v->gv_flags & GV_TOOFFLINE) == 0)
4546 return;
4547
4548 /* If v isn't a leaf because it's already down, recurse. */
4549 if (!up_state(v->gv_state)) {
4550 graph_walk_dependencies(v, offline_subtree_leaves, arg);
4551 return;
4552 }
4553
4554 /* if v is a leaf, offline it or disable it if it's the last one */
4555 if (insubtree_dependents_down(v) == B_TRUE) {
4556 if (v->gv_flags & GV_TODISABLE)
4557 vertex_send_event(v,
4558 RESTARTER_EVENT_TYPE_ADMIN_DISABLE);
4559 else
4560 offline_vertex(v);
4561 }
4562 }
4563
4564 void
4565 graph_offline_subtree_leaves(graph_vertex_t *v, void *h)
4566 {
4567 graph_walk_dependencies(v, offline_subtree_leaves, (void *)h);
4568 }
4569
4570
4571 /*
4572 * Of the transitive instance dependencies of v, disable those which are not
4573 * in the subgraph and which are leaves (i.e., have no dependents which are
4574 * "up").
4575 */
4576 static void
4577 disable_nonsubgraph_leaves(graph_vertex_t *v, void *arg)
4578 {
4579 assert(MUTEX_HELD(&dgraph_lock));
4580
4581 /*
4582 * We must skip exclusion dependencies because they are allowed to
4583 * complete dependency cycles. This is correct because A's exclusion
4584 * dependency on B doesn't bear on the order in which they should be
4585 * stopped. Indeed, the exclusion dependency should guarantee that
4586 * they are never online at the same time.
4587 */
4588 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
4589 return;
4590
4591 /* If v isn't an instance, recurse on its dependencies. */
4592 if (v->gv_type != GVT_INST)
4593 goto recurse;
4594
4595 if ((v->gv_flags & GV_CONFIGURED) == 0)
4596 /*
4597 * Unconfigured instances should have no dependencies, but in
4598 * case they ever get them,
4599 */
4600 goto recurse;
4601
4602 /*
4603 * If v is in the subgraph, so should all of its dependencies, so do
4604 * nothing.
4605 */
4606 if (v->gv_flags & GV_INSUBGRAPH)
4607 return;
4608
4609 /* If v isn't a leaf because it's already down, recurse. */
4610 if (!up_state(v->gv_state))
4611 goto recurse;
4612
4613 /* If v is disabled but not down yet, be patient. */
4614 if ((v->gv_flags & GV_ENABLED) == 0)
4615 return;
4616
4617 /* If v is a leaf, disable it. */
4618 if (is_nonsubgraph_leaf(v))
4619 (void) disable_service_temporarily(v, (scf_handle_t *)arg);
4620
4621 return;
4622
4623 recurse:
4624 graph_walk_dependencies(v, disable_nonsubgraph_leaves, arg);
4625 }
4626
4627 static int
4628 stn_restarter_state(restarter_instance_state_t rstate)
4629 {
4630 static const struct statemap {
4631 restarter_instance_state_t restarter_state;
4632 int scf_state;
4633 } map[] = {
4634 { RESTARTER_STATE_UNINIT, SCF_STATE_UNINIT },
4635 { RESTARTER_STATE_MAINT, SCF_STATE_MAINT },
4636 { RESTARTER_STATE_OFFLINE, SCF_STATE_OFFLINE },
4637 { RESTARTER_STATE_DISABLED, SCF_STATE_DISABLED },
4638 { RESTARTER_STATE_ONLINE, SCF_STATE_ONLINE },
4639 { RESTARTER_STATE_DEGRADED, SCF_STATE_DEGRADED }
4640 };
4641
4642 int i;
4643
4644 for (i = 0; i < sizeof (map) / sizeof (map[0]); i++) {
4645 if (rstate == map[i].restarter_state)
4646 return (map[i].scf_state);
4647 }
4648
4649 return (-1);
4650 }
4651
4652 /*
4653 * State transition counters
4654 * Not incremented atomically - indicative only
4655 */
4656 static uint64_t stev_ct_maint;
4657 static uint64_t stev_ct_hwerr;
4658 static uint64_t stev_ct_service;
4659 static uint64_t stev_ct_global;
4660 static uint64_t stev_ct_noprefs;
4661 static uint64_t stev_ct_from_uninit;
4662 static uint64_t stev_ct_bad_state;
4663 static uint64_t stev_ct_ovr_prefs;
4664
4665 static void
4666 dgraph_state_transition_notify(graph_vertex_t *v,
4667 restarter_instance_state_t old_state, restarter_str_t reason)
4668 {
4669 restarter_instance_state_t new_state = v->gv_state;
4670 int stn_transition, maint;
4671 int from, to;
4672 nvlist_t *attr;
4673 fmev_pri_t pri = FMEV_LOPRI;
4674 int raise = 0;
4675
4676 if ((from = stn_restarter_state(old_state)) == -1 ||
4677 (to = stn_restarter_state(new_state)) == -1) {
4678 stev_ct_bad_state++;
4679 return;
4680 }
4681
4682 stn_transition = from << 16 | to;
4683
4684 maint = (to == SCF_STATE_MAINT || from == SCF_STATE_MAINT);
4685
4686 if (maint) {
4687 /*
4688 * All transitions to/from maintenance state must raise
4689 * an event.
4690 */
4691 raise++;
4692 pri = FMEV_HIPRI;
4693 stev_ct_maint++;
4694 } else if (reason == restarter_str_ct_ev_hwerr) {
4695 /*
4696 * All transitions caused by hardware fault must raise
4697 * an event
4698 */
4699 raise++;
4700 pri = FMEV_HIPRI;
4701 stev_ct_hwerr++;
4702 } else if (stn_transition & v->gv_stn_tset) {
4703 /*
4704 * Specifically enabled event.
4705 */
4706 raise++;
4707 stev_ct_service++;
4708 } else if (from == SCF_STATE_UNINIT) {
4709 /*
4710 * Only raise these if specifically selected above.
4711 */
4712 stev_ct_from_uninit++;
4713 } else if (stn_transition & stn_global &&
4714 (IS_ENABLED(v) == 1 || to == SCF_STATE_DISABLED)) {
4715 raise++;
4716 stev_ct_global++;
4717 } else {
4718 stev_ct_noprefs++;
4719 }
4720
4721 if (info_events_all) {
4722 stev_ct_ovr_prefs++;
4723 raise++;
4724 }
4725 if (!raise)
4726 return;
4727
4728 if (nvlist_alloc(&attr, NV_UNIQUE_NAME, 0) != 0 ||
4729 nvlist_add_string(attr, "fmri", v->gv_name) != 0 ||
4730 nvlist_add_uint32(attr, "reason-version",
4731 restarter_str_version()) || nvlist_add_string(attr, "reason-short",
4732 restarter_get_str_short(reason)) != 0 ||
4733 nvlist_add_string(attr, "reason-long",
4734 restarter_get_str_long(reason)) != 0 ||
4735 nvlist_add_int32(attr, "transition", stn_transition) != 0) {
4736 log_framework(LOG_WARNING,
4737 "FMEV: %s could not create nvlist for transition "
4738 "event: %s\n", v->gv_name, strerror(errno));
4739 nvlist_free(attr);
4740 return;
4741 }
4742
4743 if (fmev_rspublish_nvl(FMEV_RULESET_SMF, "state-transition",
4744 instance_state_str[new_state], pri, attr) != FMEV_SUCCESS) {
4745 log_framework(LOG_DEBUG,
4746 "FMEV: %s failed to publish transition event: %s\n",
4747 v->gv_name, fmev_strerror(fmev_errno));
4748 nvlist_free(attr);
4749 }
4750 }
4751
4752 /*
4753 * Find the vertex for inst_name. If it doesn't exist, return ENOENT.
4754 * Otherwise set its state to state. If the instance has entered a state
4755 * which requires automatic action, take it (Uninitialized: do
4756 * dgraph_refresh_instance() without the snapshot update. Disabled: if the
4757 * instance should be enabled, send _ENABLE. Offline: if the instance should
4758 * be disabled, send _DISABLE, and if its dependencies are satisfied, send
4759 * _START. Online, Degraded: if the instance wasn't running, update its start
4760 * snapshot. Maintenance: no action.)
4761 *
4762 * Also fails with ECONNABORTED, or EINVAL if state is invalid.
4763 */
4764 static int
4765 dgraph_set_instance_state(scf_handle_t *h, const char *inst_name,
4766 protocol_states_t *states)
4767 {
4768 graph_vertex_t *v;
4769 int err = 0;
4770 restarter_instance_state_t old_state;
4771 restarter_instance_state_t state = states->ps_state;
4772 restarter_error_t serr = states->ps_err;
4773
4774 MUTEX_LOCK(&dgraph_lock);
4775
4776 v = vertex_get_by_name(inst_name);
4777 if (v == NULL) {
4778 MUTEX_UNLOCK(&dgraph_lock);
4779 return (ENOENT);
4780 }
4781
4782 assert(v->gv_type == GVT_INST);
4783
4784 switch (state) {
4785 case RESTARTER_STATE_UNINIT:
4786 case RESTARTER_STATE_DISABLED:
4787 case RESTARTER_STATE_OFFLINE:
4788 case RESTARTER_STATE_ONLINE:
4789 case RESTARTER_STATE_DEGRADED:
4790 case RESTARTER_STATE_MAINT:
4791 break;
4792
4793 default:
4794 MUTEX_UNLOCK(&dgraph_lock);
4795 return (EINVAL);
4796 }
4797
4798 log_framework(LOG_DEBUG, "Graph noting %s %s -> %s.\n", v->gv_name,
4799 instance_state_str[v->gv_state], instance_state_str[state]);
4800
4801 old_state = v->gv_state;
4802 v->gv_state = state;
4803
4804 v->gv_reason = states->ps_reason;
4805 err = gt_transition(h, v, serr, old_state);
4806 if (err == 0 && v->gv_state != old_state) {
4807 dgraph_state_transition_notify(v, old_state, states->ps_reason);
4808 }
4809
4810 MUTEX_UNLOCK(&dgraph_lock);
4811 return (err);
4812 }
4813
4814 /*
4815 * Handle state changes during milestone shutdown. See
4816 * dgraph_set_milestone(). If the repository connection is broken,
4817 * ECONNABORTED will be returned, though a _DISABLE command will be sent for
4818 * the vertex anyway.
4819 */
4820 int
4821 vertex_subgraph_dependencies_shutdown(scf_handle_t *h, graph_vertex_t *v,
4822 restarter_instance_state_t old_state)
4823 {
4824 int was_up, now_up;
4825 int ret = 0;
4826
4827 assert(v->gv_type == GVT_INST);
4828
4829 /* Don't care if we're not going to a milestone. */
4830 if (milestone == NULL)
4831 return (0);
4832
4833 /* Don't care if we already finished coming down. */
4834 if (non_subgraph_svcs == 0)
4835 return (0);
4836
4837 /* Don't care if the service is in the subgraph. */
4838 if (v->gv_flags & GV_INSUBGRAPH)
4839 return (0);
4840
4841 /*
4842 * Update non_subgraph_svcs. It is the number of non-subgraph
4843 * services which are in online, degraded, or offline.
4844 */
4845
4846 was_up = up_state(old_state);
4847 now_up = up_state(v->gv_state);
4848
4849 if (!was_up && now_up) {
4850 ++non_subgraph_svcs;
4851 } else if (was_up && !now_up) {
4852 --non_subgraph_svcs;
4853
4854 if (non_subgraph_svcs == 0) {
4855 if (halting != -1) {
4856 do_uadmin();
4857 } else if (go_single_user_mode || go_to_level1) {
4858 (void) startd_thread_create(single_user_thread,
4859 NULL);
4860 }
4861 return (0);
4862 }
4863 }
4864
4865 /* If this service is a leaf, it should be disabled. */
4866 if ((v->gv_flags & GV_ENABLED) && is_nonsubgraph_leaf(v)) {
4867 int r;
4868
4869 r = disable_service_temporarily(v, h);
4870 switch (r) {
4871 case 0:
4872 break;
4873
4874 case ECONNABORTED:
4875 ret = ECONNABORTED;
4876 break;
4877
4878 default:
4879 bad_error("disable_service_temporarily", r);
4880 }
4881 }
4882
4883 /*
4884 * If the service just came down, propagate the disable to the newly
4885 * exposed leaves.
4886 */
4887 if (was_up && !now_up)
4888 graph_walk_dependencies(v, disable_nonsubgraph_leaves,
4889 (void *)h);
4890
4891 return (ret);
4892 }
4893
4894 /*
4895 * Decide whether to start up an sulogin thread after a service is
4896 * finished changing state. Only need to do the full can_come_up()
4897 * evaluation if an instance is changing state, we're not halfway through
4898 * loading the thread, and we aren't shutting down or going to the single
4899 * user milestone.
4900 */
4901 void
4902 graph_transition_sulogin(restarter_instance_state_t state,
4903 restarter_instance_state_t old_state)
4904 {
4905 assert(MUTEX_HELD(&dgraph_lock));
4906
4907 if (state != old_state && st->st_load_complete &&
4908 !go_single_user_mode && !go_to_level1 &&
4909 halting == -1) {
4910 if (!sulogin_thread_running && !can_come_up()) {
4911 (void) startd_thread_create(sulogin_thread, NULL);
4912 sulogin_thread_running = B_TRUE;
4913 }
4914 }
4915 }
4916
4917 /*
4918 * Propagate a start, stop event, or a satisfiability event.
4919 *
4920 * PROPAGATE_START and PROPAGATE_STOP simply propagate the transition event
4921 * to direct dependents. PROPAGATE_SAT propagates a start then walks the
4922 * full dependent graph to check for newly satisfied nodes. This is
4923 * necessary for cases when non-direct dependents may be effected but direct
4924 * dependents may not (e.g. for optional_all evaluations, see the
4925 * propagate_satbility() comments).
4926 *
4927 * PROPAGATE_SAT should be used whenever a non-running service moves into
4928 * a state which can satisfy optional dependencies, like disabled or
4929 * maintenance.
4930 */
4931 void
4932 graph_transition_propagate(graph_vertex_t *v, propagate_event_t type,
4933 restarter_error_t rerr)
4934 {
4935 if (type == PROPAGATE_STOP) {
4936 graph_walk_dependents(v, propagate_stop, (void *)rerr);
4937 } else if (type == PROPAGATE_START || type == PROPAGATE_SAT) {
4938 graph_walk_dependents(v, propagate_start, (void *)RERR_NONE);
4939
4940 if (type == PROPAGATE_SAT)
4941 propagate_satbility(v);
4942 } else {
4943 #ifndef NDEBUG
4944 uu_warn("%s:%d: Unexpected type value %d.\n", __FILE__,
4945 __LINE__, type);
4946 #endif
4947 abort();
4948 }
4949 }
4950
4951 /*
4952 * If a vertex for fmri exists and it is enabled, send _DISABLE to the
4953 * restarter. If it is running, send _STOP. Send _REMOVE_INSTANCE. Delete
4954 * all property group dependencies, and the dependency on the restarter,
4955 * disposing of vertices as appropriate. If other vertices depend on this
4956 * one, mark it unconfigured and return. Otherwise remove the vertex. Always
4957 * returns 0.
4958 */
4959 static int
4960 dgraph_remove_instance(const char *fmri, scf_handle_t *h)
4961 {
4962 graph_vertex_t *v;
4963 graph_edge_t *e;
4964 uu_list_t *old_deps;
4965 int err;
4966
4967 log_framework(LOG_DEBUG, "Graph engine: Removing %s.\n", fmri);
4968
4969 MUTEX_LOCK(&dgraph_lock);
4970
4971 v = vertex_get_by_name(fmri);
4972 if (v == NULL) {
4973 MUTEX_UNLOCK(&dgraph_lock);
4974 return (0);
4975 }
4976
4977 /* Send restarter delete event. */
4978 if (v->gv_flags & GV_CONFIGURED)
4979 graph_unset_restarter(v);
4980
4981 if (milestone > MILESTONE_NONE) {
4982 /*
4983 * Make a list of v's current dependencies so we can
4984 * reevaluate their GV_INSUBGRAPH flags after the dependencies
4985 * are removed.
4986 */
4987 old_deps = startd_list_create(graph_edge_pool, NULL, 0);
4988
4989 err = uu_list_walk(v->gv_dependencies,
4990 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0);
4991 assert(err == 0);
4992 }
4993
4994 delete_instance_dependencies(v, B_TRUE);
4995
4996 /*
4997 * Deleting an instance can both satisfy and unsatisfy dependencies,
4998 * depending on their type. First propagate the stop as a RERR_RESTART
4999 * event -- deletion isn't a fault, just a normal stop. This gives
5000 * dependent services the chance to do a clean shutdown. Then, mark
5001 * the service as unconfigured and propagate the start event for the
5002 * optional_all dependencies that might have become satisfied.
5003 */
5004 graph_walk_dependents(v, propagate_stop, (void *)RERR_RESTART);
5005
5006 v->gv_flags &= ~GV_CONFIGURED;
5007 v->gv_flags &= ~GV_DEATHROW;
5008
5009 graph_walk_dependents(v, propagate_start, (void *)RERR_NONE);
5010 propagate_satbility(v);
5011
5012 /*
5013 * If there are no (non-service) dependents, the vertex can be
5014 * completely removed.
5015 */
5016 if (v != milestone && v->gv_refs == 0 &&
5017 uu_list_numnodes(v->gv_dependents) == 1)
5018 remove_inst_vertex(v);
5019
5020 if (milestone > MILESTONE_NONE) {
5021 void *cookie = NULL;
5022
5023 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) {
5024 v = e->ge_vertex;
5025
5026 if (vertex_unref(v) == VERTEX_INUSE)
5027 while (eval_subgraph(v, h) == ECONNABORTED)
5028 libscf_handle_rebind(h);
5029
5030 startd_free(e, sizeof (*e));
5031 }
5032
5033 uu_list_destroy(old_deps);
5034 }
5035
5036 MUTEX_UNLOCK(&dgraph_lock);
5037
5038 return (0);
5039 }
5040
5041 /*
5042 * Return the eventual (maybe current) milestone in the form of a
5043 * legacy runlevel.
5044 */
5045 static char
5046 target_milestone_as_runlevel()
5047 {
5048 assert(MUTEX_HELD(&dgraph_lock));
5049
5050 if (milestone == NULL)
5051 return ('3');
5052 else if (milestone == MILESTONE_NONE)
5053 return ('0');
5054
5055 if (strcmp(milestone->gv_name, multi_user_fmri) == 0)
5056 return ('2');
5057 else if (strcmp(milestone->gv_name, single_user_fmri) == 0)
5058 return ('S');
5059 else if (strcmp(milestone->gv_name, multi_user_svr_fmri) == 0)
5060 return ('3');
5061
5062 #ifndef NDEBUG
5063 (void) fprintf(stderr, "%s:%d: Unknown milestone name \"%s\".\n",
5064 __FILE__, __LINE__, milestone->gv_name);
5065 #endif
5066 abort();
5067 /* NOTREACHED */
5068 }
5069
5070 static struct {
5071 char rl;
5072 int sig;
5073 } init_sigs[] = {
5074 { 'S', SIGBUS },
5075 { '0', SIGINT },
5076 { '1', SIGQUIT },
5077 { '2', SIGILL },
5078 { '3', SIGTRAP },
5079 { '4', SIGIOT },
5080 { '5', SIGEMT },
5081 { '6', SIGFPE },
5082 { 0, 0 }
5083 };
5084
5085 static void
5086 signal_init(char rl)
5087 {
5088 pid_t init_pid;
5089 int i;
5090
5091 assert(MUTEX_HELD(&dgraph_lock));
5092
5093 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid,
5094 sizeof (init_pid)) != sizeof (init_pid)) {
5095 log_error(LOG_NOTICE, "Could not get pid to signal init.\n");
5096 return;
5097 }
5098
5099 for (i = 0; init_sigs[i].rl != 0; ++i)
5100 if (init_sigs[i].rl == rl)
5101 break;
5102
5103 if (init_sigs[i].rl != 0) {
5104 if (kill(init_pid, init_sigs[i].sig) != 0) {
5105 switch (errno) {
5106 case EPERM:
5107 case ESRCH:
5108 log_error(LOG_NOTICE, "Could not signal init: "
5109 "%s.\n", strerror(errno));
5110 break;
5111
5112 case EINVAL:
5113 default:
5114 bad_error("kill", errno);
5115 }
5116 }
5117 }
5118 }
5119
5120 /*
5121 * This is called when one of the major milestones changes state, or when
5122 * init is signalled and tells us it was told to change runlevel. We wait
5123 * to reach the milestone because this allows /etc/inittab entries to retain
5124 * some boot ordering: historically, entries could place themselves before/after
5125 * the running of /sbin/rcX scripts but we can no longer make the
5126 * distinction because the /sbin/rcX scripts no longer exist as punctuation
5127 * marks in /etc/inittab.
5128 *
5129 * Also, we only trigger an update when we reach the eventual target
5130 * milestone: without this, an /etc/inittab entry marked only for
5131 * runlevel 2 would be executed for runlevel 3, which is not how
5132 * /etc/inittab entries work.
5133 *
5134 * If we're single user coming online, then we set utmpx to the target
5135 * runlevel so that legacy scripts can work as expected.
5136 */
5137 static void
5138 graph_runlevel_changed(char rl, int online)
5139 {
5140 char trl;
5141
5142 assert(MUTEX_HELD(&dgraph_lock));
5143
5144 trl = target_milestone_as_runlevel();
5145
5146 if (online) {
5147 if (rl == trl) {
5148 current_runlevel = trl;
5149 signal_init(trl);
5150 } else if (rl == 'S') {
5151 /*
5152 * At boot, set the entry early for the benefit of the
5153 * legacy init scripts.
5154 */
5155 utmpx_set_runlevel(trl, 'S', B_FALSE);
5156 }
5157 } else {
5158 if (rl == '3' && trl == '2') {
5159 current_runlevel = trl;
5160 signal_init(trl);
5161 } else if (rl == '2' && trl == 'S') {
5162 current_runlevel = trl;
5163 signal_init(trl);
5164 }
5165 }
5166 }
5167
5168 /*
5169 * Move to a backwards-compatible runlevel by executing the appropriate
5170 * /etc/rc?.d/K* scripts and/or setting the milestone.
5171 *
5172 * Returns
5173 * 0 - success
5174 * ECONNRESET - success, but handle was reset
5175 * ECONNABORTED - repository connection broken
5176 * ECANCELED - pg was deleted
5177 */
5178 static int
5179 dgraph_set_runlevel(scf_propertygroup_t *pg, scf_property_t *prop)
5180 {
5181 char rl;
5182 scf_handle_t *h;
5183 int r;
5184 const char *ms = NULL; /* what to commit as options/milestone */
5185 boolean_t rebound = B_FALSE;
5186 int mark_rl = 0;
5187
5188 const char * const stop = "stop";
5189
5190 r = libscf_extract_runlevel(prop, &rl);
5191 switch (r) {
5192 case 0:
5193 break;
5194
5195 case ECONNABORTED:
5196 case ECANCELED:
5197 return (r);
5198
5199 case EINVAL:
5200 case ENOENT:
5201 log_error(LOG_WARNING, "runlevel property is misconfigured; "
5202 "ignoring.\n");
5203 /* delete the bad property */
5204 goto nolock_out;
5205
5206 default:
5207 bad_error("libscf_extract_runlevel", r);
5208 }
5209
5210 switch (rl) {
5211 case 's':
5212 rl = 'S';
5213 /* FALLTHROUGH */
5214
5215 case 'S':
5216 case '2':
5217 case '3':
5218 /*
5219 * These cases cause a milestone change, so
5220 * graph_runlevel_changed() will eventually deal with
5221 * signalling init.
5222 */
5223 break;
5224
5225 case '0':
5226 case '1':
5227 case '4':
5228 case '5':
5229 case '6':
5230 mark_rl = 1;
5231 break;
5232
5233 default:
5234 log_framework(LOG_NOTICE, "Unknown runlevel '%c'.\n", rl);
5235 ms = NULL;
5236 goto nolock_out;
5237 }
5238
5239 h = scf_pg_handle(pg);
5240
5241 MUTEX_LOCK(&dgraph_lock);
5242
5243 /*
5244 * Since this triggers no milestone changes, force it by hand.
5245 */
5246 if (current_runlevel == '4' && rl == '3')
5247 mark_rl = 1;
5248
5249 /*
5250 * 1. If we are here after an "init X":
5251 *
5252 * init X
5253 * init/lscf_set_runlevel()
5254 * process_pg_event()
5255 * dgraph_set_runlevel()
5256 *
5257 * then we haven't passed through graph_runlevel_changed() yet,
5258 * therefore 'current_runlevel' has not changed for sure but 'rl' has.
5259 * In consequence, if 'rl' is lower than 'current_runlevel', we change
5260 * the system runlevel and execute the appropriate /etc/rc?.d/K* scripts
5261 * past this test.
5262 *
5263 * 2. On the other hand, if we are here after a "svcadm milestone":
5264 *
5265 * svcadm milestone X
5266 * dgraph_set_milestone()
5267 * handle_graph_update_event()
5268 * dgraph_set_instance_state()
5269 * graph_post_X_[online|offline]()
5270 * graph_runlevel_changed()
5271 * signal_init()
5272 * init/lscf_set_runlevel()
5273 * process_pg_event()
5274 * dgraph_set_runlevel()
5275 *
5276 * then we already passed through graph_runlevel_changed() (by the way
5277 * of dgraph_set_milestone()) and 'current_runlevel' may have changed
5278 * and already be equal to 'rl' so we are going to return immediately
5279 * from dgraph_set_runlevel() without changing the system runlevel and
5280 * without executing the /etc/rc?.d/K* scripts.
5281 */
5282 if (rl == current_runlevel) {
5283 ms = NULL;
5284 goto out;
5285 }
5286
5287 log_framework(LOG_DEBUG, "Changing to runlevel '%c'.\n", rl);
5288
5289 /*
5290 * Make sure stop rc scripts see the new settings via who -r.
5291 */
5292 utmpx_set_runlevel(rl, current_runlevel, B_TRUE);
5293
5294 /*
5295 * Some run levels don't have a direct correspondence to any
5296 * milestones, so we have to signal init directly.
5297 */
5298 if (mark_rl) {
5299 current_runlevel = rl;
5300 signal_init(rl);
5301 }
5302
5303 switch (rl) {
5304 case 'S':
5305 uu_warn("The system is coming down for administration. "
5306 "Please wait.\n");
5307 fork_rc_script(rl, stop, B_FALSE);
5308 ms = single_user_fmri;
5309 go_single_user_mode = B_TRUE;
5310 break;
5311
5312 case '0':
5313 halting_time = time(NULL);
5314 fork_rc_script(rl, stop, B_TRUE);
5315 halting = AD_HALT;
5316 goto uadmin;
5317
5318 case '5':
5319 halting_time = time(NULL);
5320 fork_rc_script(rl, stop, B_TRUE);
5321 halting = AD_POWEROFF;
5322 goto uadmin;
5323
5324 case '6':
5325 halting_time = time(NULL);
5326 fork_rc_script(rl, stop, B_TRUE);
5327 if (scf_is_fastboot_default() && getzoneid() == GLOBAL_ZONEID)
5328 halting = AD_FASTREBOOT;
5329 else
5330 halting = AD_BOOT;
5331
5332 uadmin:
5333 uu_warn("The system is coming down. Please wait.\n");
5334 ms = "none";
5335
5336 /*
5337 * We can't wait until all services are offline since this
5338 * thread is responsible for taking them offline. Instead we
5339 * set halting to the second argument for uadmin() and call
5340 * do_uadmin() from dgraph_set_instance_state() when
5341 * appropriate.
5342 */
5343 break;
5344
5345 case '1':
5346 if (current_runlevel != 'S') {
5347 uu_warn("Changing to state 1.\n");
5348 fork_rc_script(rl, stop, B_FALSE);
5349 } else {
5350 uu_warn("The system is coming up for administration. "
5351 "Please wait.\n");
5352 }
5353 ms = single_user_fmri;
5354 go_to_level1 = B_TRUE;
5355 break;
5356
5357 case '2':
5358 if (current_runlevel == '3' || current_runlevel == '4')
5359 fork_rc_script(rl, stop, B_FALSE);
5360 ms = multi_user_fmri;
5361 break;
5362
5363 case '3':
5364 case '4':
5365 ms = "all";
5366 break;
5367
5368 default:
5369 #ifndef NDEBUG
5370 (void) fprintf(stderr, "%s:%d: Uncaught case %d ('%c').\n",
5371 __FILE__, __LINE__, rl, rl);
5372 #endif
5373 abort();
5374 }
5375
5376 out:
5377 MUTEX_UNLOCK(&dgraph_lock);
5378
5379 nolock_out:
5380 switch (r = libscf_clear_runlevel(pg, ms)) {
5381 case 0:
5382 break;
5383
5384 case ECONNABORTED:
5385 libscf_handle_rebind(h);
5386 rebound = B_TRUE;
5387 goto nolock_out;
5388
5389 case ECANCELED:
5390 break;
5391
5392 case EPERM:
5393 case EACCES:
5394 case EROFS:
5395 log_error(LOG_NOTICE, "Could not delete \"%s/%s\" property: "
5396 "%s.\n", SCF_PG_OPTIONS, "runlevel", strerror(r));
5397 break;
5398
5399 default:
5400 bad_error("libscf_clear_runlevel", r);
5401 }
5402
5403 return (rebound ? ECONNRESET : 0);
5404 }
5405
5406 /*
5407 * mark_subtree walks the dependents and add the GV_TOOFFLINE flag
5408 * to the instances that are supposed to go offline during an
5409 * administrative disable operation.
5410 */
5411 static int
5412 mark_subtree(graph_edge_t *e, void *arg)
5413 {
5414 graph_vertex_t *v;
5415 int r;
5416
5417 v = e->ge_vertex;
5418
5419 /* If it's already in the subgraph, skip. */
5420 if (v->gv_flags & GV_TOOFFLINE)
5421 return (UU_WALK_NEXT);
5422
5423 switch (v->gv_type) {
5424 case GVT_INST:
5425 /* If the instance is already offline, skip it. */
5426 if (!inst_running(v))
5427 return (UU_WALK_NEXT);
5428
5429 v->gv_flags |= GV_TOOFFLINE;
5430 log_framework(LOG_DEBUG, "%s added to subtree\n", v->gv_name);
5431 break;
5432 case GVT_GROUP:
5433 /*
5434 * Skip all excluded dependents and decide whether to offline
5435 * the service based on the restart_on attribute.
5436 */
5437 if (is_depgrp_bypassed(v))
5438 return (UU_WALK_NEXT);
5439 break;
5440 }
5441
5442 r = uu_list_walk(v->gv_dependents, (uu_walk_fn_t *)mark_subtree, arg,
5443 0);
5444 assert(r == 0);
5445 return (UU_WALK_NEXT);
5446 }
5447
5448 static int
5449 mark_subgraph(graph_edge_t *e, void *arg)
5450 {
5451 graph_vertex_t *v;
5452 int r;
5453 int optional = (int)arg;
5454
5455 v = e->ge_vertex;
5456
5457 /* If it's already in the subgraph, skip. */
5458 if (v->gv_flags & GV_INSUBGRAPH)
5459 return (UU_WALK_NEXT);
5460
5461 /*
5462 * Keep track if walk has entered an optional dependency group
5463 */
5464 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_OPTIONAL_ALL) {
5465 optional = 1;
5466 }
5467 /*
5468 * Quit if we are in an optional dependency group and the instance
5469 * is disabled
5470 */
5471 if (optional && (v->gv_type == GVT_INST) &&
5472 (!(v->gv_flags & GV_ENBLD_NOOVR)))
5473 return (UU_WALK_NEXT);
5474
5475 v->gv_flags |= GV_INSUBGRAPH;
5476
5477 /* Skip all excluded dependencies. */
5478 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
5479 return (UU_WALK_NEXT);
5480
5481 r = uu_list_walk(v->gv_dependencies, (uu_walk_fn_t *)mark_subgraph,
5482 (void *)optional, 0);
5483 assert(r == 0);
5484 return (UU_WALK_NEXT);
5485 }
5486
5487 /*
5488 * Bring down all services which are not dependencies of fmri. The
5489 * dependencies of fmri (direct & indirect) will constitute the "subgraph",
5490 * and will have the GV_INSUBGRAPH flag set. The rest must be brought down,
5491 * which means the state is "disabled", "maintenance", or "uninitialized". We
5492 * could consider "offline" to be down, and refrain from sending start
5493 * commands for such services, but that's not strictly necessary, so we'll
5494 * decline to intrude on the state machine. It would probably confuse users
5495 * anyway.
5496 *
5497 * The services should be brought down in reverse-dependency order, so we
5498 * can't do it all at once here. We initiate by override-disabling the leaves
5499 * of the dependency tree -- those services which are up but have no
5500 * dependents which are up. When they come down,
5501 * vertex_subgraph_dependencies_shutdown() will override-disable the newly
5502 * exposed leaves. Perseverance will ensure completion.
5503 *
5504 * Sometimes we need to take action when the transition is complete, like
5505 * start sulogin or halt the system. To tell when we're done, we initialize
5506 * non_subgraph_svcs here to be the number of services which need to come
5507 * down. As each does, we decrement the counter. When it hits zero, we take
5508 * the appropriate action. See vertex_subgraph_dependencies_shutdown().
5509 *
5510 * In case we're coming up, we also remove any enable-overrides for the
5511 * services which are dependencies of fmri.
5512 *
5513 * If norepository is true, the function will not change the repository.
5514 *
5515 * The decision to change the system run level in accordance with the milestone
5516 * is taken in dgraph_set_runlevel().
5517 *
5518 * Returns
5519 * 0 - success
5520 * ECONNRESET - success, but handle was rebound
5521 * EINVAL - fmri is invalid (error is logged)
5522 * EALREADY - the milestone is already set to fmri
5523 * ENOENT - a configured vertex does not exist for fmri (an error is logged)
5524 */
5525 static int
5526 dgraph_set_milestone(const char *fmri, scf_handle_t *h, boolean_t norepository)
5527 {
5528 const char *cfmri, *fs;
5529 graph_vertex_t *nm, *v;
5530 int ret = 0, r;
5531 scf_instance_t *inst;
5532 boolean_t isall, isnone, rebound = B_FALSE;
5533
5534 /* Validate fmri */
5535 isall = (strcmp(fmri, "all") == 0);
5536 isnone = (strcmp(fmri, "none") == 0);
5537
5538 if (!isall && !isnone) {
5539 if (fmri_canonify(fmri, (char **)&cfmri, B_FALSE) == EINVAL)
5540 goto reject;
5541
5542 if (strcmp(cfmri, single_user_fmri) != 0 &&
5543 strcmp(cfmri, multi_user_fmri) != 0 &&
5544 strcmp(cfmri, multi_user_svr_fmri) != 0) {
5545 startd_free((void *)cfmri, max_scf_fmri_size);
5546 reject:
5547 log_framework(LOG_WARNING,
5548 "Rejecting request for invalid milestone \"%s\".\n",
5549 fmri);
5550 return (EINVAL);
5551 }
5552 }
5553
5554 inst = safe_scf_instance_create(h);
5555
5556 MUTEX_LOCK(&dgraph_lock);
5557
5558 if (milestone == NULL) {
5559 if (isall) {
5560 log_framework(LOG_DEBUG,
5561 "Milestone already set to all.\n");
5562 ret = EALREADY;
5563 goto out;
5564 }
5565 } else if (milestone == MILESTONE_NONE) {
5566 if (isnone) {
5567 log_framework(LOG_DEBUG,
5568 "Milestone already set to none.\n");
5569 ret = EALREADY;
5570 goto out;
5571 }
5572 } else {
5573 if (!isall && !isnone &&
5574 strcmp(cfmri, milestone->gv_name) == 0) {
5575 log_framework(LOG_DEBUG,
5576 "Milestone already set to %s.\n", cfmri);
5577 ret = EALREADY;
5578 goto out;
5579 }
5580 }
5581
5582 if (!isall && !isnone) {
5583 nm = vertex_get_by_name(cfmri);
5584 if (nm == NULL || !(nm->gv_flags & GV_CONFIGURED)) {
5585 log_framework(LOG_WARNING, "Cannot set milestone to %s "
5586 "because no such service exists.\n", cfmri);
5587 ret = ENOENT;
5588 goto out;
5589 }
5590 }
5591
5592 log_framework(LOG_DEBUG, "Changing milestone to %s.\n", fmri);
5593
5594 /*
5595 * Set milestone, removing the old one if this was the last reference.
5596 */
5597 if (milestone > MILESTONE_NONE)
5598 (void) vertex_unref(milestone);
5599
5600 if (isall)
5601 milestone = NULL;
5602 else if (isnone)
5603 milestone = MILESTONE_NONE;
5604 else {
5605 milestone = nm;
5606 /* milestone should count as a reference */
5607 vertex_ref(milestone);
5608 }
5609
5610 /* Clear all GV_INSUBGRAPH bits. */
5611 for (v = uu_list_first(dgraph); v != NULL; v = uu_list_next(dgraph, v))
5612 v->gv_flags &= ~GV_INSUBGRAPH;
5613
5614 if (!isall && !isnone) {
5615 /* Set GV_INSUBGRAPH for milestone & descendents. */
5616 milestone->gv_flags |= GV_INSUBGRAPH;
5617
5618 r = uu_list_walk(milestone->gv_dependencies,
5619 (uu_walk_fn_t *)mark_subgraph, NULL, 0);
5620 assert(r == 0);
5621 }
5622
5623 /* Un-override services in the subgraph & override-disable the rest. */
5624 if (norepository)
5625 goto out;
5626
5627 non_subgraph_svcs = 0;
5628 for (v = uu_list_first(dgraph);
5629 v != NULL;
5630 v = uu_list_next(dgraph, v)) {
5631 if (v->gv_type != GVT_INST ||
5632 (v->gv_flags & GV_CONFIGURED) == 0)
5633 continue;
5634
5635 again:
5636 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst,
5637 NULL, NULL, SCF_DECODE_FMRI_EXACT);
5638 if (r != 0) {
5639 switch (scf_error()) {
5640 case SCF_ERROR_CONNECTION_BROKEN:
5641 default:
5642 libscf_handle_rebind(h);
5643 rebound = B_TRUE;
5644 goto again;
5645
5646 case SCF_ERROR_NOT_FOUND:
5647 continue;
5648
5649 case SCF_ERROR_HANDLE_MISMATCH:
5650 case SCF_ERROR_INVALID_ARGUMENT:
5651 case SCF_ERROR_CONSTRAINT_VIOLATED:
5652 case SCF_ERROR_NOT_BOUND:
5653 bad_error("scf_handle_decode_fmri",
5654 scf_error());
5655 }
5656 }
5657
5658 if (isall || (v->gv_flags & GV_INSUBGRAPH)) {
5659 r = libscf_delete_enable_ovr(inst);
5660 fs = "libscf_delete_enable_ovr";
5661 } else {
5662 assert(isnone || (v->gv_flags & GV_INSUBGRAPH) == 0);
5663
5664 /*
5665 * Services which are up need to come down before
5666 * we're done, but we can only disable the leaves
5667 * here.
5668 */
5669
5670 if (up_state(v->gv_state))
5671 ++non_subgraph_svcs;
5672
5673 /* If it's already disabled, don't bother. */
5674 if ((v->gv_flags & GV_ENABLED) == 0)
5675 continue;
5676
5677 if (!is_nonsubgraph_leaf(v))
5678 continue;
5679
5680 r = libscf_set_enable_ovr(inst, 0);
5681 fs = "libscf_set_enable_ovr";
5682 }
5683 switch (r) {
5684 case 0:
5685 case ECANCELED:
5686 break;
5687
5688 case ECONNABORTED:
5689 libscf_handle_rebind(h);
5690 rebound = B_TRUE;
5691 goto again;
5692
5693 case EPERM:
5694 case EROFS:
5695 log_error(LOG_WARNING,
5696 "Could not set %s/%s for %s: %s.\n",
5697 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
5698 v->gv_name, strerror(r));
5699 break;
5700
5701 default:
5702 bad_error(fs, r);
5703 }
5704 }
5705
5706 if (halting != -1) {
5707 if (non_subgraph_svcs > 1)
5708 uu_warn("%d system services are now being stopped.\n",
5709 non_subgraph_svcs);
5710 else if (non_subgraph_svcs == 1)
5711 uu_warn("One system service is now being stopped.\n");
5712 else if (non_subgraph_svcs == 0)
5713 do_uadmin();
5714 }
5715
5716 ret = rebound ? ECONNRESET : 0;
5717
5718 out:
5719 MUTEX_UNLOCK(&dgraph_lock);
5720 if (!isall && !isnone)
5721 startd_free((void *)cfmri, max_scf_fmri_size);
5722 scf_instance_destroy(inst);
5723 return (ret);
5724 }
5725
5726
5727 /*
5728 * Returns 0, ECONNABORTED, or EINVAL.
5729 */
5730 static int
5731 handle_graph_update_event(scf_handle_t *h, graph_protocol_event_t *e)
5732 {
5733 int r;
5734
5735 switch (e->gpe_type) {
5736 case GRAPH_UPDATE_RELOAD_GRAPH:
5737 log_error(LOG_WARNING,
5738 "graph_event: reload graph unimplemented\n");
5739 break;
5740
5741 case GRAPH_UPDATE_STATE_CHANGE: {
5742 protocol_states_t *states = e->gpe_data;
5743
5744 switch (r = dgraph_set_instance_state(h, e->gpe_inst, states)) {
5745 case 0:
5746 case ENOENT:
5747 break;
5748
5749 case ECONNABORTED:
5750 return (ECONNABORTED);
5751
5752 case EINVAL:
5753 default:
5754 #ifndef NDEBUG
5755 (void) fprintf(stderr, "dgraph_set_instance_state() "
5756 "failed with unexpected error %d at %s:%d.\n", r,
5757 __FILE__, __LINE__);
5758 #endif
5759 abort();
5760 }
5761
5762 startd_free(states, sizeof (protocol_states_t));
5763 break;
5764 }
5765
5766 default:
5767 log_error(LOG_WARNING,
5768 "graph_event_loop received an unknown event: %d\n",
5769 e->gpe_type);
5770 break;
5771 }
5772
5773 return (0);
5774 }
5775
5776 /*
5777 * graph_event_thread()
5778 * Wait for state changes from the restarters.
5779 */
5780 /*ARGSUSED*/
5781 void *
5782 graph_event_thread(void *unused)
5783 {
5784 scf_handle_t *h;
5785 int err;
5786
5787 (void) pthread_setname_np(pthread_self(), "graph_event");
5788
5789 h = libscf_handle_create_bound_loop();
5790
5791 /*CONSTCOND*/
5792 while (1) {
5793 graph_protocol_event_t *e;
5794
5795 MUTEX_LOCK(&gu->gu_lock);
5796
5797 while (gu->gu_wakeup == 0)
5798 (void) pthread_cond_wait(&gu->gu_cv, &gu->gu_lock);
5799
5800 gu->gu_wakeup = 0;
5801
5802 while ((e = graph_event_dequeue()) != NULL) {
5803 MUTEX_LOCK(&e->gpe_lock);
5804 MUTEX_UNLOCK(&gu->gu_lock);
5805
5806 while ((err = handle_graph_update_event(h, e)) ==
5807 ECONNABORTED)
5808 libscf_handle_rebind(h);
5809
5810 if (err == 0)
5811 graph_event_release(e);
5812 else
5813 graph_event_requeue(e);
5814
5815 MUTEX_LOCK(&gu->gu_lock);
5816 }
5817
5818 MUTEX_UNLOCK(&gu->gu_lock);
5819 }
5820
5821 /*
5822 * Unreachable for now -- there's currently no graceful cleanup
5823 * called on exit().
5824 */
5825 MUTEX_UNLOCK(&gu->gu_lock);
5826 scf_handle_destroy(h);
5827 return (NULL);
5828 }
5829
5830 static void
5831 set_initial_milestone(scf_handle_t *h)
5832 {
5833 scf_instance_t *inst;
5834 char *fmri, *cfmri;
5835 size_t sz;
5836 int r;
5837
5838 inst = safe_scf_instance_create(h);
5839 fmri = startd_alloc(max_scf_fmri_size);
5840
5841 /*
5842 * If -m milestone= was specified, we want to set options_ovr/milestone
5843 * to it. Otherwise we want to read what the milestone should be set
5844 * to. Either way we need our inst.
5845 */
5846 get_self:
5847 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst,
5848 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
5849 switch (scf_error()) {
5850 case SCF_ERROR_CONNECTION_BROKEN:
5851 libscf_handle_rebind(h);
5852 goto get_self;
5853
5854 case SCF_ERROR_NOT_FOUND:
5855 if (st->st_subgraph != NULL &&
5856 st->st_subgraph[0] != '\0') {
5857 sz = strlcpy(fmri, st->st_subgraph,
5858 max_scf_fmri_size);
5859 assert(sz < max_scf_fmri_size);
5860 } else {
5861 fmri[0] = '\0';
5862 }
5863 break;
5864
5865 case SCF_ERROR_INVALID_ARGUMENT:
5866 case SCF_ERROR_CONSTRAINT_VIOLATED:
5867 case SCF_ERROR_HANDLE_MISMATCH:
5868 default:
5869 bad_error("scf_handle_decode_fmri", scf_error());
5870 }
5871 } else {
5872 if (st->st_subgraph != NULL && st->st_subgraph[0] != '\0') {
5873 scf_propertygroup_t *pg;
5874
5875 pg = safe_scf_pg_create(h);
5876
5877 sz = strlcpy(fmri, st->st_subgraph, max_scf_fmri_size);
5878 assert(sz < max_scf_fmri_size);
5879
5880 r = libscf_inst_get_or_add_pg(inst, SCF_PG_OPTIONS_OVR,
5881 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS,
5882 pg);
5883 switch (r) {
5884 case 0:
5885 break;
5886
5887 case ECONNABORTED:
5888 libscf_handle_rebind(h);
5889 goto get_self;
5890
5891 case EPERM:
5892 case EACCES:
5893 case EROFS:
5894 log_error(LOG_WARNING, "Could not set %s/%s: "
5895 "%s.\n", SCF_PG_OPTIONS_OVR,
5896 SCF_PROPERTY_MILESTONE, strerror(r));
5897 /* FALLTHROUGH */
5898
5899 case ECANCELED:
5900 sz = strlcpy(fmri, st->st_subgraph,
5901 max_scf_fmri_size);
5902 assert(sz < max_scf_fmri_size);
5903 break;
5904
5905 default:
5906 bad_error("libscf_inst_get_or_add_pg", r);
5907 }
5908
5909 r = libscf_clear_runlevel(pg, fmri);
5910 switch (r) {
5911 case 0:
5912 break;
5913
5914 case ECONNABORTED:
5915 libscf_handle_rebind(h);
5916 goto get_self;
5917
5918 case EPERM:
5919 case EACCES:
5920 case EROFS:
5921 log_error(LOG_WARNING, "Could not set %s/%s: "
5922 "%s.\n", SCF_PG_OPTIONS_OVR,
5923 SCF_PROPERTY_MILESTONE, strerror(r));
5924 /* FALLTHROUGH */
5925
5926 case ECANCELED:
5927 sz = strlcpy(fmri, st->st_subgraph,
5928 max_scf_fmri_size);
5929 assert(sz < max_scf_fmri_size);
5930 break;
5931
5932 default:
5933 bad_error("libscf_clear_runlevel", r);
5934 }
5935
5936 scf_pg_destroy(pg);
5937 } else {
5938 scf_property_t *prop;
5939 scf_value_t *val;
5940
5941 prop = safe_scf_property_create(h);
5942 val = safe_scf_value_create(h);
5943
5944 r = libscf_get_milestone(inst, prop, val, fmri,
5945 max_scf_fmri_size);
5946 switch (r) {
5947 case 0:
5948 break;
5949
5950 case ECONNABORTED:
5951 libscf_handle_rebind(h);
5952 goto get_self;
5953
5954 case EINVAL:
5955 log_error(LOG_WARNING, "Milestone property is "
5956 "misconfigured. Defaulting to \"all\".\n");
5957 /* FALLTHROUGH */
5958
5959 case ECANCELED:
5960 case ENOENT:
5961 fmri[0] = '\0';
5962 break;
5963
5964 default:
5965 bad_error("libscf_get_milestone", r);
5966 }
5967
5968 scf_value_destroy(val);
5969 scf_property_destroy(prop);
5970 }
5971 }
5972
5973 if (fmri[0] == '\0' || strcmp(fmri, "all") == 0)
5974 goto out;
5975
5976 if (strcmp(fmri, "none") != 0) {
5977 retry:
5978 if (scf_handle_decode_fmri(h, fmri, NULL, NULL, inst, NULL,
5979 NULL, SCF_DECODE_FMRI_EXACT) != 0) {
5980 switch (scf_error()) {
5981 case SCF_ERROR_INVALID_ARGUMENT:
5982 log_error(LOG_WARNING,
5983 "Requested milestone \"%s\" is invalid. "
5984 "Reverting to \"all\".\n", fmri);
5985 goto out;
5986
5987 case SCF_ERROR_CONSTRAINT_VIOLATED:
5988 log_error(LOG_WARNING, "Requested milestone "
5989 "\"%s\" does not specify an instance. "
5990 "Reverting to \"all\".\n", fmri);
5991 goto out;
5992
5993 case SCF_ERROR_CONNECTION_BROKEN:
5994 libscf_handle_rebind(h);
5995 goto retry;
5996
5997 case SCF_ERROR_NOT_FOUND:
5998 log_error(LOG_WARNING, "Requested milestone "
5999 "\"%s\" not in repository. Reverting to "
6000 "\"all\".\n", fmri);
6001 goto out;
6002
6003 case SCF_ERROR_HANDLE_MISMATCH:
6004 default:
6005 bad_error("scf_handle_decode_fmri",
6006 scf_error());
6007 }
6008 }
6009
6010 r = fmri_canonify(fmri, &cfmri, B_FALSE);
6011 assert(r == 0);
6012
6013 r = dgraph_add_instance(cfmri, inst, B_TRUE);
6014 startd_free(cfmri, max_scf_fmri_size);
6015 switch (r) {
6016 case 0:
6017 break;
6018
6019 case ECONNABORTED:
6020 goto retry;
6021
6022 case EINVAL:
6023 log_error(LOG_WARNING,
6024 "Requested milestone \"%s\" is invalid. "
6025 "Reverting to \"all\".\n", fmri);
6026 goto out;
6027
6028 case ECANCELED:
6029 log_error(LOG_WARNING,
6030 "Requested milestone \"%s\" not "
6031 "in repository. Reverting to \"all\".\n",
6032 fmri);
6033 goto out;
6034
6035 case EEXIST:
6036 default:
6037 bad_error("dgraph_add_instance", r);
6038 }
6039 }
6040
6041 log_console(LOG_INFO, "Booting to milestone \"%s\".\n", fmri);
6042
6043 r = dgraph_set_milestone(fmri, h, B_FALSE);
6044 switch (r) {
6045 case 0:
6046 case ECONNRESET:
6047 case EALREADY:
6048 break;
6049
6050 case EINVAL:
6051 case ENOENT:
6052 default:
6053 bad_error("dgraph_set_milestone", r);
6054 }
6055
6056 out:
6057 startd_free(fmri, max_scf_fmri_size);
6058 scf_instance_destroy(inst);
6059 }
6060
6061 void
6062 set_restart_milestone(scf_handle_t *h)
6063 {
6064 scf_instance_t *inst;
6065 scf_property_t *prop;
6066 scf_value_t *val;
6067 char *fmri;
6068 int r;
6069
6070 inst = safe_scf_instance_create(h);
6071
6072 get_self:
6073 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL,
6074 inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
6075 switch (scf_error()) {
6076 case SCF_ERROR_CONNECTION_BROKEN:
6077 libscf_handle_rebind(h);
6078 goto get_self;
6079
6080 case SCF_ERROR_NOT_FOUND:
6081 break;
6082
6083 case SCF_ERROR_INVALID_ARGUMENT:
6084 case SCF_ERROR_CONSTRAINT_VIOLATED:
6085 case SCF_ERROR_HANDLE_MISMATCH:
6086 default:
6087 bad_error("scf_handle_decode_fmri", scf_error());
6088 }
6089
6090 scf_instance_destroy(inst);
6091 return;
6092 }
6093
6094 prop = safe_scf_property_create(h);
6095 val = safe_scf_value_create(h);
6096 fmri = startd_alloc(max_scf_fmri_size);
6097
6098 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size);
6099 switch (r) {
6100 case 0:
6101 break;
6102
6103 case ECONNABORTED:
6104 libscf_handle_rebind(h);
6105 goto get_self;
6106
6107 case ECANCELED:
6108 case ENOENT:
6109 case EINVAL:
6110 goto out;
6111
6112 default:
6113 bad_error("libscf_get_milestone", r);
6114 }
6115
6116 r = dgraph_set_milestone(fmri, h, B_TRUE);
6117 switch (r) {
6118 case 0:
6119 case ECONNRESET:
6120 case EALREADY:
6121 case EINVAL:
6122 case ENOENT:
6123 break;
6124
6125 default:
6126 bad_error("dgraph_set_milestone", r);
6127 }
6128
6129 out:
6130 startd_free(fmri, max_scf_fmri_size);
6131 scf_value_destroy(val);
6132 scf_property_destroy(prop);
6133 scf_instance_destroy(inst);
6134 }
6135
6136 /*
6137 * void *graph_thread(void *)
6138 *
6139 * Graph management thread.
6140 */
6141 /*ARGSUSED*/
6142 void *
6143 graph_thread(void *arg)
6144 {
6145 scf_handle_t *h;
6146 int err;
6147
6148 (void) pthread_setname_np(pthread_self(), "graph");
6149
6150 h = libscf_handle_create_bound_loop();
6151
6152 if (st->st_initial)
6153 set_initial_milestone(h);
6154
6155 MUTEX_LOCK(&dgraph_lock);
6156 initial_milestone_set = B_TRUE;
6157 err = pthread_cond_broadcast(&initial_milestone_cv);
6158 assert(err == 0);
6159 MUTEX_UNLOCK(&dgraph_lock);
6160
6161 libscf_populate_graph(h);
6162
6163 if (!st->st_initial)
6164 set_restart_milestone(h);
6165
6166 MUTEX_LOCK(&st->st_load_lock);
6167 st->st_load_complete = 1;
6168 (void) pthread_cond_broadcast(&st->st_load_cv);
6169 MUTEX_UNLOCK(&st->st_load_lock);
6170
6171 MUTEX_LOCK(&dgraph_lock);
6172 /*
6173 * Now that we've set st_load_complete we need to check can_come_up()
6174 * since if we booted to a milestone, then there won't be any more
6175 * state updates.
6176 */
6177 if (!go_single_user_mode && !go_to_level1 &&
6178 halting == -1) {
6179 if (!sulogin_thread_running && !can_come_up()) {
6180 (void) startd_thread_create(sulogin_thread, NULL);
6181 sulogin_thread_running = B_TRUE;
6182 }
6183 }
6184 MUTEX_UNLOCK(&dgraph_lock);
6185
6186 (void) pthread_mutex_lock(&gu->gu_freeze_lock);
6187
6188 /*CONSTCOND*/
6189 while (1) {
6190 (void) pthread_cond_wait(&gu->gu_freeze_cv,
6191 &gu->gu_freeze_lock);
6192 }
6193
6194 /*
6195 * Unreachable for now -- there's currently no graceful cleanup
6196 * called on exit().
6197 */
6198 (void) pthread_mutex_unlock(&gu->gu_freeze_lock);
6199 scf_handle_destroy(h);
6200
6201 return (NULL);
6202 }
6203
6204
6205 /*
6206 * int next_action()
6207 * Given an array of timestamps 'a' with 'num' elements, find the
6208 * lowest non-zero timestamp and return its index. If there are no
6209 * non-zero elements, return -1.
6210 */
6211 static int
6212 next_action(hrtime_t *a, int num)
6213 {
6214 hrtime_t t = 0;
6215 int i = 0, smallest = -1;
6216
6217 for (i = 0; i < num; i++) {
6218 if (t == 0) {
6219 t = a[i];
6220 smallest = i;
6221 } else if (a[i] != 0 && a[i] < t) {
6222 t = a[i];
6223 smallest = i;
6224 }
6225 }
6226
6227 if (t == 0)
6228 return (-1);
6229 else
6230 return (smallest);
6231 }
6232
6233 /*
6234 * void process_actions()
6235 * Process actions requested by the administrator. Possibilities include:
6236 * refresh, restart, maintenance mode off, maintenance mode on,
6237 * maintenance mode immediate, and degraded.
6238 *
6239 * The set of pending actions is represented in the repository as a
6240 * per-instance property group, with each action being a single property
6241 * in that group. This property group is converted to an array, with each
6242 * action type having an array slot. The actions in the array at the
6243 * time process_actions() is called are acted on in the order of the
6244 * timestamp (which is the value stored in the slot). A value of zero
6245 * indicates that there is no pending action of the type associated with
6246 * a particular slot.
6247 *
6248 * Sending an action event multiple times before the restarter has a
6249 * chance to process that action will force it to be run at the last
6250 * timestamp where it appears in the ordering.
6251 *
6252 * Turning maintenance mode on trumps all other actions.
6253 *
6254 * Returns 0 or ECONNABORTED.
6255 */
6256 static int
6257 process_actions(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst)
6258 {
6259 scf_property_t *prop = NULL;
6260 scf_value_t *val = NULL;
6261 scf_type_t type;
6262 graph_vertex_t *vertex;
6263 admin_action_t a;
6264 int i, ret = 0, r;
6265 hrtime_t action_ts[NACTIONS];
6266 char *inst_name;
6267
6268 r = libscf_instance_get_fmri(inst, &inst_name);
6269 switch (r) {
6270 case 0:
6271 break;
6272
6273 case ECONNABORTED:
6274 return (ECONNABORTED);
6275
6276 case ECANCELED:
6277 return (0);
6278
6279 default:
6280 bad_error("libscf_instance_get_fmri", r);
6281 }
6282
6283 MUTEX_LOCK(&dgraph_lock);
6284
6285 vertex = vertex_get_by_name(inst_name);
6286 if (vertex == NULL) {
6287 MUTEX_UNLOCK(&dgraph_lock);
6288 log_framework(LOG_DEBUG, "%s: Can't find graph vertex. "
6289 "The instance must have been removed.\n", inst_name);
6290 startd_free(inst_name, max_scf_fmri_size);
6291 return (0);
6292 }
6293
6294 prop = safe_scf_property_create(h);
6295 val = safe_scf_value_create(h);
6296
6297 for (i = 0; i < NACTIONS; i++) {
6298 if (scf_pg_get_property(pg, admin_actions[i], prop) != 0) {
6299 switch (scf_error()) {
6300 case SCF_ERROR_CONNECTION_BROKEN:
6301 default:
6302 ret = ECONNABORTED;
6303 goto out;
6304
6305 case SCF_ERROR_DELETED:
6306 goto out;
6307
6308 case SCF_ERROR_NOT_FOUND:
6309 action_ts[i] = 0;
6310 continue;
6311
6312 case SCF_ERROR_HANDLE_MISMATCH:
6313 case SCF_ERROR_INVALID_ARGUMENT:
6314 case SCF_ERROR_NOT_SET:
6315 bad_error("scf_pg_get_property", scf_error());
6316 }
6317 }
6318
6319 if (scf_property_type(prop, &type) != 0) {
6320 switch (scf_error()) {
6321 case SCF_ERROR_CONNECTION_BROKEN:
6322 default:
6323 ret = ECONNABORTED;
6324 goto out;
6325
6326 case SCF_ERROR_DELETED:
6327 action_ts[i] = 0;
6328 continue;
6329
6330 case SCF_ERROR_NOT_SET:
6331 bad_error("scf_property_type", scf_error());
6332 }
6333 }
6334
6335 if (type != SCF_TYPE_INTEGER) {
6336 action_ts[i] = 0;
6337 continue;
6338 }
6339
6340 if (scf_property_get_value(prop, val) != 0) {
6341 switch (scf_error()) {
6342 case SCF_ERROR_CONNECTION_BROKEN:
6343 default:
6344 ret = ECONNABORTED;
6345 goto out;
6346
6347 case SCF_ERROR_DELETED:
6348 goto out;
6349
6350 case SCF_ERROR_NOT_FOUND:
6351 case SCF_ERROR_CONSTRAINT_VIOLATED:
6352 action_ts[i] = 0;
6353 continue;
6354
6355 case SCF_ERROR_NOT_SET:
6356 case SCF_ERROR_PERMISSION_DENIED:
6357 bad_error("scf_property_get_value",
6358 scf_error());
6359 }
6360 }
6361
6362 r = scf_value_get_integer(val, &action_ts[i]);
6363 assert(r == 0);
6364 }
6365
6366 a = ADMIN_EVENT_MAINT_ON_IMMEDIATE;
6367 if (action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ||
6368 action_ts[ADMIN_EVENT_MAINT_ON]) {
6369 a = action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ?
6370 ADMIN_EVENT_MAINT_ON_IMMEDIATE : ADMIN_EVENT_MAINT_ON;
6371
6372 vertex_send_event(vertex, admin_events[a]);
6373 r = libscf_unset_action(h, pg, a, action_ts[a]);
6374 switch (r) {
6375 case 0:
6376 case EACCES:
6377 break;
6378
6379 case ECONNABORTED:
6380 ret = ECONNABORTED;
6381 goto out;
6382
6383 case EPERM:
6384 uu_die("Insufficient privilege.\n");
6385 /* NOTREACHED */
6386
6387 default:
6388 bad_error("libscf_unset_action", r);
6389 }
6390 }
6391
6392 while ((a = next_action(action_ts, NACTIONS)) != -1) {
6393 log_framework(LOG_DEBUG,
6394 "Graph: processing %s action for %s.\n", admin_actions[a],
6395 inst_name);
6396
6397 if (a == ADMIN_EVENT_REFRESH) {
6398 r = dgraph_refresh_instance(vertex, inst);
6399 switch (r) {
6400 case 0:
6401 case ECANCELED:
6402 case EINVAL:
6403 case -1:
6404 break;
6405
6406 case ECONNABORTED:
6407 /* pg & inst are reset now, so just return. */
6408 ret = ECONNABORTED;
6409 goto out;
6410
6411 default:
6412 bad_error("dgraph_refresh_instance", r);
6413 }
6414 }
6415
6416 vertex_send_event(vertex, admin_events[a]);
6417
6418 r = libscf_unset_action(h, pg, a, action_ts[a]);
6419 switch (r) {
6420 case 0:
6421 case EACCES:
6422 break;
6423
6424 case ECONNABORTED:
6425 ret = ECONNABORTED;
6426 goto out;
6427
6428 case EPERM:
6429 uu_die("Insufficient privilege.\n");
6430 /* NOTREACHED */
6431
6432 default:
6433 bad_error("libscf_unset_action", r);
6434 }
6435
6436 action_ts[a] = 0;
6437 }
6438
6439 out:
6440 MUTEX_UNLOCK(&dgraph_lock);
6441
6442 scf_property_destroy(prop);
6443 scf_value_destroy(val);
6444 startd_free(inst_name, max_scf_fmri_size);
6445 return (ret);
6446 }
6447
6448 /*
6449 * inst and pg_name are scratch space, and are unset on entry.
6450 * Returns
6451 * 0 - success
6452 * ECONNRESET - success, but repository handle rebound
6453 * ECONNABORTED - repository connection broken
6454 */
6455 static int
6456 process_pg_event(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst,
6457 char *pg_name)
6458 {
6459 int r;
6460 scf_property_t *prop;
6461 scf_value_t *val;
6462 char *fmri;
6463 boolean_t rebound = B_FALSE, rebind_inst = B_FALSE;
6464
6465 if (scf_pg_get_name(pg, pg_name, max_scf_value_size) < 0) {
6466 switch (scf_error()) {
6467 case SCF_ERROR_CONNECTION_BROKEN:
6468 default:
6469 return (ECONNABORTED);
6470
6471 case SCF_ERROR_DELETED:
6472 return (0);
6473
6474 case SCF_ERROR_NOT_SET:
6475 bad_error("scf_pg_get_name", scf_error());
6476 }
6477 }
6478
6479 if (strcmp(pg_name, SCF_PG_GENERAL) == 0 ||
6480 strcmp(pg_name, SCF_PG_GENERAL_OVR) == 0) {
6481 r = dgraph_update_general(pg);
6482 switch (r) {
6483 case 0:
6484 case ENOTSUP:
6485 case ECANCELED:
6486 return (0);
6487
6488 case ECONNABORTED:
6489 return (ECONNABORTED);
6490
6491 case -1:
6492 /* Error should have been logged. */
6493 return (0);
6494
6495 default:
6496 bad_error("dgraph_update_general", r);
6497 }
6498 } else if (strcmp(pg_name, SCF_PG_RESTARTER_ACTIONS) == 0) {
6499 if (scf_pg_get_parent_instance(pg, inst) != 0) {
6500 switch (scf_error()) {
6501 case SCF_ERROR_CONNECTION_BROKEN:
6502 return (ECONNABORTED);
6503
6504 case SCF_ERROR_DELETED:
6505 case SCF_ERROR_CONSTRAINT_VIOLATED:
6506 /* Ignore commands on services. */
6507 return (0);
6508
6509 case SCF_ERROR_NOT_BOUND:
6510 case SCF_ERROR_HANDLE_MISMATCH:
6511 case SCF_ERROR_NOT_SET:
6512 default:
6513 bad_error("scf_pg_get_parent_instance",
6514 scf_error());
6515 }
6516 }
6517
6518 return (process_actions(h, pg, inst));
6519 }
6520
6521 if (strcmp(pg_name, SCF_PG_OPTIONS) != 0 &&
6522 strcmp(pg_name, SCF_PG_OPTIONS_OVR) != 0)
6523 return (0);
6524
6525 /*
6526 * We only care about the options[_ovr] property groups of our own
6527 * instance, so get the fmri and compare. Plus, once we know it's
6528 * correct, if the repository connection is broken we know exactly what
6529 * property group we were operating on, and can look it up again.
6530 */
6531 if (scf_pg_get_parent_instance(pg, inst) != 0) {
6532 switch (scf_error()) {
6533 case SCF_ERROR_CONNECTION_BROKEN:
6534 return (ECONNABORTED);
6535
6536 case SCF_ERROR_DELETED:
6537 case SCF_ERROR_CONSTRAINT_VIOLATED:
6538 return (0);
6539
6540 case SCF_ERROR_HANDLE_MISMATCH:
6541 case SCF_ERROR_NOT_BOUND:
6542 case SCF_ERROR_NOT_SET:
6543 default:
6544 bad_error("scf_pg_get_parent_instance",
6545 scf_error());
6546 }
6547 }
6548
6549 switch (r = libscf_instance_get_fmri(inst, &fmri)) {
6550 case 0:
6551 break;
6552
6553 case ECONNABORTED:
6554 return (ECONNABORTED);
6555
6556 case ECANCELED:
6557 return (0);
6558
6559 default:
6560 bad_error("libscf_instance_get_fmri", r);
6561 }
6562
6563 if (strcmp(fmri, SCF_SERVICE_STARTD) != 0) {
6564 startd_free(fmri, max_scf_fmri_size);
6565 return (0);
6566 }
6567
6568 /*
6569 * update the information events flag
6570 */
6571 if (strcmp(pg_name, SCF_PG_OPTIONS) == 0)
6572 info_events_all = libscf_get_info_events_all(pg);
6573
6574 prop = safe_scf_property_create(h);
6575 val = safe_scf_value_create(h);
6576
6577 if (strcmp(pg_name, SCF_PG_OPTIONS_OVR) == 0) {
6578 /* See if we need to set the runlevel. */
6579 /* CONSTCOND */
6580 if (0) {
6581 rebind_pg:
6582 libscf_handle_rebind(h);
6583 rebound = B_TRUE;
6584
6585 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst);
6586 switch (r) {
6587 case 0:
6588 break;
6589
6590 case ECONNABORTED:
6591 goto rebind_pg;
6592
6593 case ENOENT:
6594 goto out;
6595
6596 case EINVAL:
6597 case ENOTSUP:
6598 bad_error("libscf_lookup_instance", r);
6599 }
6600
6601 if (scf_instance_get_pg(inst, pg_name, pg) != 0) {
6602 switch (scf_error()) {
6603 case SCF_ERROR_DELETED:
6604 case SCF_ERROR_NOT_FOUND:
6605 goto out;
6606
6607 case SCF_ERROR_CONNECTION_BROKEN:
6608 goto rebind_pg;
6609
6610 case SCF_ERROR_HANDLE_MISMATCH:
6611 case SCF_ERROR_NOT_BOUND:
6612 case SCF_ERROR_NOT_SET:
6613 case SCF_ERROR_INVALID_ARGUMENT:
6614 default:
6615 bad_error("scf_instance_get_pg",
6616 scf_error());
6617 }
6618 }
6619 }
6620
6621 if (scf_pg_get_property(pg, "runlevel", prop) == 0) {
6622 r = dgraph_set_runlevel(pg, prop);
6623 switch (r) {
6624 case ECONNRESET:
6625 rebound = B_TRUE;
6626 rebind_inst = B_TRUE;
6627 /* FALLTHROUGH */
6628
6629 case 0:
6630 break;
6631
6632 case ECONNABORTED:
6633 goto rebind_pg;
6634
6635 case ECANCELED:
6636 goto out;
6637
6638 default:
6639 bad_error("dgraph_set_runlevel", r);
6640 }
6641 } else {
6642 switch (scf_error()) {
6643 case SCF_ERROR_CONNECTION_BROKEN:
6644 default:
6645 goto rebind_pg;
6646
6647 case SCF_ERROR_DELETED:
6648 goto out;
6649
6650 case SCF_ERROR_NOT_FOUND:
6651 break;
6652
6653 case SCF_ERROR_INVALID_ARGUMENT:
6654 case SCF_ERROR_HANDLE_MISMATCH:
6655 case SCF_ERROR_NOT_BOUND:
6656 case SCF_ERROR_NOT_SET:
6657 bad_error("scf_pg_get_property", scf_error());
6658 }
6659 }
6660 }
6661
6662 if (rebind_inst) {
6663 lookup_inst:
6664 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst);
6665 switch (r) {
6666 case 0:
6667 break;
6668
6669 case ECONNABORTED:
6670 libscf_handle_rebind(h);
6671 rebound = B_TRUE;
6672 goto lookup_inst;
6673
6674 case ENOENT:
6675 goto out;
6676
6677 case EINVAL:
6678 case ENOTSUP:
6679 bad_error("libscf_lookup_instance", r);
6680 }
6681 }
6682
6683 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size);
6684 switch (r) {
6685 case 0:
6686 break;
6687
6688 case ECONNABORTED:
6689 libscf_handle_rebind(h);
6690 rebound = B_TRUE;
6691 goto lookup_inst;
6692
6693 case EINVAL:
6694 log_error(LOG_NOTICE,
6695 "%s/%s property of %s is misconfigured.\n", pg_name,
6696 SCF_PROPERTY_MILESTONE, SCF_SERVICE_STARTD);
6697 /* FALLTHROUGH */
6698
6699 case ECANCELED:
6700 case ENOENT:
6701 (void) strcpy(fmri, "all");
6702 break;
6703
6704 default:
6705 bad_error("libscf_get_milestone", r);
6706 }
6707
6708 r = dgraph_set_milestone(fmri, h, B_FALSE);
6709 switch (r) {
6710 case 0:
6711 case ECONNRESET:
6712 case EALREADY:
6713 break;
6714
6715 case EINVAL:
6716 log_error(LOG_WARNING, "Milestone %s is invalid.\n", fmri);
6717 break;
6718
6719 case ENOENT:
6720 log_error(LOG_WARNING, "Milestone %s does not exist.\n", fmri);
6721 break;
6722
6723 default:
6724 bad_error("dgraph_set_milestone", r);
6725 }
6726
6727 out:
6728 startd_free(fmri, max_scf_fmri_size);
6729 scf_value_destroy(val);
6730 scf_property_destroy(prop);
6731
6732 return (rebound ? ECONNRESET : 0);
6733 }
6734
6735 /*
6736 * process_delete() deletes an instance from the dgraph if 'fmri' is an
6737 * instance fmri or if 'fmri' matches the 'general' property group of an
6738 * instance (or the 'general/enabled' property).
6739 *
6740 * 'fmri' may be overwritten and cannot be trusted on return by the caller.
6741 */
6742 static void
6743 process_delete(char *fmri, scf_handle_t *h)
6744 {
6745 char *lfmri, *end_inst_fmri;
6746 const char *inst_name = NULL;
6747 const char *pg_name = NULL;
6748 const char *prop_name = NULL;
6749
6750 lfmri = safe_strdup(fmri);
6751
6752 /* Determine if the FMRI is a property group or instance */
6753 if (scf_parse_svc_fmri(lfmri, NULL, NULL, &inst_name, &pg_name,
6754 &prop_name) != SCF_SUCCESS) {
6755 log_error(LOG_WARNING,
6756 "Received invalid FMRI \"%s\" from repository server.\n",
6757 fmri);
6758 } else if (inst_name != NULL && pg_name == NULL) {
6759 (void) dgraph_remove_instance(fmri, h);
6760 } else if (inst_name != NULL && pg_name != NULL) {
6761 /*
6762 * If we're deleting the 'general' property group or
6763 * 'general/enabled' property then the whole instance
6764 * must be removed from the dgraph.
6765 */
6766 if (strcmp(pg_name, SCF_PG_GENERAL) != 0) {
6767 free(lfmri);
6768 return;
6769 }
6770
6771 if (prop_name != NULL &&
6772 strcmp(prop_name, SCF_PROPERTY_ENABLED) != 0) {
6773 free(lfmri);
6774 return;
6775 }
6776
6777 /*
6778 * Because the instance has already been deleted from the
6779 * repository, we cannot use any scf_ functions to retrieve
6780 * the instance FMRI however we can easily reconstruct it
6781 * manually.
6782 */
6783 end_inst_fmri = strstr(fmri, SCF_FMRI_PROPERTYGRP_PREFIX);
6784 if (end_inst_fmri == NULL)
6785 bad_error("process_delete", 0);
6786
6787 end_inst_fmri[0] = '\0';
6788
6789 (void) dgraph_remove_instance(fmri, h);
6790 }
6791
6792 free(lfmri);
6793 }
6794
6795 /*ARGSUSED*/
6796 void *
6797 repository_event_thread(void *unused)
6798 {
6799 scf_handle_t *h;
6800 scf_propertygroup_t *pg;
6801 scf_instance_t *inst;
6802 char *fmri = startd_alloc(max_scf_fmri_size);
6803 char *pg_name = startd_alloc(max_scf_value_size);
6804 int r;
6805
6806 (void) pthread_setname_np(pthread_self(), "repository_event");
6807
6808 h = libscf_handle_create_bound_loop();
6809
6810 pg = safe_scf_pg_create(h);
6811 inst = safe_scf_instance_create(h);
6812
6813 retry:
6814 if (_scf_notify_add_pgtype(h, SCF_GROUP_FRAMEWORK) != SCF_SUCCESS) {
6815 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) {
6816 libscf_handle_rebind(h);
6817 } else {
6818 log_error(LOG_WARNING,
6819 "Couldn't set up repository notification "
6820 "for property group type %s: %s\n",
6821 SCF_GROUP_FRAMEWORK, scf_strerror(scf_error()));
6822
6823 (void) sleep(1);
6824 }
6825
6826 goto retry;
6827 }
6828
6829 /*CONSTCOND*/
6830 while (1) {
6831 ssize_t res;
6832
6833 /* Note: fmri is only set on delete events. */
6834 res = _scf_notify_wait(pg, fmri, max_scf_fmri_size);
6835 if (res < 0) {
6836 libscf_handle_rebind(h);
6837 goto retry;
6838 } else if (res == 0) {
6839 /*
6840 * property group modified. inst and pg_name are
6841 * pre-allocated scratch space.
6842 */
6843 if (scf_pg_update(pg) < 0) {
6844 switch (scf_error()) {
6845 case SCF_ERROR_DELETED:
6846 continue;
6847
6848 case SCF_ERROR_CONNECTION_BROKEN:
6849 log_error(LOG_WARNING,
6850 "Lost repository event due to "
6851 "disconnection.\n");
6852 libscf_handle_rebind(h);
6853 goto retry;
6854
6855 case SCF_ERROR_NOT_BOUND:
6856 case SCF_ERROR_NOT_SET:
6857 default:
6858 bad_error("scf_pg_update", scf_error());
6859 }
6860 }
6861
6862 r = process_pg_event(h, pg, inst, pg_name);
6863 switch (r) {
6864 case 0:
6865 break;
6866
6867 case ECONNABORTED:
6868 log_error(LOG_WARNING, "Lost repository event "
6869 "due to disconnection.\n");
6870 libscf_handle_rebind(h);
6871 /* FALLTHROUGH */
6872
6873 case ECONNRESET:
6874 goto retry;
6875
6876 default:
6877 bad_error("process_pg_event", r);
6878 }
6879 } else {
6880 /*
6881 * Service, instance, or pg deleted.
6882 * Don't trust fmri on return.
6883 */
6884 process_delete(fmri, h);
6885 }
6886 }
6887
6888 /*NOTREACHED*/
6889 return (NULL);
6890 }
6891
6892 void
6893 graph_engine_start()
6894 {
6895 int err;
6896
6897 (void) startd_thread_create(graph_thread, NULL);
6898
6899 MUTEX_LOCK(&dgraph_lock);
6900 while (!initial_milestone_set) {
6901 err = pthread_cond_wait(&initial_milestone_cv, &dgraph_lock);
6902 assert(err == 0);
6903 }
6904 MUTEX_UNLOCK(&dgraph_lock);
6905
6906 (void) startd_thread_create(repository_event_thread, NULL);
6907 (void) startd_thread_create(graph_event_thread, NULL);
6908 }
Unleashed OS