| blob | 7f86d30767f4e0a215d2b97502982df589e0d81e |
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
22 /*
23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
29 /*
30 * FMD Log File Subsystem
31 *
32 * Events are written to one of two log files as they are received or created;
33 * the error log tracks all ereport.* events received on the inbound event
34 * transport, and the fault log tracks all list.* events generated by fmd or
35 * its client modules. In addition, we use the same log file format to cache
36 * state and events associated with ASRUs that are named in a diagnosis.
37 *
38 * The log files use the exacct format manipulated by libexacct(3LIB) and
39 * originally defined in PSARC 1999/119. However, the exacct library was
40 * designed primarily for read-only clients and without the synchronous i/o
41 * considerations and seeking required for fmd, so we use libexacct here only
42 * to read and write the file headers and to pack data from memory into a file
43 * bytestream. All of the i/o and file offset manipulations are performed by
44 * the fmd code below. Our exacct file management uses the following grammar:
45 *
46 * file := hdr toc event*
47 * hdr := EXD_FMA_LABEL EXD_FMA_VERSION EXD_FMA_OSREL EXD_FMA_OSVER
48 * EXD_FMA_PLAT EXD_FMA_UUID
49 * toc := EXD_FMA_OFFSET
50 * event := EXD_FMA_TODSEC EXD_FMA_TODNSEC EXD_FMA_NVLIST evref* or legacy evref
51 * evref := EXD_FMA_UUID EXD_FMA_OFFSET
52 * legacy evref := EXD_FMA_MAJOR EXD_FMA_MINOR EXD_FMA_INODE EXD_FMA_OFFSET
53 *
54 * Any event can be uniquely identified by the tuple (file, offset) where file
55 * is encoded as (uuid) when we are cross-linking files. For legacy file
56 * formats we still support encoding the reference as (major, minor, inode).
57 * Note that we break out of the file's dev_t into its two 32-bit components to
58 * permit development of either 32-bit or 64-bit log readers and writers; the
59 * LFS APIs do not yet export a 64-bit dev_t to fstat64(), so there is no way
60 * for a 32-bit application to retrieve and store a 64-bit dev_t.
61 *
62 * In order to replay events in the event of an fmd crash, events are initially
63 * written to the error log using the group catalog tag EXD_GROUP_RFMA by the
64 * fmd_log_append() function. Later, once an event transitions from the
65 * received state to one of its other states (see fmd_event.c for details),
66 * fmd_log_commit() is used to overwrite the tag with EXD_GROUP_FMA, indicating
67 * that the event is fully processed and no longer needs to be replayed.
68 */
70 #include <sys/types.h>
71 #include <sys/mkdev.h>
72 #include <sys/statvfs.h>
73 #include <sys/fm/protocol.h>
74 #include <sys/exacct_impl.h>
75 #include <uuid/uuid.h>
77 #include <unistd.h>
78 #include <limits.h>
79 #include <fcntl.h>
80 #include <ctype.h>
82 #include <fmd_alloc.h>
83 #include <fmd_error.h>
84 #include <fmd_string.h>
85 #include <fmd_event.h>
86 #include <fmd_conf.h>
87 #include <fmd_subr.h>
88 #include <fmd_case.h>
89 #include <fmd_log.h>
91 #include <fmd.h>
93 #define CAT_FMA_RGROUP (EXT_GROUP | EXC_DEFAULT | EXD_GROUP_RFMA)
94 #define CAT_FMA_GROUP (EXT_GROUP | EXC_DEFAULT | EXD_GROUP_FMA)
96 #define CAT_FMA_LABEL (EXT_STRING | EXC_DEFAULT | EXD_FMA_LABEL)
97 #define CAT_FMA_VERSION (EXT_STRING | EXC_DEFAULT | EXD_FMA_VERSION)
98 #define CAT_FMA_OSREL (EXT_STRING | EXC_DEFAULT | EXD_FMA_OSREL)
99 #define CAT_FMA_OSVER (EXT_STRING | EXC_DEFAULT | EXD_FMA_OSVER)
100 #define CAT_FMA_PLAT (EXT_STRING | EXC_DEFAULT | EXD_FMA_PLAT)
101 #define CAT_FMA_UUID (EXT_STRING | EXC_DEFAULT | EXD_FMA_UUID)
102 #define CAT_FMA_TODSEC (EXT_UINT64 | EXC_DEFAULT | EXD_FMA_TODSEC)
103 #define CAT_FMA_TODNSEC (EXT_UINT64 | EXC_DEFAULT | EXD_FMA_TODNSEC)
104 #define CAT_FMA_NVLIST (EXT_RAW | EXC_DEFAULT | EXD_FMA_NVLIST)
105 #define CAT_FMA_MAJOR (EXT_UINT32 | EXC_DEFAULT | EXD_FMA_MAJOR)
106 #define CAT_FMA_MINOR (EXT_UINT32 | EXC_DEFAULT | EXD_FMA_MINOR)
107 #define CAT_FMA_INODE (EXT_UINT64 | EXC_DEFAULT | EXD_FMA_INODE)
108 #define CAT_FMA_OFFSET (EXT_UINT64 | EXC_DEFAULT | EXD_FMA_OFFSET)
110 static ssize_t
112 {
114 ssize_t len;
124 }
130 }
132 static int
134 {
139 uuid_t uuid;
205 }
207 static int
209 {
219 }
221 static int
223 {
235 /*
236 * Read the first group of log meta-data: the write-once read-only
237 * file header. We read all records in this group, ignoring all but
238 * the VERSION and LABEL, which are required and must be verified.
239 */
245 }
254 else
256 }
262 else
264 }
272 }
274 got_version++;
284 }
285 got_label++;
289 FMD_SLEEP);
292 }
293 }
302 }
304 /*
305 * Read the second group of log meta-data: the table of contents. We
306 * expect this group to contain an OFFSET object indicating the current
307 * value of log_skip. We save this in our fmd_log_t and then return.
308 */
315 }
326 }
330 }
332 static int
334 {
345 }
349 }
353 {
379 top:
385 }
387 /*
388 * If our open() created the log file, use libexacct to write a header
389 * and position the file just after the header (EO_TAIL). If the log
390 * file already existed, use libexacct to validate the header and again
391 * position the file just after the header (EO_HEAD). Note that we lie
392 * to libexacct about 'oflags' in order to achieve the desired result.
393 */
400 }
402 /*
403 * If ea_fdopen() failed and the log was pre-existing, attempt to move
404 * it aside and start a new one. If we created the log but failed to
405 * initialize it, then we have no choice but to give up (e.g. EROFS).
406 */
414 }
425 }
429 }
435 }
437 fmd_log_t *
439 {
441 }
443 fmd_log_t *
445 {
447 }
449 void
451 {
458 }
463 }
471 }
473 void
475 {
484 }
487 }
489 void
491 {
496 }
498 void
500 {
506 else
508 }
510 void
512 {
521 statvfs64_t stv;
534 else
545 }
551 /*
552 * If this event has a case associated with it (i.e. it is a list),
553 * then allocate a block of ea_object_t's and fill in a group for
554 * each event saved in the case's item list. For each such group,
555 * we attach it to grp1, which in turn will be attached to grp0.
556 */
568 major_t maj;
569 minor_t min;
582 /*
583 * If the event log file is in legacy format,
584 * then write the xref to the file in the legacy
585 * maj/min/inode method else write it using the
586 * file uuid.
587 */
601 }
606 }
610 }
612 }
618 /*
619 * Before writing the record, check to see if this would cause the free
620 * space in the filesystem to drop below our minfree threshold. If so,
621 * don't bother attempting the write and instead pretend it failed. As
622 * fmd(1M) runs as root, it will be able to access the space "reserved"
623 * for root, and therefore can run the system of out of disk space in a
624 * heavy error load situation, violating the basic design principle of
625 * fmd(1M) that we don't want to make a bad situation even worse.
626 */
647 }
655 /*
656 * If we can't write append the record, seek the file back to
657 * the original location and truncate it there in order to make
658 * sure the file is always in a sane state w.r.t. libexacct.
659 */
662 }
669 exerrcp:
678 }
681 }
683 exerr:
690 /*
691 * Keep track of out-of-space errors using global statistics. As we're
692 * out of disk space, it's unlikely the EFMD_LOG_APPEND will be logged.
693 */
701 else
707 }
712 }
713 }
715 /*
716 * Commit an event to the log permanently, indicating that it should not be
717 * replayed on restart. This is done by overwriting the event group's catalog
718 * code with EXD_GROUP_FMA (from EXD_GROUP_RFMA used in fmd_log_append()). We
719 * use pwrite64() to update the existing word directly, using somewhat guilty
720 * knowledge that exacct stores the 32-bit catalog word first for each object.
721 * Since we are overwriting an existing log location using pwrite64() and hold
722 * the event lock, we do not need to hold the log_lock during the i/o.
723 */
724 void
726 {
728 ea_catalog_t c;
744 /*
745 * If we have committed the event, check to see if the TOC skip
746 * offset needs to be updated, and decrement the pending count.
747 */
753 }
764 }
765 }
767 /*
768 * If we need to destroy an event and it wasn't able to be committed, we permit
769 * the owner to decommit from ever trying again. This operation decrements the
770 * pending count on the log and broadcasts to anyone waiting on log_cv.
771 */
772 void
774 {
793 }
797 {
813 }
823 }
824 }
831 }
838 }
842 }
844 /*
845 * Replay event(s) from the specified log by invoking the specified callback
846 * function 'func' for each event. If the log has the FMD_LF_REPLAY flag set,
847 * we replay all events after log_skip that have the FMA_RGROUP group tag.
848 * This mode is used for the error telemetry log. If the log does not have
849 * this flag set (used for ASRU logs), only the most recent event is replayed.
850 */
851 void
853 {
855 ea_object_type_t type;
856 ea_catalog_t c;
866 }
874 }
880 /*
881 * If FMD_LF_REPLAY is set, begin our replay at either log_skip (if it
882 * is non-zero) or at log_beg. Otherwise replay from the end (log_off)
883 */
890 }
895 }
897 /*
898 * If FMD_LF_REPLAY is not set, back up to the start of the previous
899 * object and make sure this object is an EO_GROUP; otherwise return.
900 */
906 }
914 /*
915 * We temporarily drop log_lock around the call to unpack the
916 * event, hold it, and perform the callback, because these
917 * operations may try to acquire log_lock to bump log_refs.
918 * We cannot lose control because the FMD_LF_BUSY flag is set.
919 */
931 n++;
932 }
937 }
943 }
948 out:
952 }
957 }
962 }
964 void
966 {
977 }
981 /*
982 * If the skip needs to be updated, construct a TOC record group
983 * containing the skip offset and overwrite the TOC in-place.
984 */
1000 }
1004 }
1005 }
1007 /*
1008 * Rotate the specified log by renaming its underlying file to a staging file
1009 * that can be handed off to logadm(1M) or an administrator script. If the
1010 * rename succeeds, open a new log file using the old path and return it.
1011 * Note that we are relying our caller to use some higher-level mechanism to
1012 * ensure that fmd_log_rotate() cannot be called while other threads are
1013 * attempting fmd_log_append() using the same log (fmd's d_log_lock is used
1014 * for the global errlog and fltlog).
1015 */
1016 fmd_log_t *
1018 {
1024 /*
1025 * Open new log file.
1026 */
1031 }
1036 /*
1037 * Check for any pending commits to drain before proceeding. We can't
1038 * rotate the log out if commits are pending because if we die after
1039 * the log is moved aside, we won't be able to replay them on restart.
1040 */
1047 }
1056 }
1066 }
1068 /*
1069 * Change name of new log file
1070 */
1074 /*
1075 * If we've rotated the log, no pending events exist so we don't have
1076 * any more commits coming, and our caller should have arranged for
1077 * no more calls to append. As such, we can close log_fd for good.
1078 */
1082 }
1089 }