1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 * Copyright 2012 Joyent, Inc. All rights reserved.
26 */
27
28 /*
29 * Console support for zones requires a significant infrastructure. The
30 * core pieces are contained in this file, but other portions of note
31 * are in the zlogin(1M) command, the zcons(7D) driver, and in the
32 * devfsadm(1M) misc_link generator.
33 *
34 * Care is taken to make the console behave in an "intuitive" fashion for
35 * administrators. Essentially, we try as much as possible to mimic the
36 * experience of using a system via a tip line and system controller.
37 *
38 * The zone console architecture looks like this:
39 *
40 * Global Zone | Non-Global Zone
41 * .--------------. |
42 * .-----------. | zoneadmd -z | | .--------. .---------.
43 * | zlogin -C | | myzone | | | ttymon | | syslogd |
44 * `-----------' `--------------' | `--------' `---------'
45 * | | | | | | |
46 * User | | | | | V V
47 * - - - - - - - - -|- - - -|- - - -|-|- - - - - - -|- - /dev/zconsole - - -
48 * Kernel V V | | |
49 * [AF_UNIX Socket] | `--------. .-------------'
50 * | | |
51 * | V V
52 * | +-----------+
53 * | | ldterm, |
54 * | | etc. |
55 * | +-----------+
56 * | +-[Anchor]--+
57 * | | ptem |
58 * V +-----------+
59 * +---master---+---slave---+
60 * | |
61 * | zcons driver |
62 * | zonename="myzone" |
63 * +------------------------+
64 *
65 * There are basically two major tasks which the console subsystem in
66 * zoneadmd accomplishes:
67 *
68 * - Setup and teardown of zcons driver instances. One zcons instance
69 * is maintained per zone; we take advantage of the libdevice APIs
70 * to online new instances of zcons as needed. Care is taken to
71 * prune and manage these appropriately; see init_console_dev() and
72 * destroy_console_dev(). The end result is the creation of the
73 * zcons(7D) instance and an open file descriptor to the master side.
74 * zcons instances are associated with zones via their zonename device
75 * property. This the console instance to persist across reboots,
76 * and while the zone is halted.
77 *
78 * - Acting as a server for 'zlogin -C' instances. When zlogin -C is
79 * run, zlogin connects to zoneadmd via unix domain socket. zoneadmd
80 * functions as a two-way proxy for console I/O, relaying user input
81 * to the master side of the console, and relaying output from the
82 * zone to the user.
83 */
84
85 #include <sys/types.h>
86 #include <sys/socket.h>
87 #include <sys/stat.h>
88 #include <sys/termios.h>
89 #include <sys/zcons.h>
90 #include <sys/mkdev.h>
91
92 #include <assert.h>
93 #include <ctype.h>
94 #include <errno.h>
95 #include <fcntl.h>
96 #include <stdarg.h>
97 #include <stdio.h>
98 #include <stdlib.h>
99 #include <strings.h>
100 #include <stropts.h>
101 #include <thread.h>
102 #include <ucred.h>
103 #include <unistd.h>
104 #include <zone.h>
105
106 #include <libdevinfo.h>
107 #include <libdevice.h>
108 #include <libzonecfg.h>
109
110 #include <syslog.h>
111 #include <sys/modctl.h>
112
113 #include "zoneadmd.h"
114
115 #define ZCONSNEX_DEVTREEPATH "/pseudo/zconsnex@1"
116 #define ZCONSNEX_FILEPATH "/devices/pseudo/zconsnex@1"
117
118 #define CONSOLE_SOCKPATH ZONES_TMPDIR "/%s.console_sock"
119
120 static int serverfd = -1; /* console server unix domain socket fd */
121 char boot_args[BOOTARGS_MAX];
122 char bad_boot_arg[BOOTARGS_MAX];
123
124 /*
125 * The eventstream is a simple one-directional flow of messages from the
126 * door server to the console subsystem, implemented with a pipe.
127 * It is used to wake up the console poller when it needs to take action,
128 * message the user, die off, etc.
129 */
130 static int eventstream[2];
131
132
133
134 int
135 eventstream_init()
136 {
137 if (pipe(eventstream) == -1)
138 return (-1);
139 return (0);
140 }
141
142 void
143 eventstream_write(zone_evt_t evt)
144 {
145 (void) write(eventstream[0], &evt, sizeof (evt));
146 }
147
148 static zone_evt_t
149 eventstream_read(void)
150 {
151 zone_evt_t evt = Z_EVT_NULL;
152
153 (void) read(eventstream[1], &evt, sizeof (evt));
154 return (evt);
155 }
156
157 /*
158 * count_console_devs() and its helper count_cb() do a walk of the
159 * subtree of the device tree where zone console nodes are represented.
160 * The goal is to count zone console instances already setup for a zone
161 * with the given name. More than 1 is anomolous, and our caller will
162 * have to deal with that if we find that's the case.
163 *
164 * Note: this algorithm is a linear search of nodes in the zconsnex subtree
165 * of the device tree, and could be a scalability problem, but I don't see
166 * how to avoid it.
167 */
168
169 /*
170 * cb_data is shared by count_cb and destroy_cb for simplicity.
171 */
172 struct cb_data {
173 zlog_t *zlogp;
174 int found;
175 int killed;
176 };
177
178 static int
179 count_cb(di_node_t node, void *arg)
180 {
181 struct cb_data *cb = (struct cb_data *)arg;
182 char *prop_data;
183
184 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename",
185 &prop_data) != -1) {
186 assert(prop_data != NULL);
187 if (strcmp(prop_data, zone_name) == 0) {
188 cb->found++;
189 return (DI_WALK_CONTINUE);
190 }
191 }
192 return (DI_WALK_CONTINUE);
193 }
194
195 static int
196 count_console_devs(zlog_t *zlogp)
197 {
198 di_node_t root;
199 struct cb_data cb;
200
201 bzero(&cb, sizeof (cb));
202 cb.zlogp = zlogp;
203
204 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) ==
205 DI_NODE_NIL) {
206 zerror(zlogp, B_TRUE, "%s failed", "di_init");
207 return (-1);
208 }
209
210 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, count_cb);
211 di_fini(root);
212 return (cb.found);
213 }
214
215 /*
216 * destroy_console_devs() and its helper destroy_cb() tears down any console
217 * instances associated with this zone. If things went very wrong, we
218 * might have more than one console instance hanging around. This routine
219 * hunts down and tries to remove all of them. Of course, if the console
220 * is open, the instance will not detach, which is a potential issue.
221 */
222 static int
223 destroy_cb(di_node_t node, void *arg)
224 {
225 struct cb_data *cb = (struct cb_data *)arg;
226 char *prop_data;
227 char *tmp;
228 char devpath[MAXPATHLEN];
229 devctl_hdl_t hdl;
230
231 if (di_prop_lookup_strings(DDI_DEV_T_ANY, node, "zonename",
232 &prop_data) == -1)
233 return (DI_WALK_CONTINUE);
234
235 assert(prop_data != NULL);
236 if (strcmp(prop_data, zone_name) != 0) {
237 /* this is the console for a different zone */
238 return (DI_WALK_CONTINUE);
239 }
240
241 cb->found++;
242 tmp = di_devfs_path(node);
243 (void) snprintf(devpath, sizeof (devpath), "/devices/%s", tmp);
244 di_devfs_path_free(tmp);
245
246 if ((hdl = devctl_device_acquire(devpath, 0)) == NULL) {
247 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, "
248 "but it could not be controlled.", devpath);
249 return (DI_WALK_CONTINUE);
250 }
251 if (devctl_device_remove(hdl) == 0) {
252 cb->killed++;
253 } else {
254 zerror(cb->zlogp, B_TRUE, "WARNING: console %s found, "
255 "but it could not be removed.", devpath);
256 }
257 devctl_release(hdl);
258 return (DI_WALK_CONTINUE);
259 }
260
261 static int
262 destroy_console_devs(zlog_t *zlogp)
263 {
264 char conspath[MAXPATHLEN];
265 di_node_t root;
266 struct cb_data cb;
267 int masterfd;
268 int slavefd;
269
270 /*
271 * Signal the master side to release its handle on the slave side by
272 * issuing a ZC_RELEASESLAVE ioctl.
273 */
274 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
275 zone_name, ZCONS_MASTER_NAME);
276 if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
277 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
278 zone_name, ZCONS_SLAVE_NAME);
279 if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) != -1) {
280 if (ioctl(masterfd, ZC_RELEASESLAVE,
281 (caddr_t)(intptr_t)slavefd) != 0)
282 zerror(zlogp, B_TRUE, "WARNING: error while "
283 "releasing slave handle of zone console for"
284 " %s", zone_name);
285 (void) close(slavefd);
286 } else {
287 zerror(zlogp, B_TRUE, "WARNING: could not open slave "
288 "side of zone console for %s to release slave "
289 "handle", zone_name);
290 }
291 (void) close(masterfd);
292 } else {
293 zerror(zlogp, B_TRUE, "WARNING: could not open master side of "
294 "zone console for %s to release slave handle", zone_name);
295 }
296
297 bzero(&cb, sizeof (cb));
298 cb.zlogp = zlogp;
299
300 if ((root = di_init(ZCONSNEX_DEVTREEPATH, DINFOCPYALL)) ==
301 DI_NODE_NIL) {
302 zerror(zlogp, B_TRUE, "%s failed", "di_init");
303 return (-1);
304 }
305
306 (void) di_walk_node(root, DI_WALK_CLDFIRST, (void *)&cb, destroy_cb);
307 if (cb.found > 1) {
308 zerror(zlogp, B_FALSE, "WARNING: multiple zone console "
309 "instances detected for zone '%s'; %d of %d "
310 "successfully removed.",
311 zone_name, cb.killed, cb.found);
312 }
313
314 di_fini(root);
315 return (0);
316 }
317
318 /*
319 * init_console_dev() drives the device-tree configuration of the zone
320 * console device. The general strategy is to use the libdevice (devctl)
321 * interfaces to instantiate a new zone console node. We do a lot of
322 * sanity checking, and are careful to reuse a console if one exists.
323 *
324 * Once the device is in the device tree, we kick devfsadm via di_init_devs()
325 * to ensure that the appropriate symlinks (to the master and slave console
326 * devices) are placed in /dev in the global zone.
327 */
328 static int
329 init_console_dev(zlog_t *zlogp)
330 {
331 char conspath[MAXPATHLEN];
332 devctl_hdl_t bus_hdl = NULL;
333 devctl_hdl_t dev_hdl = NULL;
334 devctl_ddef_t ddef_hdl = NULL;
335 di_devlink_handle_t dl = NULL;
336 int rv = -1;
337 int ndevs;
338 int masterfd;
339 int slavefd;
340 int i;
341
342 /*
343 * Don't re-setup console if it is working and ready already; just
344 * skip ahead to making devlinks, which we do for sanity's sake.
345 */
346 ndevs = count_console_devs(zlogp);
347 if (ndevs == 1) {
348 goto devlinks;
349 } else if (ndevs > 1 || ndevs == -1) {
350 /*
351 * For now, this seems like a reasonable but harsh punishment.
352 * If needed, we could try to get clever and delete all but
353 * the console which is pointed at by the current symlink.
354 */
355 if (destroy_console_devs(zlogp) == -1) {
356 goto error;
357 }
358 }
359
360 /*
361 * Time to make the consoles!
362 */
363 if ((bus_hdl = devctl_bus_acquire(ZCONSNEX_FILEPATH, 0)) == NULL) {
364 zerror(zlogp, B_TRUE, "%s failed", "devctl_bus_acquire");
365 goto error;
366 }
367 if ((ddef_hdl = devctl_ddef_alloc("zcons", 0)) == NULL) {
368 zerror(zlogp, B_TRUE, "failed to allocate ddef handle");
369 goto error;
370 }
371 /*
372 * Set three properties on this node; the first is the name of the
373 * zone; the second is a flag which lets pseudo know that it is
374 * OK to automatically allocate an instance # for this device;
375 * the third tells the device framework not to auto-detach this
376 * node-- we need the node to still be there when we ask devfsadmd
377 * to make links, and when we need to open it.
378 */
379 if (devctl_ddef_string(ddef_hdl, "zonename", zone_name) == -1) {
380 zerror(zlogp, B_TRUE, "failed to create zonename property");
381 goto error;
382 }
383 if (devctl_ddef_int(ddef_hdl, "auto-assign-instance", 1) == -1) {
384 zerror(zlogp, B_TRUE, "failed to create auto-assign-instance "
385 "property");
386 goto error;
387 }
388 if (devctl_ddef_int(ddef_hdl, "ddi-no-autodetach", 1) == -1) {
389 zerror(zlogp, B_TRUE, "failed to create ddi-no-auto-detach "
390 "property");
391 goto error;
392 }
393 if (devctl_bus_dev_create(bus_hdl, ddef_hdl, 0, &dev_hdl) == -1) {
394 zerror(zlogp, B_TRUE, "failed to create console node");
395 goto error;
396 }
397
398 devlinks:
399 if ((dl = di_devlink_init("zcons", DI_MAKE_LINK)) != NULL) {
400 (void) di_devlink_fini(&dl);
401 } else {
402 zerror(zlogp, B_TRUE, "failed to create devlinks");
403 goto error;
404 }
405
406 /*
407 * Open the master side of the console and issue the ZC_HOLDSLAVE ioctl,
408 * which will cause the master to retain a reference to the slave.
409 * This prevents ttymon from blowing through the slave's STREAMS anchor.
410 */
411 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
412 zone_name, ZCONS_MASTER_NAME);
413 if ((masterfd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
414 zerror(zlogp, B_TRUE, "ERROR: could not open master side of "
415 "zone console for %s to acquire slave handle", zone_name);
416 goto error;
417 }
418 (void) snprintf(conspath, sizeof (conspath), "/dev/zcons/%s/%s",
419 zone_name, ZCONS_SLAVE_NAME);
420 if ((slavefd = open(conspath, O_RDWR | O_NOCTTY)) == -1) {
421 zerror(zlogp, B_TRUE, "ERROR: could not open slave side of zone"
422 " console for %s to acquire slave handle", zone_name);
423 (void) close(masterfd);
424 goto error;
425 }
426 /*
427 * This ioctl can occasionally return ENXIO if devfs doesn't have
428 * everything plumbed up yet due to heavy zone startup load. Wait for
429 * 1 sec. and retry a few times before we fail to boot the zone.
430 */
431 for (i = 0; i < 5; i++) {
432 if (ioctl(masterfd, ZC_HOLDSLAVE, (caddr_t)(intptr_t)slavefd)
433 == 0) {
434 rv = 0;
435 break;
436 } else if (errno != ENXIO) {
437 break;
438 }
439 (void) sleep(1);
440 }
441 if (rv != 0)
442 zerror(zlogp, B_TRUE, "ERROR: error while acquiring slave "
443 "handle of zone console for %s", zone_name);
444
445 (void) close(slavefd);
446 (void) close(masterfd);
447
448 error:
449 if (ddef_hdl)
450 devctl_ddef_free(ddef_hdl);
451 if (bus_hdl)
452 devctl_release(bus_hdl);
453 if (dev_hdl)
454 devctl_release(dev_hdl);
455 return (rv);
456 }
457
458 static int
459 init_console_sock(zlog_t *zlogp)
460 {
461 int servfd;
462 struct sockaddr_un servaddr;
463
464 bzero(&servaddr, sizeof (servaddr));
465 servaddr.sun_family = AF_UNIX;
466 (void) snprintf(servaddr.sun_path, sizeof (servaddr.sun_path),
467 CONSOLE_SOCKPATH, zone_name);
468
469 if ((servfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
470 zerror(zlogp, B_TRUE, "console setup: could not create socket");
471 return (-1);
472 }
473 (void) unlink(servaddr.sun_path);
474
475 if (bind(servfd, (struct sockaddr *)&servaddr,
476 sizeof (servaddr)) == -1) {
477 zerror(zlogp, B_TRUE,
478 "console setup: could not bind to socket");
479 goto out;
480 }
481
482 if (listen(servfd, 4) == -1) {
483 zerror(zlogp, B_TRUE,
484 "console setup: could not listen on socket");
485 goto out;
486 }
487 return (servfd);
488
489 out:
490 (void) unlink(servaddr.sun_path);
491 (void) close(servfd);
492 return (-1);
493 }
494
495 static void
496 destroy_console_sock(int servfd)
497 {
498 char path[MAXPATHLEN];
499
500 (void) snprintf(path, sizeof (path), CONSOLE_SOCKPATH, zone_name);
501 (void) unlink(path);
502 (void) shutdown(servfd, SHUT_RDWR);
503 (void) close(servfd);
504 }
505
506 /*
507 * Read the "ident" string from the client's descriptor; this routine also
508 * tolerates being called with pid=NULL, for times when you want to "eat"
509 * the ident string from a client without saving it.
510 */
511 static int
512 get_client_ident(int clifd, pid_t *pid, char *locale, size_t locale_len)
513 {
514 char buf[BUFSIZ], *bufp;
515 size_t buflen = sizeof (buf);
516 char c = '\0';
517 int i = 0, r;
518
519 /* "eat up the ident string" case, for simplicity */
520 if (pid == NULL) {
521 assert(locale == NULL && locale_len == 0);
522 while (read(clifd, &c, 1) == 1) {
523 if (c == '\n')
524 return (0);
525 }
526 }
527
528 bzero(buf, sizeof (buf));
529 while ((buflen > 1) && (r = read(clifd, &c, 1)) == 1) {
530 buflen--;
531 if (c == '\n')
532 break;
533
534 buf[i] = c;
535 i++;
536 }
537 if (r == -1)
538 return (-1);
539
540 /*
541 * We've filled the buffer, but still haven't seen \n. Keep eating
542 * until we find it; we don't expect this to happen, but this is
543 * defensive.
544 */
545 if (c != '\n') {
546 while ((r = read(clifd, &c, sizeof (c))) > 0)
547 if (c == '\n')
548 break;
549 }
550
551 /*
552 * Parse buffer for message of the form: IDENT <pid> <locale>
553 */
554 bufp = buf;
555 if (strncmp(bufp, "IDENT ", 6) != 0)
556 return (-1);
557 bufp += 6;
558 errno = 0;
559 *pid = strtoll(bufp, &bufp, 10);
560 if (errno != 0)
561 return (-1);
562
563 while (*bufp != '\0' && isspace(*bufp))
564 bufp++;
565 (void) strlcpy(locale, bufp, locale_len);
566
567 return (0);
568 }
569
570 static int
571 accept_client(int servfd, pid_t *pid, char *locale, size_t locale_len)
572 {
573 int connfd;
574 struct sockaddr_un cliaddr;
575 socklen_t clilen;
576
577 clilen = sizeof (cliaddr);
578 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen);
579 if (connfd == -1)
580 return (-1);
581 if (get_client_ident(connfd, pid, locale, locale_len) == -1) {
582 (void) shutdown(connfd, SHUT_RDWR);
583 (void) close(connfd);
584 return (-1);
585 }
586 (void) write(connfd, "OK\n", 3);
587 return (connfd);
588 }
589
590 static void
591 reject_client(int servfd, pid_t clientpid)
592 {
593 int connfd;
594 struct sockaddr_un cliaddr;
595 socklen_t clilen;
596 char nak[MAXPATHLEN];
597
598 clilen = sizeof (cliaddr);
599 connfd = accept(servfd, (struct sockaddr *)&cliaddr, &clilen);
600
601 /*
602 * After hear its ident string, tell client to get lost.
603 */
604 if (get_client_ident(connfd, NULL, NULL, 0) == 0) {
605 (void) snprintf(nak, sizeof (nak), "%lu\n",
606 clientpid);
607 (void) write(connfd, nak, strlen(nak));
608 }
609 (void) shutdown(connfd, SHUT_RDWR);
610 (void) close(connfd);
611 }
612
613 static void
614 event_message(int clifd, char *clilocale, zone_evt_t evt)
615 {
616 char *str, *lstr = NULL;
617 char lmsg[BUFSIZ];
618 char outbuf[BUFSIZ];
619
620 if (clifd == -1)
621 return;
622
623 switch (evt) {
624 case Z_EVT_ZONE_BOOTING:
625 if (*boot_args == '\0') {
626 str = "NOTICE: Zone booting up";
627 break;
628 }
629 /*LINTED*/
630 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale,
631 "NOTICE: Zone booting up with arguments: %s"), boot_args);
632 lstr = lmsg;
633 break;
634 case Z_EVT_ZONE_READIED:
635 str = "NOTICE: Zone readied";
636 break;
637 case Z_EVT_ZONE_HALTED:
638 str = "NOTICE: Zone halted";
639 break;
640 case Z_EVT_ZONE_REBOOTING:
641 if (*boot_args == '\0') {
642 str = "NOTICE: Zone rebooting";
643 break;
644 }
645 /*LINTED*/
646 (void) snprintf(lmsg, sizeof (lmsg), localize_msg(clilocale,
647 "NOTICE: Zone rebooting with arguments: %s"), boot_args);
648 lstr = lmsg;
649 break;
650 case Z_EVT_ZONE_UNINSTALLING:
651 str = "NOTICE: Zone is being uninstalled. Disconnecting...";
652 break;
653 case Z_EVT_ZONE_BOOTFAILED:
654 str = "NOTICE: Zone boot failed";
655 break;
656 case Z_EVT_ZONE_BADARGS:
657 /*LINTED*/
658 (void) snprintf(lmsg, sizeof (lmsg),
659 localize_msg(clilocale,
660 "WARNING: Ignoring invalid boot arguments: %s"),
661 bad_boot_arg);
662 lstr = lmsg;
663 break;
664 default:
665 return;
666 }
667
668 if (lstr == NULL)
669 lstr = localize_msg(clilocale, str);
670 (void) snprintf(outbuf, sizeof (outbuf), "\r\n[%s]\r\n", lstr);
671 (void) write(clifd, outbuf, strlen(outbuf));
672 }
673
674 /*
675 * Check to see if the client at the other end of the socket is still
676 * alive; we know it is not if it throws EPIPE at us when we try to write
677 * an otherwise harmless 0-length message to it.
678 */
679 static int
680 test_client(int clifd)
681 {
682 if ((write(clifd, "", 0) == -1) && errno == EPIPE)
683 return (-1);
684 return (0);
685 }
686
687 /*
688 * This routine drives the console I/O loop. It polls for input from the
689 * master side of the console (output to the console), and from the client
690 * (input from the console user). Additionally, it polls on the server fd,
691 * and disconnects any clients that might try to hook up with the zone while
692 * the console is in use.
693 *
694 * When the client first calls us up, it is expected to send a line giving
695 * its "identity"; this consists of the string 'IDENT <pid> <locale>'.
696 * This is so that we can report that the console is busy along with
697 * some diagnostics about who has it busy; the locale is used so that
698 * asynchronous messages about zone state (like the NOTICE: zone halted
699 * messages) can be output in the user's locale.
700 */
701 static void
702 do_console_io(zlog_t *zlogp, int consfd, int servfd)
703 {
704 struct pollfd pollfds[4];
705 char ibuf[BUFSIZ];
706 int cc, ret;
707 int clifd = -1;
708 int pollerr = 0;
709 char clilocale[MAXPATHLEN];
710 pid_t clipid = 0;
711
712 /* console side, watch for read events */
713 pollfds[0].fd = consfd;
714 pollfds[0].events = POLLIN | POLLRDNORM | POLLRDBAND |
715 POLLPRI | POLLERR | POLLHUP | POLLNVAL;
716
717 /* client side, watch for read events */
718 pollfds[1].fd = clifd;
719 pollfds[1].events = pollfds[0].events;
720
721 /* the server socket; watch for events (new connections) */
722 pollfds[2].fd = servfd;
723 pollfds[2].events = pollfds[0].events;
724
725 /* the eventstram; watch for events (e.g.: zone halted) */
726 pollfds[3].fd = eventstream[1];
727 pollfds[3].events = pollfds[0].events;
728
729 for (;;) {
730 pollfds[0].revents = pollfds[1].revents = 0;
731 pollfds[2].revents = pollfds[3].revents = 0;
732
733 ret = poll(pollfds,
734 sizeof (pollfds) / sizeof (struct pollfd), -1);
735 if (ret == -1 && errno != EINTR) {
736 zerror(zlogp, B_TRUE, "poll failed");
737 /* we are hosed, close connection */
738 break;
739 }
740
741 /* event from console side */
742 if (pollfds[0].revents) {
743 if (pollfds[0].revents &
744 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) {
745 errno = 0;
746 cc = read(consfd, ibuf, BUFSIZ);
747 if (cc <= 0 && (errno != EINTR) &&
748 (errno != EAGAIN))
749 break;
750 /*
751 * Lose I/O if no one is listening
752 */
753 if (clifd != -1 && cc > 0)
754 (void) write(clifd, ibuf, cc);
755 } else {
756 pollerr = pollfds[0].revents;
757 zerror(zlogp, B_FALSE,
758 "closing connection with (console) "
759 "pollerr %d\n", pollerr);
760 break;
761 }
762 }
763
764 /* event from client side */
765 if (pollfds[1].revents) {
766 if (pollfds[1].revents &
767 (POLLIN | POLLRDNORM | POLLRDBAND | POLLPRI)) {
768 errno = 0;
769 cc = read(clifd, ibuf, BUFSIZ);
770 if (cc <= 0 && (errno != EINTR) &&
771 (errno != EAGAIN))
772 break;
773 (void) write(consfd, ibuf, cc);
774 } else {
775 pollerr = pollfds[1].revents;
776 zerror(zlogp, B_FALSE,
777 "closing connection with (client) "
778 "pollerr %d\n", pollerr);
779 break;
780 }
781 }
782
783 /* event from server socket */
784 if (pollfds[2].revents &&
785 (pollfds[2].revents & (POLLIN | POLLRDNORM))) {
786 if (clifd != -1) {
787 /*
788 * Test the client to see if it is really
789 * still alive. If it has died but we
790 * haven't yet detected that, we might
791 * deny a legitimate connect attempt. If it
792 * is dead, we break out; once we tear down
793 * the old connection, the new connection
794 * will happen.
795 */
796 if (test_client(clifd) == -1) {
797 break;
798 }
799 /* we're already handling a client */
800 reject_client(servfd, clipid);
801
802
803 } else if ((clifd = accept_client(servfd, &clipid,
804 clilocale, sizeof (clilocale))) != -1) {
805 pollfds[1].fd = clifd;
806
807 } else {
808 break;
809 }
810 }
811
812 /*
813 * Watch for events on the eventstream. This is how we get
814 * notified of the zone halting, etc. It provides us a
815 * "wakeup" from poll when important things happen, which
816 * is good.
817 */
818 if (pollfds[3].revents) {
819 int evt = eventstream_read();
820 /*
821 * After we drain out the event, if we aren't servicing
822 * a console client, we hop back out to our caller,
823 * which will check to see if it is time to shutdown
824 * the daemon, or if we should take another console
825 * service lap.
826 */
827 if (clifd == -1) {
828 break;
829 }
830 event_message(clifd, clilocale, evt);
831 /*
832 * Special handling for the message that the zone is
833 * uninstalling; we boot the client, then break out
834 * of this function. When we return to the
835 * serve_console loop, we will see that the zone is
836 * in a state < READY, and so zoneadmd will shutdown.
837 */
838 if (evt == Z_EVT_ZONE_UNINSTALLING) {
839 break;
840 }
841 }
842
843 }
844
845 if (clifd != -1) {
846 (void) shutdown(clifd, SHUT_RDWR);
847 (void) close(clifd);
848 }
849 }
850
851 int
852 init_console(zlog_t *zlogp)
853 {
854 if (init_console_dev(zlogp) == -1) {
855 zerror(zlogp, B_FALSE,
856 "console setup: device initialization failed");
857 return (-1);
858 }
859
860 if ((serverfd = init_console_sock(zlogp)) == -1) {
861 zerror(zlogp, B_FALSE,
862 "console setup: socket initialization failed");
863 return (-1);
864 }
865 return (0);
866 }
867
868 /*
869 * serve_console() is the master loop for driving console I/O. It is also the
870 * routine which is ultimately responsible for "pulling the plug" on zoneadmd
871 * when it realizes that the daemon should shut down.
872 *
873 * The rules for shutdown are: there must be no console client, and the zone
874 * state must be < ready. However, we need to give things a chance to actually
875 * get going when the daemon starts up-- otherwise the daemon would immediately
876 * exit on startup if the zone was in the installed state, so we first drop
877 * into the do_console_io() loop in order to give *something* a chance to
878 * happen.
879 */
880 void
881 serve_console(zlog_t *zlogp)
882 {
883 int masterfd;
884 zone_state_t zstate;
885 char conspath[MAXPATHLEN];
886
887 (void) snprintf(conspath, sizeof (conspath),
888 "/dev/zcons/%s/%s", zone_name, ZCONS_MASTER_NAME);
889
890 for (;;) {
891 masterfd = open(conspath, O_RDWR|O_NONBLOCK|O_NOCTTY);
892 if (masterfd == -1) {
893 zerror(zlogp, B_TRUE, "failed to open console master");
894 (void) mutex_lock(&lock);
895 goto death;
896 }
897
898 /*
899 * Setting RPROTDIS on the stream means that the control
900 * portion of messages received (which we don't care about)
901 * will be discarded by the stream head. If we allowed such
902 * messages, we wouldn't be able to use read(2), as it fails
903 * (EBADMSG) when a message with a control element is received.
904 */
905 if (ioctl(masterfd, I_SRDOPT, RNORM|RPROTDIS) == -1) {
906 zerror(zlogp, B_TRUE, "failed to set options on "
907 "console master");
908 (void) mutex_lock(&lock);
909 goto death;
910 }
911
912 do_console_io(zlogp, masterfd, serverfd);
913
914 /*
915 * We would prefer not to do this, but hostile zone processes
916 * can cause the stream to become tainted, and reads will
917 * fail. So, in case something has gone seriously ill,
918 * we dismantle the stream and reopen the console when we
919 * take another lap.
920 */
921 (void) close(masterfd);
922
923 (void) mutex_lock(&lock);
924 /*
925 * We need to set death_throes (see below) atomically with
926 * respect to noticing that (a) we have no console client and
927 * (b) the zone is not installed. Otherwise we could get a
928 * request to boot during this time. Once we set death_throes,
929 * any incoming door stuff will be turned away.
930 */
931 if (zone_get_state(zone_name, &zstate) == Z_OK) {
932 if (zstate < ZONE_STATE_READY)
933 goto death;
934 } else {
935 zerror(zlogp, B_FALSE,
936 "unable to determine state of zone");
937 goto death;
938 }
939 /*
940 * Even if zone_get_state() fails, stay conservative, and
941 * take another lap.
942 */
943 (void) mutex_unlock(&lock);
944 }
945
946 death:
947 assert(MUTEX_HELD(&lock));
948 in_death_throes = B_TRUE;
949 (void) mutex_unlock(&lock);
950
951 destroy_console_sock(serverfd);
952 (void) destroy_console_devs(zlogp);
953 }