search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8322 nl: misleading-indentation
[unleashed/tickless.git] / usr / src / cmd / svc / startd / graph.c
blob62fbbf15146ff2d89f13e17f03c7861626ce5734
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2015, Syneto S.R.L. All rights reserved.
25 * Copyright 2016 Toomas Soome <tsoome@me.com>
26 * Copyright 2016 RackTop Systems.
27 */
28
29 /*
30 * graph.c - master restarter graph engine
31 *
32 * The graph engine keeps a dependency graph of all service instances on the
33 * system, as recorded in the repository. It decides when services should
34 * be brought up or down based on service states and dependencies and sends
35 * commands to restarters to effect any changes. It also executes
36 * administrator commands sent by svcadm via the repository.
37 *
38 * The graph is stored in uu_list_t *dgraph and its vertices are
39 * graph_vertex_t's, each of which has a name and an integer id unique to
40 * its name (see dict.c). A vertex's type attribute designates the type
41 * of object it represents: GVT_INST for service instances, GVT_SVC for
42 * service objects (since service instances may depend on another service,
43 * rather than service instance), GVT_FILE for files (which services may
44 * depend on), and GVT_GROUP for dependencies on multiple objects. GVT_GROUP
45 * vertices are necessary because dependency lists may have particular
46 * grouping types (require any, require all, optional, or exclude) and
47 * event-propagation characteristics.
48 *
49 * The initial graph is built by libscf_populate_graph() invoking
50 * dgraph_add_instance() for each instance in the repository. The function
51 * adds a GVT_SVC vertex for the service if one does not already exist, adds
52 * a GVT_INST vertex named by the FMRI of the instance, and sets up the edges.
53 * The resulting web of vertices & edges associated with an instance's vertex
54 * includes
55 *
56 * - an edge from the GVT_SVC vertex for the instance's service
57 *
58 * - an edge to the GVT_INST vertex of the instance's resarter, if its
59 * restarter is not svc.startd
60 *
61 * - edges from other GVT_INST vertices if the instance is a restarter
62 *
63 * - for each dependency property group in the instance's "running"
64 * snapshot, an edge to a GVT_GROUP vertex named by the FMRI of the
65 * instance and the name of the property group
66 *
67 * - for each value of the "entities" property in each dependency property
68 * group, an edge from the corresponding GVT_GROUP vertex to a
69 * GVT_INST, GVT_SVC, or GVT_FILE vertex
70 *
71 * - edges from GVT_GROUP vertices for each dependent instance
72 *
73 * After the edges are set up the vertex's GV_CONFIGURED flag is set. If
74 * there are problems, or if a service is mentioned in a dependency but does
75 * not exist in the repository, the GV_CONFIGURED flag will be clear.
76 *
77 * The graph and all of its vertices are protected by the dgraph_lock mutex.
78 * See restarter.c for more information.
79 *
80 * The properties of an instance fall into two classes: immediate and
81 * snapshotted. Immediate properties should have an immediate effect when
82 * changed. Snapshotted properties should be read from a snapshot, so they
83 * only change when the snapshot changes. The immediate properties used by
84 * the graph engine are general/enabled, general/restarter, and the properties
85 * in the restarter_actions property group. Since they are immediate, they
86 * are not read out of a snapshot. The snapshotted properties used by the
87 * graph engine are those in the property groups with type "dependency" and
88 * are read out of the "running" snapshot. The "running" snapshot is created
89 * by the the graph engine as soon as possible, and it is updated, along with
90 * in-core copies of the data (dependency information for the graph engine) on
91 * receipt of the refresh command from svcadm. In addition, the graph engine
92 * updates the "start" snapshot from the "running" snapshot whenever a service
93 * comes online.
94 *
95 * When a DISABLE event is requested by the administrator, svc.startd shutdown
96 * the dependents first before shutting down the requested service.
97 * In graph_enable_by_vertex, we create a subtree that contains the dependent
98 * vertices by marking those vertices with the GV_TOOFFLINE flag. And we mark
99 * the vertex to disable with the GV_TODISABLE flag. Once the tree is created,
100 * we send the _ADMIN_DISABLE event to the leaves. The leaves will then
101 * transition from STATE_ONLINE/STATE_DEGRADED to STATE_OFFLINE/STATE_MAINT.
102 * In gt_enter_offline and gt_enter_maint if the vertex was in a subtree then
103 * we clear the GV_TOOFFLINE flag and walk the dependencies to offline the new
104 * exposed leaves. We do the same until we reach the last leaf (the one with
105 * the GV_TODISABLE flag). If the vertex to disable is also part of a larger
106 * subtree (eg. multiple DISABLE events on vertices in the same subtree) then
107 * once the first vertex is disabled (GV_TODISABLE flag is removed), we
108 * continue to propagate the offline event to the vertex's dependencies.
109 *
110 *
111 * SMF state transition notifications
112 *
113 * When an instance of a service managed by SMF changes state, svc.startd may
114 * publish a GPEC sysevent. All transitions to or from maintenance, a
115 * transition cause by a hardware error will generate an event.
116 * Other transitions will generate an event if there exist notification
117 * parameter for that transition. Notification parameters are stored in the
118 * SMF repository for the service/instance they refer to. System-wide
119 * notification parameters are stored in the global instance.
120 * svc.startd can be told to send events for all SMF state transitions despite
121 * of notification parameters by setting options/info_events_all to true in
122 * restarter:default
123 *
124 * The set of transitions that generate events is cached in the
125 * dgraph_vertex_t gv_stn_tset for service/instance and in the global
126 * stn_global for the system-wide set. They are re-read when instances are
127 * refreshed.
128 *
129 * The GPEC events published by svc.startd are consumed by fmd(1M). After
130 * processing these events, fmd(1M) publishes the processed events to
131 * notification agents. The notification agents read the notification
132 * parameters from the SMF repository through libscf(3LIB) interfaces and send
133 * the notification, or not, based on those parameters.
134 *
135 * Subscription and publishing to the GPEC channels is done with the
136 * libfmevent(3LIB) wrappers fmev_[r]publish_*() and
137 * fmev_shdl_(un)subscribe().
138 *
139 */
140
141 #include <sys/uadmin.h>
142 #include <sys/wait.h>
143
144 #include <assert.h>
145 #include <errno.h>
146 #include <fcntl.h>
147 #include <fm/libfmevent.h>
148 #include <libscf.h>
149 #include <libscf_priv.h>
150 #include <librestart.h>
151 #include <libuutil.h>
152 #include <locale.h>
153 #include <poll.h>
154 #include <pthread.h>
155 #include <signal.h>
156 #include <stddef.h>
157 #include <stdio.h>
158 #include <stdlib.h>
159 #include <string.h>
160 #include <strings.h>
161 #include <sys/statvfs.h>
162 #include <sys/uadmin.h>
163 #include <zone.h>
164 #if defined(__x86)
165 #include <libbe.h>
166 #endif /* __x86 */
167
168 #include "startd.h"
169 #include "protocol.h"
170
171
172 #define MILESTONE_NONE ((graph_vertex_t *)1)
173
174 #define CONSOLE_LOGIN_FMRI "svc:/system/console-login:default"
175 #define FS_MINIMAL_FMRI "svc:/system/filesystem/minimal:default"
176
177 #define VERTEX_REMOVED 0 /* vertex has been freed */
178 #define VERTEX_INUSE 1 /* vertex is still in use */
179
180 #define IS_ENABLED(v) ((v)->gv_flags & (GV_ENABLED | GV_ENBLD_NOOVR))
181
182 /*
183 * stn_global holds the tset for the system wide notification parameters.
184 * It is updated on refresh of svc:/system/svc/global:default
185 *
186 * There are two assumptions that relax the need for a mutex:
187 * 1. 32-bit value assignments are atomic
188 * 2. Its value is consumed only in one point at
189 * dgraph_state_transition_notify(). There are no test and set races.
190 *
191 * If either assumption is broken, we'll need a mutex to synchronize
192 * access to stn_global
193 */
194 int32_t stn_global;
195 /*
196 * info_events_all holds a flag to override notification parameters and send
197 * Information events for all state transitions.
198 * same about the need of a mutex here.
199 */
200 int info_events_all;
201
202 /*
203 * Services in these states are not considered 'down' by the
204 * milestone/shutdown code.
205 */
206 #define up_state(state) ((state) == RESTARTER_STATE_ONLINE || \
207 (state) == RESTARTER_STATE_DEGRADED || \
208 (state) == RESTARTER_STATE_OFFLINE)
209
210 #define is_depgrp_bypassed(v) ((v->gv_type == GVT_GROUP) && \
211 ((v->gv_depgroup == DEPGRP_EXCLUDE_ALL) || \
212 (v->gv_restart < RERR_RESTART)))
213
214 #define is_inst_bypassed(v) ((v->gv_type == GVT_INST) && \
215 ((v->gv_flags & GV_TODISABLE) || \
216 (v->gv_flags & GV_TOOFFLINE)))
217
218 static uu_list_pool_t *graph_edge_pool, *graph_vertex_pool;
219 static uu_list_t *dgraph;
220 static pthread_mutex_t dgraph_lock;
221
222 /*
223 * milestone indicates the current subgraph. When NULL, it is the entire
224 * graph. When MILESTONE_NONE, it is the empty graph. Otherwise, it is all
225 * services on which the target vertex depends.
226 */
227 static graph_vertex_t *milestone = NULL;
228 static boolean_t initial_milestone_set = B_FALSE;
229 static pthread_cond_t initial_milestone_cv = PTHREAD_COND_INITIALIZER;
230
231 /* protected by dgraph_lock */
232 static boolean_t sulogin_thread_running = B_FALSE;
233 static boolean_t sulogin_running = B_FALSE;
234 static boolean_t console_login_ready = B_FALSE;
235
236 /* Number of services to come down to complete milestone transition. */
237 static uint_t non_subgraph_svcs;
238
239 /*
240 * These variables indicate what should be done when we reach the milestone
241 * target milestone, i.e., when non_subgraph_svcs == 0. They are acted upon in
242 * dgraph_set_instance_state().
243 */
244 static int halting = -1;
245 static boolean_t go_single_user_mode = B_FALSE;
246 static boolean_t go_to_level1 = B_FALSE;
247
248 /*
249 * Tracks when we started halting.
250 */
251 static time_t halting_time = 0;
252
253 /*
254 * This tracks the legacy runlevel to ensure we signal init and manage
255 * utmpx entries correctly.
256 */
257 static char current_runlevel = '\0';
258
259 /* Number of single user threads currently running */
260 static pthread_mutex_t single_user_thread_lock;
261 static int single_user_thread_count = 0;
262
263 /* Statistics for dependency cycle-checking */
264 static u_longlong_t dep_inserts = 0;
265 static u_longlong_t dep_cycle_ns = 0;
266 static u_longlong_t dep_insert_ns = 0;
267
268
269 static const char * const emsg_invalid_restarter =
270 "Transitioning %s to maintenance, restarter FMRI %s is invalid "
271 "(see 'svcs -xv' for details).\n";
272 static const char * const console_login_fmri = CONSOLE_LOGIN_FMRI;
273 static const char * const single_user_fmri = SCF_MILESTONE_SINGLE_USER;
274 static const char * const multi_user_fmri = SCF_MILESTONE_MULTI_USER;
275 static const char * const multi_user_svr_fmri = SCF_MILESTONE_MULTI_USER_SERVER;
276
277
278 /*
279 * These services define the system being "up". If none of them can come
280 * online, then we will run sulogin on the console. Note that the install ones
281 * are for the miniroot and when installing CDs after the first. can_come_up()
282 * does the decision making, and an sulogin_thread() runs sulogin, which can be
283 * started by dgraph_set_instance_state() or single_user_thread().
284 *
285 * NOTE: can_come_up() relies on SCF_MILESTONE_SINGLE_USER being the first
286 * entry, which is only used when booting_to_single_user (boot -s) is set.
287 * This is because when doing a "boot -s", sulogin is started from specials.c
288 * after milestone/single-user comes online, for backwards compatibility.
289 * In this case, SCF_MILESTONE_SINGLE_USER needs to be part of up_svcs
290 * to ensure sulogin will be spawned if milestone/single-user cannot be reached.
291 */
292 static const char * const up_svcs[] = {
293 SCF_MILESTONE_SINGLE_USER,
294 CONSOLE_LOGIN_FMRI,
295 "svc:/system/install-setup:default",
296 "svc:/system/install:default",
297 NULL
298 };
299
300 /* This array must have an element for each non-NULL element of up_svcs[]. */
301 static graph_vertex_t *up_svcs_p[] = { NULL, NULL, NULL, NULL };
302
303 /* These are for seed repository magic. See can_come_up(). */
304 static const char * const manifest_import = SCF_INSTANCE_MI;
305 static graph_vertex_t *manifest_import_p = NULL;
306
307
308 static char target_milestone_as_runlevel(void);
309 static void graph_runlevel_changed(char rl, int online);
310 static int dgraph_set_milestone(const char *, scf_handle_t *, boolean_t);
311 static boolean_t should_be_in_subgraph(graph_vertex_t *v);
312 static int mark_subtree(graph_edge_t *, void *);
313 static boolean_t insubtree_dependents_down(graph_vertex_t *);
314
315 /*
316 * graph_vertex_compare()
317 * This function can compare either int *id or * graph_vertex_t *gv
318 * values, as the vertex id is always the first element of a
319 * graph_vertex structure.
320 */
321 /* ARGSUSED */
322 static int
323 graph_vertex_compare(const void *lc_arg, const void *rc_arg, void *private)
324 {
325 int lc_id = ((const graph_vertex_t *)lc_arg)->gv_id;
326 int rc_id = *(int *)rc_arg;
327
328 if (lc_id > rc_id)
329 return (1);
330 if (lc_id < rc_id)
331 return (-1);
332 return (0);
333 }
334
335 void
336 graph_init()
337 {
338 graph_edge_pool = startd_list_pool_create("graph_edges",
339 sizeof (graph_edge_t), offsetof(graph_edge_t, ge_link), NULL,
340 UU_LIST_POOL_DEBUG);
341 assert(graph_edge_pool != NULL);
342
343 graph_vertex_pool = startd_list_pool_create("graph_vertices",
344 sizeof (graph_vertex_t), offsetof(graph_vertex_t, gv_link),
345 graph_vertex_compare, UU_LIST_POOL_DEBUG);
346 assert(graph_vertex_pool != NULL);
347
348 (void) pthread_mutex_init(&dgraph_lock, &mutex_attrs);
349 (void) pthread_mutex_init(&single_user_thread_lock, &mutex_attrs);
350 dgraph = startd_list_create(graph_vertex_pool, NULL, UU_LIST_SORTED);
351 assert(dgraph != NULL);
352
353 if (!st->st_initial)
354 current_runlevel = utmpx_get_runlevel();
355
356 log_framework(LOG_DEBUG, "Initialized graph\n");
357 }
358
359 static graph_vertex_t *
360 vertex_get_by_name(const char *name)
361 {
362 int id;
363
364 assert(MUTEX_HELD(&dgraph_lock));
365
366 id = dict_lookup_byname(name);
367 if (id == -1)
368 return (NULL);
369
370 return (uu_list_find(dgraph, &id, NULL, NULL));
371 }
372
373 static graph_vertex_t *
374 vertex_get_by_id(int id)
375 {
376 assert(MUTEX_HELD(&dgraph_lock));
377
378 if (id == -1)
379 return (NULL);
380
381 return (uu_list_find(dgraph, &id, NULL, NULL));
382 }
383
384 /*
385 * Creates a new vertex with the given name, adds it to the graph, and returns
386 * a pointer to it. The graph lock must be held by this thread on entry.
387 */
388 static graph_vertex_t *
389 graph_add_vertex(const char *name)
390 {
391 int id;
392 graph_vertex_t *v;
393 void *p;
394 uu_list_index_t idx;
395
396 assert(MUTEX_HELD(&dgraph_lock));
397
398 id = dict_insert(name);
399
400 v = startd_zalloc(sizeof (*v));
401
402 v->gv_id = id;
403
404 v->gv_name = startd_alloc(strlen(name) + 1);
405 (void) strcpy(v->gv_name, name);
406
407 v->gv_dependencies = startd_list_create(graph_edge_pool, v, 0);
408 v->gv_dependents = startd_list_create(graph_edge_pool, v, 0);
409
410 p = uu_list_find(dgraph, &id, NULL, &idx);
411 assert(p == NULL);
412
413 uu_list_node_init(v, &v->gv_link, graph_vertex_pool);
414 uu_list_insert(dgraph, v, idx);
415
416 return (v);
417 }
418
419 /*
420 * Removes v from the graph and frees it. The graph should be locked by this
421 * thread, and v should have no edges associated with it.
422 */
423 static void
424 graph_remove_vertex(graph_vertex_t *v)
425 {
426 assert(MUTEX_HELD(&dgraph_lock));
427
428 assert(uu_list_numnodes(v->gv_dependencies) == 0);
429 assert(uu_list_numnodes(v->gv_dependents) == 0);
430 assert(v->gv_refs == 0);
431
432 startd_free(v->gv_name, strlen(v->gv_name) + 1);
433 uu_list_destroy(v->gv_dependencies);
434 uu_list_destroy(v->gv_dependents);
435 uu_list_remove(dgraph, v);
436
437 startd_free(v, sizeof (graph_vertex_t));
438 }
439
440 static void
441 graph_add_edge(graph_vertex_t *fv, graph_vertex_t *tv)
442 {
443 graph_edge_t *e, *re;
444 int r;
445
446 assert(MUTEX_HELD(&dgraph_lock));
447
448 e = startd_alloc(sizeof (graph_edge_t));
449 re = startd_alloc(sizeof (graph_edge_t));
450
451 e->ge_parent = fv;
452 e->ge_vertex = tv;
453
454 re->ge_parent = tv;
455 re->ge_vertex = fv;
456
457 uu_list_node_init(e, &e->ge_link, graph_edge_pool);
458 r = uu_list_insert_before(fv->gv_dependencies, NULL, e);
459 assert(r == 0);
460
461 uu_list_node_init(re, &re->ge_link, graph_edge_pool);
462 r = uu_list_insert_before(tv->gv_dependents, NULL, re);
463 assert(r == 0);
464 }
465
466 static void
467 graph_remove_edge(graph_vertex_t *v, graph_vertex_t *dv)
468 {
469 graph_edge_t *e;
470
471 for (e = uu_list_first(v->gv_dependencies);
472 e != NULL;
473 e = uu_list_next(v->gv_dependencies, e)) {
474 if (e->ge_vertex == dv) {
475 uu_list_remove(v->gv_dependencies, e);
476 startd_free(e, sizeof (graph_edge_t));
477 break;
478 }
479 }
480
481 for (e = uu_list_first(dv->gv_dependents);
482 e != NULL;
483 e = uu_list_next(dv->gv_dependents, e)) {
484 if (e->ge_vertex == v) {
485 uu_list_remove(dv->gv_dependents, e);
486 startd_free(e, sizeof (graph_edge_t));
487 break;
488 }
489 }
490 }
491
492 static void
493 remove_inst_vertex(graph_vertex_t *v)
494 {
495 graph_edge_t *e;
496 graph_vertex_t *sv;
497 int i;
498
499 assert(MUTEX_HELD(&dgraph_lock));
500 assert(uu_list_numnodes(v->gv_dependents) == 1);
501 assert(uu_list_numnodes(v->gv_dependencies) == 0);
502 assert(v->gv_refs == 0);
503 assert((v->gv_flags & GV_CONFIGURED) == 0);
504
505 e = uu_list_first(v->gv_dependents);
506 sv = e->ge_vertex;
507 graph_remove_edge(sv, v);
508
509 for (i = 0; up_svcs[i] != NULL; ++i) {
510 if (up_svcs_p[i] == v)
511 up_svcs_p[i] = NULL;
512 }
513
514 if (manifest_import_p == v)
515 manifest_import_p = NULL;
516
517 graph_remove_vertex(v);
518
519 if (uu_list_numnodes(sv->gv_dependencies) == 0 &&
520 uu_list_numnodes(sv->gv_dependents) == 0 &&
521 sv->gv_refs == 0)
522 graph_remove_vertex(sv);
523 }
524
525 static void
526 graph_walk_dependents(graph_vertex_t *v, void (*func)(graph_vertex_t *, void *),
527 void *arg)
528 {
529 graph_edge_t *e;
530
531 for (e = uu_list_first(v->gv_dependents);
532 e != NULL;
533 e = uu_list_next(v->gv_dependents, e))
534 func(e->ge_vertex, arg);
535 }
536
537 static void
538 graph_walk_dependencies(graph_vertex_t *v,
539 void (*func)(graph_vertex_t *, void *), void *arg)
540 {
541 graph_edge_t *e;
542
543 assert(MUTEX_HELD(&dgraph_lock));
544
545 for (e = uu_list_first(v->gv_dependencies);
546 e != NULL;
547 e = uu_list_next(v->gv_dependencies, e)) {
548
549 func(e->ge_vertex, arg);
550 }
551 }
552
553 /*
554 * Generic graph walking function.
555 *
556 * Given a vertex, this function will walk either dependencies
557 * (WALK_DEPENDENCIES) or dependents (WALK_DEPENDENTS) of a vertex recursively
558 * for the entire graph. It will avoid cycles and never visit the same vertex
559 * twice.
560 *
561 * We avoid traversing exclusion dependencies, because they are allowed to
562 * create cycles in the graph. When propagating satisfiability, there is no
563 * need to walk exclusion dependencies because exclude_all_satisfied() doesn't
564 * test for satisfiability.
565 *
566 * The walker takes two callbacks. The first is called before examining the
567 * dependents of each vertex. The second is called on each vertex after
568 * examining its dependents. This allows is_path_to() to construct a path only
569 * after the target vertex has been found.
570 */
571 typedef enum {
572 WALK_DEPENDENTS,
573 WALK_DEPENDENCIES
574 } graph_walk_dir_t;
575
576 typedef int (*graph_walk_cb_t)(graph_vertex_t *, void *);
577
578 typedef struct graph_walk_info {
579 graph_walk_dir_t gi_dir;
580 uchar_t *gi_visited; /* vertex bitmap */
581 int (*gi_pre)(graph_vertex_t *, void *);
582 void (*gi_post)(graph_vertex_t *, void *);
583 void *gi_arg; /* callback arg */
584 int gi_ret; /* return value */
585 } graph_walk_info_t;
586
587 static int
588 graph_walk_recurse(graph_edge_t *e, graph_walk_info_t *gip)
589 {
590 uu_list_t *list;
591 int r;
592 graph_vertex_t *v = e->ge_vertex;
593 int i;
594 uint_t b;
595
596 i = v->gv_id / 8;
597 b = 1 << (v->gv_id % 8);
598
599 /*
600 * Check to see if we've visited this vertex already.
601 */
602 if (gip->gi_visited[i] & b)
603 return (UU_WALK_NEXT);
604
605 gip->gi_visited[i] |= b;
606
607 /*
608 * Don't follow exclusions.
609 */
610 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
611 return (UU_WALK_NEXT);
612
613 /*
614 * Call pre-visit callback. If this doesn't terminate the walk,
615 * continue search.
616 */
617 if ((gip->gi_ret = gip->gi_pre(v, gip->gi_arg)) == UU_WALK_NEXT) {
618 /*
619 * Recurse using appropriate list.
620 */
621 if (gip->gi_dir == WALK_DEPENDENTS)
622 list = v->gv_dependents;
623 else
624 list = v->gv_dependencies;
625
626 r = uu_list_walk(list, (uu_walk_fn_t *)graph_walk_recurse,
627 gip, 0);
628 assert(r == 0);
629 }
630
631 /*
632 * Callbacks must return either UU_WALK_NEXT or UU_WALK_DONE.
633 */
634 assert(gip->gi_ret == UU_WALK_NEXT || gip->gi_ret == UU_WALK_DONE);
635
636 /*
637 * If given a post-callback, call the function for every vertex.
638 */
639 if (gip->gi_post != NULL)
640 (void) gip->gi_post(v, gip->gi_arg);
641
642 /*
643 * Preserve the callback's return value. If the callback returns
644 * UU_WALK_DONE, then we propagate that to the caller in order to
645 * terminate the walk.
646 */
647 return (gip->gi_ret);
648 }
649
650 static void
651 graph_walk(graph_vertex_t *v, graph_walk_dir_t dir,
652 int (*pre)(graph_vertex_t *, void *),
653 void (*post)(graph_vertex_t *, void *), void *arg)
654 {
655 graph_walk_info_t gi;
656 graph_edge_t fake;
657 size_t sz = dictionary->dict_new_id / 8 + 1;
658
659 gi.gi_visited = startd_zalloc(sz);
660 gi.gi_pre = pre;
661 gi.gi_post = post;
662 gi.gi_arg = arg;
663 gi.gi_dir = dir;
664 gi.gi_ret = 0;
665
666 /*
667 * Fake up an edge for the first iteration
668 */
669 fake.ge_vertex = v;
670 (void) graph_walk_recurse(&fake, &gi);
671
672 startd_free(gi.gi_visited, sz);
673 }
674
675 typedef struct child_search {
676 int id; /* id of vertex to look for */
677 uint_t depth; /* recursion depth */
678 /*
679 * While the vertex is not found, path is NULL. After the search, if
680 * the vertex was found then path should point to a -1-terminated
681 * array of vertex id's which constitute the path to the vertex.
682 */
683 int *path;
684 } child_search_t;
685
686 static int
687 child_pre(graph_vertex_t *v, void *arg)
688 {
689 child_search_t *cs = arg;
690
691 cs->depth++;
692
693 if (v->gv_id == cs->id) {
694 cs->path = startd_alloc((cs->depth + 1) * sizeof (int));
695 cs->path[cs->depth] = -1;
696 return (UU_WALK_DONE);
697 }
698
699 return (UU_WALK_NEXT);
700 }
701
702 static void
703 child_post(graph_vertex_t *v, void *arg)
704 {
705 child_search_t *cs = arg;
706
707 cs->depth--;
708
709 if (cs->path != NULL)
710 cs->path[cs->depth] = v->gv_id;
711 }
712
713 /*
714 * Look for a path from from to to. If one exists, returns a pointer to
715 * a NULL-terminated array of pointers to the vertices along the path. If
716 * there is no path, returns NULL.
717 */
718 static int *
719 is_path_to(graph_vertex_t *from, graph_vertex_t *to)
720 {
721 child_search_t cs;
722
723 cs.id = to->gv_id;
724 cs.depth = 0;
725 cs.path = NULL;
726
727 graph_walk(from, WALK_DEPENDENCIES, child_pre, child_post, &cs);
728
729 return (cs.path);
730 }
731
732 /*
733 * Given an array of int's as returned by is_path_to, allocates a string of
734 * their names joined by newlines. Returns the size of the allocated buffer
735 * in *sz and frees path.
736 */
737 static void
738 path_to_str(int *path, char **cpp, size_t *sz)
739 {
740 int i;
741 graph_vertex_t *v;
742 size_t allocd, new_allocd;
743 char *new, *name;
744
745 assert(MUTEX_HELD(&dgraph_lock));
746 assert(path[0] != -1);
747
748 allocd = 1;
749 *cpp = startd_alloc(1);
750 (*cpp)[0] = '\0';
751
752 for (i = 0; path[i] != -1; ++i) {
753 name = NULL;
754
755 v = vertex_get_by_id(path[i]);
756
757 if (v == NULL)
758 name = "<deleted>";
759 else if (v->gv_type == GVT_INST || v->gv_type == GVT_SVC)
760 name = v->gv_name;
761
762 if (name != NULL) {
763 new_allocd = allocd + strlen(name) + 1;
764 new = startd_alloc(new_allocd);
765 (void) strcpy(new, *cpp);
766 (void) strcat(new, name);
767 (void) strcat(new, "\n");
768
769 startd_free(*cpp, allocd);
770
771 *cpp = new;
772 allocd = new_allocd;
773 }
774 }
775
776 startd_free(path, sizeof (int) * (i + 1));
777
778 *sz = allocd;
779 }
780
781
782 /*
783 * This function along with run_sulogin() implements an exclusion relationship
784 * between system/console-login and sulogin. run_sulogin() will fail if
785 * system/console-login is online, and the graph engine should call
786 * graph_clogin_start() to bring system/console-login online, which defers the
787 * start if sulogin is running.
788 */
789 static void
790 graph_clogin_start(graph_vertex_t *v)
791 {
792 assert(MUTEX_HELD(&dgraph_lock));
793
794 if (sulogin_running)
795 console_login_ready = B_TRUE;
796 else
797 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
798 }
799
800 static void
801 graph_su_start(graph_vertex_t *v)
802 {
803 /*
804 * /etc/inittab used to have the initial /sbin/rcS as a 'sysinit'
805 * entry with a runlevel of 'S', before jumping to the final
806 * target runlevel (as set in initdefault). We mimic that legacy
807 * behavior here.
808 */
809 utmpx_set_runlevel('S', '0', B_FALSE);
810 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
811 }
812
813 static void
814 graph_post_su_online(void)
815 {
816 graph_runlevel_changed('S', 1);
817 }
818
819 static void
820 graph_post_su_disable(void)
821 {
822 graph_runlevel_changed('S', 0);
823 }
824
825 static void
826 graph_post_mu_online(void)
827 {
828 graph_runlevel_changed('2', 1);
829 }
830
831 static void
832 graph_post_mu_disable(void)
833 {
834 graph_runlevel_changed('2', 0);
835 }
836
837 static void
838 graph_post_mus_online(void)
839 {
840 graph_runlevel_changed('3', 1);
841 }
842
843 static void
844 graph_post_mus_disable(void)
845 {
846 graph_runlevel_changed('3', 0);
847 }
848
849 static struct special_vertex_info {
850 const char *name;
851 void (*start_f)(graph_vertex_t *);
852 void (*post_online_f)(void);
853 void (*post_disable_f)(void);
854 } special_vertices[] = {
855 { CONSOLE_LOGIN_FMRI, graph_clogin_start, NULL, NULL },
856 { SCF_MILESTONE_SINGLE_USER, graph_su_start,
857 graph_post_su_online, graph_post_su_disable },
858 { SCF_MILESTONE_MULTI_USER, NULL,
859 graph_post_mu_online, graph_post_mu_disable },
860 { SCF_MILESTONE_MULTI_USER_SERVER, NULL,
861 graph_post_mus_online, graph_post_mus_disable },
862 { NULL },
863 };
864
865
866 void
867 vertex_send_event(graph_vertex_t *v, restarter_event_type_t e)
868 {
869 switch (e) {
870 case RESTARTER_EVENT_TYPE_ADD_INSTANCE:
871 assert(v->gv_state == RESTARTER_STATE_UNINIT);
872
873 MUTEX_LOCK(&st->st_load_lock);
874 st->st_load_instances++;
875 MUTEX_UNLOCK(&st->st_load_lock);
876 break;
877
878 case RESTARTER_EVENT_TYPE_ENABLE:
879 log_framework(LOG_DEBUG, "Enabling %s.\n", v->gv_name);
880 assert(v->gv_state == RESTARTER_STATE_UNINIT ||
881 v->gv_state == RESTARTER_STATE_DISABLED ||
882 v->gv_state == RESTARTER_STATE_MAINT);
883 break;
884
885 case RESTARTER_EVENT_TYPE_DISABLE:
886 case RESTARTER_EVENT_TYPE_ADMIN_DISABLE:
887 log_framework(LOG_DEBUG, "Disabling %s.\n", v->gv_name);
888 assert(v->gv_state != RESTARTER_STATE_DISABLED);
889 break;
890
891 case RESTARTER_EVENT_TYPE_STOP_RESET:
892 case RESTARTER_EVENT_TYPE_STOP:
893 log_framework(LOG_DEBUG, "Stopping %s.\n", v->gv_name);
894 assert(v->gv_state == RESTARTER_STATE_DEGRADED ||
895 v->gv_state == RESTARTER_STATE_ONLINE);
896 break;
897
898 case RESTARTER_EVENT_TYPE_START:
899 log_framework(LOG_DEBUG, "Starting %s.\n", v->gv_name);
900 assert(v->gv_state == RESTARTER_STATE_OFFLINE);
901 break;
902
903 case RESTARTER_EVENT_TYPE_REMOVE_INSTANCE:
904 case RESTARTER_EVENT_TYPE_ADMIN_DEGRADED:
905 case RESTARTER_EVENT_TYPE_ADMIN_REFRESH:
906 case RESTARTER_EVENT_TYPE_ADMIN_RESTART:
907 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_OFF:
908 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON:
909 case RESTARTER_EVENT_TYPE_ADMIN_MAINT_ON_IMMEDIATE:
910 case RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE:
911 case RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY:
912 break;
913
914 default:
915 #ifndef NDEBUG
916 uu_warn("%s:%d: Bad event %d.\n", __FILE__, __LINE__, e);
917 #endif
918 abort();
919 }
920
921 restarter_protocol_send_event(v->gv_name, v->gv_restarter_channel, e,
922 v->gv_reason);
923 }
924
925 static void
926 graph_unset_restarter(graph_vertex_t *v)
927 {
928 assert(MUTEX_HELD(&dgraph_lock));
929 assert(v->gv_flags & GV_CONFIGURED);
930
931 vertex_send_event(v, RESTARTER_EVENT_TYPE_REMOVE_INSTANCE);
932
933 if (v->gv_restarter_id != -1) {
934 graph_vertex_t *rv;
935
936 rv = vertex_get_by_id(v->gv_restarter_id);
937 graph_remove_edge(v, rv);
938 }
939
940 v->gv_restarter_id = -1;
941 v->gv_restarter_channel = NULL;
942 }
943
944 /*
945 * Return VERTEX_REMOVED when the vertex passed in argument is deleted from the
946 * dgraph otherwise return VERTEX_INUSE.
947 */
948 static int
949 free_if_unrefed(graph_vertex_t *v)
950 {
951 assert(MUTEX_HELD(&dgraph_lock));
952
953 if (v->gv_refs > 0)
954 return (VERTEX_INUSE);
955
956 if (v->gv_type == GVT_SVC &&
957 uu_list_numnodes(v->gv_dependents) == 0 &&
958 uu_list_numnodes(v->gv_dependencies) == 0) {
959 graph_remove_vertex(v);
960 return (VERTEX_REMOVED);
961 } else if (v->gv_type == GVT_INST &&
962 (v->gv_flags & GV_CONFIGURED) == 0 &&
963 uu_list_numnodes(v->gv_dependents) == 1 &&
964 uu_list_numnodes(v->gv_dependencies) == 0) {
965 remove_inst_vertex(v);
966 return (VERTEX_REMOVED);
967 }
968
969 return (VERTEX_INUSE);
970 }
971
972 static void
973 delete_depgroup(graph_vertex_t *v)
974 {
975 graph_edge_t *e;
976 graph_vertex_t *dv;
977
978 assert(MUTEX_HELD(&dgraph_lock));
979 assert(v->gv_type == GVT_GROUP);
980 assert(uu_list_numnodes(v->gv_dependents) == 0);
981
982 while ((e = uu_list_first(v->gv_dependencies)) != NULL) {
983 dv = e->ge_vertex;
984
985 graph_remove_edge(v, dv);
986
987 switch (dv->gv_type) {
988 case GVT_INST: /* instance dependency */
989 case GVT_SVC: /* service dependency */
990 (void) free_if_unrefed(dv);
991 break;
992
993 case GVT_FILE: /* file dependency */
994 assert(uu_list_numnodes(dv->gv_dependencies) == 0);
995 if (uu_list_numnodes(dv->gv_dependents) == 0)
996 graph_remove_vertex(dv);
997 break;
998
999 default:
1000 #ifndef NDEBUG
1001 uu_warn("%s:%d: Unexpected node type %d", __FILE__,
1002 __LINE__, dv->gv_type);
1003 #endif
1004 abort();
1005 }
1006 }
1007
1008 graph_remove_vertex(v);
1009 }
1010
1011 static int
1012 delete_instance_deps_cb(graph_edge_t *e, void **ptrs)
1013 {
1014 graph_vertex_t *v = ptrs[0];
1015 boolean_t delete_restarter_dep = (boolean_t)ptrs[1];
1016 graph_vertex_t *dv;
1017
1018 dv = e->ge_vertex;
1019
1020 /*
1021 * We have four possibilities here:
1022 * - GVT_INST: restarter
1023 * - GVT_GROUP - GVT_INST: instance dependency
1024 * - GVT_GROUP - GVT_SVC - GV_INST: service dependency
1025 * - GVT_GROUP - GVT_FILE: file dependency
1026 */
1027 switch (dv->gv_type) {
1028 case GVT_INST: /* restarter */
1029 assert(dv->gv_id == v->gv_restarter_id);
1030 if (delete_restarter_dep)
1031 graph_remove_edge(v, dv);
1032 break;
1033
1034 case GVT_GROUP: /* pg dependency */
1035 graph_remove_edge(v, dv);
1036 delete_depgroup(dv);
1037 break;
1038
1039 case GVT_FILE:
1040 /* These are currently not direct dependencies */
1041
1042 default:
1043 #ifndef NDEBUG
1044 uu_warn("%s:%d: Bad vertex type %d.\n", __FILE__, __LINE__,
1045 dv->gv_type);
1046 #endif
1047 abort();
1048 }
1049
1050 return (UU_WALK_NEXT);
1051 }
1052
1053 static void
1054 delete_instance_dependencies(graph_vertex_t *v, boolean_t delete_restarter_dep)
1055 {
1056 void *ptrs[2];
1057 int r;
1058
1059 assert(MUTEX_HELD(&dgraph_lock));
1060 assert(v->gv_type == GVT_INST);
1061
1062 ptrs[0] = v;
1063 ptrs[1] = (void *)delete_restarter_dep;
1064
1065 r = uu_list_walk(v->gv_dependencies,
1066 (uu_walk_fn_t *)delete_instance_deps_cb, &ptrs, UU_WALK_ROBUST);
1067 assert(r == 0);
1068 }
1069
1070 /*
1071 * int graph_insert_vertex_unconfigured()
1072 * Insert a vertex without sending any restarter events. If the vertex
1073 * already exists or creation is successful, return a pointer to it in *vp.
1074 *
1075 * If type is not GVT_GROUP, dt can remain unset.
1076 *
1077 * Returns 0, EEXIST, or EINVAL if the arguments are invalid (i.e., fmri
1078 * doesn't agree with type, or type doesn't agree with dt).
1079 */
1080 static int
1081 graph_insert_vertex_unconfigured(const char *fmri, gv_type_t type,
1082 depgroup_type_t dt, restarter_error_t rt, graph_vertex_t **vp)
1083 {
1084 int r;
1085 int i;
1086
1087 assert(MUTEX_HELD(&dgraph_lock));
1088
1089 switch (type) {
1090 case GVT_SVC:
1091 case GVT_INST:
1092 if (strncmp(fmri, "svc:", sizeof ("svc:") - 1) != 0)
1093 return (EINVAL);
1094 break;
1095
1096 case GVT_FILE:
1097 if (strncmp(fmri, "file:", sizeof ("file:") - 1) != 0)
1098 return (EINVAL);
1099 break;
1100
1101 case GVT_GROUP:
1102 if (dt <= 0 || rt < 0)
1103 return (EINVAL);
1104 break;
1105
1106 default:
1107 #ifndef NDEBUG
1108 uu_warn("%s:%d: Unknown type %d.\n", __FILE__, __LINE__, type);
1109 #endif
1110 abort();
1111 }
1112
1113 *vp = vertex_get_by_name(fmri);
1114 if (*vp != NULL)
1115 return (EEXIST);
1116
1117 *vp = graph_add_vertex(fmri);
1118
1119 (*vp)->gv_type = type;
1120 (*vp)->gv_depgroup = dt;
1121 (*vp)->gv_restart = rt;
1122
1123 (*vp)->gv_flags = 0;
1124 (*vp)->gv_state = RESTARTER_STATE_NONE;
1125
1126 for (i = 0; special_vertices[i].name != NULL; ++i) {
1127 if (strcmp(fmri, special_vertices[i].name) == 0) {
1128 (*vp)->gv_start_f = special_vertices[i].start_f;
1129 (*vp)->gv_post_online_f =
1130 special_vertices[i].post_online_f;
1131 (*vp)->gv_post_disable_f =
1132 special_vertices[i].post_disable_f;
1133 break;
1134 }
1135 }
1136
1137 (*vp)->gv_restarter_id = -1;
1138 (*vp)->gv_restarter_channel = 0;
1139
1140 if (type == GVT_INST) {
1141 char *sfmri;
1142 graph_vertex_t *sv;
1143
1144 sfmri = inst_fmri_to_svc_fmri(fmri);
1145 sv = vertex_get_by_name(sfmri);
1146 if (sv == NULL) {
1147 r = graph_insert_vertex_unconfigured(sfmri, GVT_SVC, 0,
1148 0, &sv);
1149 assert(r == 0);
1150 }
1151 startd_free(sfmri, max_scf_fmri_size);
1152
1153 graph_add_edge(sv, *vp);
1154 }
1155
1156 /*
1157 * If this vertex is in the subgraph, mark it as so, for both
1158 * GVT_INST and GVT_SERVICE verteces.
1159 * A GVT_SERVICE vertex can only be in the subgraph if another instance
1160 * depends on it, in which case it's already been added to the graph
1161 * and marked as in the subgraph (by refresh_vertex()). If a
1162 * GVT_SERVICE vertex was freshly added (by the code above), it means
1163 * that it has no dependents, and cannot be in the subgraph.
1164 * Regardless of this, we still check that gv_flags includes
1165 * GV_INSUBGRAPH in the event that future behavior causes the above
1166 * code to add a GVT_SERVICE vertex which should be in the subgraph.
1167 */
1168
1169 (*vp)->gv_flags |= (should_be_in_subgraph(*vp)? GV_INSUBGRAPH : 0);
1170
1171 return (0);
1172 }
1173
1174 /*
1175 * Returns 0 on success or ELOOP if the dependency would create a cycle.
1176 */
1177 static int
1178 graph_insert_dependency(graph_vertex_t *fv, graph_vertex_t *tv, int **pathp)
1179 {
1180 hrtime_t now;
1181
1182 assert(MUTEX_HELD(&dgraph_lock));
1183
1184 /* cycle detection */
1185 now = gethrtime();
1186
1187 /* Don't follow exclusions. */
1188 if (!(fv->gv_type == GVT_GROUP &&
1189 fv->gv_depgroup == DEPGRP_EXCLUDE_ALL)) {
1190 *pathp = is_path_to(tv, fv);
1191 if (*pathp)
1192 return (ELOOP);
1193 }
1194
1195 dep_cycle_ns += gethrtime() - now;
1196 ++dep_inserts;
1197 now = gethrtime();
1198
1199 graph_add_edge(fv, tv);
1200
1201 dep_insert_ns += gethrtime() - now;
1202
1203 /* Check if the dependency adds the "to" vertex to the subgraph */
1204 tv->gv_flags |= (should_be_in_subgraph(tv) ? GV_INSUBGRAPH : 0);
1205
1206 return (0);
1207 }
1208
1209 static int
1210 inst_running(graph_vertex_t *v)
1211 {
1212 assert(v->gv_type == GVT_INST);
1213
1214 if (v->gv_state == RESTARTER_STATE_ONLINE ||
1215 v->gv_state == RESTARTER_STATE_DEGRADED)
1216 return (1);
1217
1218 return (0);
1219 }
1220
1221 /*
1222 * The dependency evaluation functions return
1223 * 1 - dependency satisfied
1224 * 0 - dependency unsatisfied
1225 * -1 - dependency unsatisfiable (without administrator intervention)
1226 *
1227 * The functions also take a boolean satbility argument. When true, the
1228 * functions may recurse in order to determine satisfiability.
1229 */
1230 static int require_any_satisfied(graph_vertex_t *, boolean_t);
1231 static int dependency_satisfied(graph_vertex_t *, boolean_t);
1232
1233 /*
1234 * A require_all dependency is unsatisfied if any elements are unsatisfied. It
1235 * is unsatisfiable if any elements are unsatisfiable.
1236 */
1237 static int
1238 require_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1239 {
1240 graph_edge_t *edge;
1241 int i;
1242 boolean_t any_unsatisfied;
1243
1244 if (uu_list_numnodes(groupv->gv_dependencies) == 0)
1245 return (1);
1246
1247 any_unsatisfied = B_FALSE;
1248
1249 for (edge = uu_list_first(groupv->gv_dependencies);
1250 edge != NULL;
1251 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1252 i = dependency_satisfied(edge->ge_vertex, satbility);
1253 if (i == 1)
1254 continue;
1255
1256 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1257 "require_all(%s): %s is unsatisfi%s.\n", groupv->gv_name,
1258 edge->ge_vertex->gv_name, i == 0 ? "ed" : "able");
1259
1260 if (!satbility)
1261 return (0);
1262
1263 if (i == -1)
1264 return (-1);
1265
1266 any_unsatisfied = B_TRUE;
1267 }
1268
1269 return (any_unsatisfied ? 0 : 1);
1270 }
1271
1272 /*
1273 * A require_any dependency is satisfied if any element is satisfied. It is
1274 * satisfiable if any element is satisfiable.
1275 */
1276 static int
1277 require_any_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1278 {
1279 graph_edge_t *edge;
1280 int s;
1281 boolean_t satisfiable;
1282
1283 if (uu_list_numnodes(groupv->gv_dependencies) == 0)
1284 return (1);
1285
1286 satisfiable = B_FALSE;
1287
1288 for (edge = uu_list_first(groupv->gv_dependencies);
1289 edge != NULL;
1290 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1291 s = dependency_satisfied(edge->ge_vertex, satbility);
1292
1293 if (s == 1)
1294 return (1);
1295
1296 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1297 "require_any(%s): %s is unsatisfi%s.\n",
1298 groupv->gv_name, edge->ge_vertex->gv_name,
1299 s == 0 ? "ed" : "able");
1300
1301 if (satbility && s == 0)
1302 satisfiable = B_TRUE;
1303 }
1304
1305 return ((!satbility || satisfiable) ? 0 : -1);
1306 }
1307
1308 /*
1309 * An optional_all dependency only considers elements which are configured,
1310 * enabled, and not in maintenance. If any are unsatisfied, then the dependency
1311 * is unsatisfied.
1312 *
1313 * Offline dependencies which are waiting for a dependency to come online are
1314 * unsatisfied. Offline dependences which cannot possibly come online
1315 * (unsatisfiable) are always considered satisfied.
1316 */
1317 static int
1318 optional_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1319 {
1320 graph_edge_t *edge;
1321 graph_vertex_t *v;
1322 boolean_t any_qualified;
1323 boolean_t any_unsatisfied;
1324 int i;
1325
1326 any_qualified = B_FALSE;
1327 any_unsatisfied = B_FALSE;
1328
1329 for (edge = uu_list_first(groupv->gv_dependencies);
1330 edge != NULL;
1331 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1332 v = edge->ge_vertex;
1333
1334 switch (v->gv_type) {
1335 case GVT_INST:
1336 /* Skip missing instances */
1337 if ((v->gv_flags & GV_CONFIGURED) == 0)
1338 continue;
1339
1340 if (v->gv_state == RESTARTER_STATE_MAINT)
1341 continue;
1342
1343 any_qualified = B_TRUE;
1344 if (v->gv_state == RESTARTER_STATE_OFFLINE ||
1345 v->gv_state == RESTARTER_STATE_DISABLED) {
1346 /*
1347 * For offline/disabled dependencies,
1348 * treat unsatisfiable as satisfied.
1349 */
1350 i = dependency_satisfied(v, B_TRUE);
1351 if (i == -1)
1352 i = 1;
1353 } else {
1354 i = dependency_satisfied(v, satbility);
1355 }
1356 break;
1357
1358 case GVT_FILE:
1359 any_qualified = B_TRUE;
1360 i = dependency_satisfied(v, satbility);
1361
1362 break;
1363
1364 case GVT_SVC: {
1365 any_qualified = B_TRUE;
1366 i = optional_all_satisfied(v, satbility);
1367
1368 break;
1369 }
1370
1371 case GVT_GROUP:
1372 default:
1373 #ifndef NDEBUG
1374 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
1375 __LINE__, v->gv_type);
1376 #endif
1377 abort();
1378 }
1379
1380 if (i == 1)
1381 continue;
1382
1383 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES,
1384 "optional_all(%s): %s is unsatisfi%s.\n", groupv->gv_name,
1385 v->gv_name, i == 0 ? "ed" : "able");
1386
1387 if (!satbility)
1388 return (0);
1389 if (i == -1)
1390 return (-1);
1391 any_unsatisfied = B_TRUE;
1392 }
1393
1394 if (!any_qualified)
1395 return (1);
1396
1397 return (any_unsatisfied ? 0 : 1);
1398 }
1399
1400 /*
1401 * An exclude_all dependency is unsatisfied if any non-service element is
1402 * satisfied or any service instance which is configured, enabled, and not in
1403 * maintenance is satisfied. Usually when unsatisfied, it is also
1404 * unsatisfiable.
1405 */
1406 #define LOG_EXCLUDE(u, v) \
1407 log_framework2(LOG_DEBUG, DEBUG_DEPENDENCIES, \
1408 "exclude_all(%s): %s is satisfied.\n", \
1409 (u)->gv_name, (v)->gv_name)
1410
1411 /* ARGSUSED */
1412 static int
1413 exclude_all_satisfied(graph_vertex_t *groupv, boolean_t satbility)
1414 {
1415 graph_edge_t *edge, *e2;
1416 graph_vertex_t *v, *v2;
1417
1418 for (edge = uu_list_first(groupv->gv_dependencies);
1419 edge != NULL;
1420 edge = uu_list_next(groupv->gv_dependencies, edge)) {
1421 v = edge->ge_vertex;
1422
1423 switch (v->gv_type) {
1424 case GVT_INST:
1425 if ((v->gv_flags & GV_CONFIGURED) == 0)
1426 continue;
1427
1428 switch (v->gv_state) {
1429 case RESTARTER_STATE_ONLINE:
1430 case RESTARTER_STATE_DEGRADED:
1431 LOG_EXCLUDE(groupv, v);
1432 return (v->gv_flags & GV_ENABLED ? -1 : 0);
1433
1434 case RESTARTER_STATE_OFFLINE:
1435 case RESTARTER_STATE_UNINIT:
1436 LOG_EXCLUDE(groupv, v);
1437 return (0);
1438
1439 case RESTARTER_STATE_DISABLED:
1440 case RESTARTER_STATE_MAINT:
1441 continue;
1442
1443 default:
1444 #ifndef NDEBUG
1445 uu_warn("%s:%d: Unexpected vertex state %d.\n",
1446 __FILE__, __LINE__, v->gv_state);
1447 #endif
1448 abort();
1449 }
1450 /* NOTREACHED */
1451
1452 case GVT_SVC:
1453 break;
1454
1455 case GVT_FILE:
1456 if (!file_ready(v))
1457 continue;
1458 LOG_EXCLUDE(groupv, v);
1459 return (-1);
1460
1461 case GVT_GROUP:
1462 default:
1463 #ifndef NDEBUG
1464 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
1465 __LINE__, v->gv_type);
1466 #endif
1467 abort();
1468 }
1469
1470 /* v represents a service */
1471 if (uu_list_numnodes(v->gv_dependencies) == 0)
1472 continue;
1473
1474 for (e2 = uu_list_first(v->gv_dependencies);
1475 e2 != NULL;
1476 e2 = uu_list_next(v->gv_dependencies, e2)) {
1477 v2 = e2->ge_vertex;
1478 assert(v2->gv_type == GVT_INST);
1479
1480 if ((v2->gv_flags & GV_CONFIGURED) == 0)
1481 continue;
1482
1483 switch (v2->gv_state) {
1484 case RESTARTER_STATE_ONLINE:
1485 case RESTARTER_STATE_DEGRADED:
1486 LOG_EXCLUDE(groupv, v2);
1487 return (v2->gv_flags & GV_ENABLED ? -1 : 0);
1488
1489 case RESTARTER_STATE_OFFLINE:
1490 case RESTARTER_STATE_UNINIT:
1491 LOG_EXCLUDE(groupv, v2);
1492 return (0);
1493
1494 case RESTARTER_STATE_DISABLED:
1495 case RESTARTER_STATE_MAINT:
1496 continue;
1497
1498 default:
1499 #ifndef NDEBUG
1500 uu_warn("%s:%d: Unexpected vertex type %d.\n",
1501 __FILE__, __LINE__, v2->gv_type);
1502 #endif
1503 abort();
1504 }
1505 }
1506 }
1507
1508 return (1);
1509 }
1510
1511 /*
1512 * int instance_satisfied()
1513 * Determine if all the dependencies are satisfied for the supplied instance
1514 * vertex. Return 1 if they are, 0 if they aren't, and -1 if they won't be
1515 * without administrator intervention.
1516 */
1517 static int
1518 instance_satisfied(graph_vertex_t *v, boolean_t satbility)
1519 {
1520 assert(v->gv_type == GVT_INST);
1521 assert(!inst_running(v));
1522
1523 return (require_all_satisfied(v, satbility));
1524 }
1525
1526 /*
1527 * Decide whether v can satisfy a dependency. v can either be a child of
1528 * a group vertex, or of an instance vertex.
1529 */
1530 static int
1531 dependency_satisfied(graph_vertex_t *v, boolean_t satbility)
1532 {
1533 switch (v->gv_type) {
1534 case GVT_INST:
1535 if ((v->gv_flags & GV_CONFIGURED) == 0) {
1536 if (v->gv_flags & GV_DEATHROW) {
1537 /*
1538 * A dependency on an instance with GV_DEATHROW
1539 * flag is always considered as satisfied.
1540 */
1541 return (1);
1542 }
1543 return (-1);
1544 }
1545
1546 /*
1547 * Vertices may be transitioning so we try to figure out if
1548 * the end state is likely to satisfy the dependency instead
1549 * of assuming the dependency is unsatisfied/unsatisfiable.
1550 *
1551 * Support for optional_all dependencies depends on us getting
1552 * this right because unsatisfiable dependencies are treated
1553 * as being satisfied.
1554 */
1555 switch (v->gv_state) {
1556 case RESTARTER_STATE_ONLINE:
1557 case RESTARTER_STATE_DEGRADED:
1558 if (v->gv_flags & GV_TODISABLE)
1559 return (-1);
1560 if (v->gv_flags & GV_TOOFFLINE)
1561 return (0);
1562 return (1);
1563
1564 case RESTARTER_STATE_OFFLINE:
1565 if (!satbility || v->gv_flags & GV_TODISABLE)
1566 return (satbility ? -1 : 0);
1567 return (instance_satisfied(v, satbility) != -1 ?
1568 0 : -1);
1569
1570 case RESTARTER_STATE_DISABLED:
1571 if (!satbility || !(v->gv_flags & GV_ENABLED))
1572 return (satbility ? -1 : 0);
1573 return (instance_satisfied(v, satbility) != -1 ?
1574 0 : -1);
1575
1576 case RESTARTER_STATE_MAINT:
1577 return (-1);
1578
1579 case RESTARTER_STATE_UNINIT:
1580 return (0);
1581
1582 default:
1583 #ifndef NDEBUG
1584 uu_warn("%s:%d: Unexpected vertex state %d.\n",
1585 __FILE__, __LINE__, v->gv_state);
1586 #endif
1587 abort();
1588 /* NOTREACHED */
1589 }
1590
1591 case GVT_SVC:
1592 if (uu_list_numnodes(v->gv_dependencies) == 0)
1593 return (-1);
1594 return (require_any_satisfied(v, satbility));
1595
1596 case GVT_FILE:
1597 /* i.e., we assume files will not be automatically generated */
1598 return (file_ready(v) ? 1 : -1);
1599
1600 case GVT_GROUP:
1601 break;
1602
1603 default:
1604 #ifndef NDEBUG
1605 uu_warn("%s:%d: Unexpected node type %d.\n", __FILE__, __LINE__,
1606 v->gv_type);
1607 #endif
1608 abort();
1609 /* NOTREACHED */
1610 }
1611
1612 switch (v->gv_depgroup) {
1613 case DEPGRP_REQUIRE_ANY:
1614 return (require_any_satisfied(v, satbility));
1615
1616 case DEPGRP_REQUIRE_ALL:
1617 return (require_all_satisfied(v, satbility));
1618
1619 case DEPGRP_OPTIONAL_ALL:
1620 return (optional_all_satisfied(v, satbility));
1621
1622 case DEPGRP_EXCLUDE_ALL:
1623 return (exclude_all_satisfied(v, satbility));
1624
1625 default:
1626 #ifndef NDEBUG
1627 uu_warn("%s:%d: Unknown dependency grouping %d.\n", __FILE__,
1628 __LINE__, v->gv_depgroup);
1629 #endif
1630 abort();
1631 }
1632 }
1633
1634 void
1635 graph_start_if_satisfied(graph_vertex_t *v)
1636 {
1637 if (v->gv_state == RESTARTER_STATE_OFFLINE &&
1638 instance_satisfied(v, B_FALSE) == 1) {
1639 if (v->gv_start_f == NULL)
1640 vertex_send_event(v, RESTARTER_EVENT_TYPE_START);
1641 else
1642 v->gv_start_f(v);
1643 }
1644 }
1645
1646 /*
1647 * propagate_satbility()
1648 *
1649 * This function is used when the given vertex changes state in such a way that
1650 * one of its dependents may become unsatisfiable. This happens when an
1651 * instance transitions between offline -> online, or from !running ->
1652 * maintenance, as well as when an instance is removed from the graph.
1653 *
1654 * We have to walk all the dependents, since optional_all dependencies several
1655 * levels up could become (un)satisfied, instead of unsatisfiable. For example,
1656 *
1657 * +-----+ optional_all +-----+ require_all +-----+
1658 * | A |--------------->| B |-------------->| C |
1659 * +-----+ +-----+ +-----+
1660 *
1661 * offline -> maintenance
1662 *
1663 * If C goes into maintenance, it's not enough simply to check B. Because A has
1664 * an optional dependency, what was previously an unsatisfiable situation is now
1665 * satisfied (B will never come online, even though its state hasn't changed).
1666 *
1667 * Note that it's not necessary to continue examining dependents after reaching
1668 * an optional_all dependency. It's not possible for an optional_all dependency
1669 * to change satisfiability without also coming online, in which case we get a
1670 * start event and propagation continues naturally. However, it does no harm to
1671 * continue propagating satisfiability (as it is a relatively rare event), and
1672 * keeps the walker code simple and generic.
1673 */
1674 /*ARGSUSED*/
1675 static int
1676 satbility_cb(graph_vertex_t *v, void *arg)
1677 {
1678 if (is_inst_bypassed(v))
1679 return (UU_WALK_NEXT);
1680
1681 if (v->gv_type == GVT_INST)
1682 graph_start_if_satisfied(v);
1683
1684 return (UU_WALK_NEXT);
1685 }
1686
1687 static void
1688 propagate_satbility(graph_vertex_t *v)
1689 {
1690 graph_walk(v, WALK_DEPENDENTS, satbility_cb, NULL, NULL);
1691 }
1692
1693 static void propagate_stop(graph_vertex_t *, void *);
1694
1695 /*
1696 * propagate_start()
1697 *
1698 * This function is used to propagate a start event to the dependents of the
1699 * given vertex. Any dependents that are offline but have their dependencies
1700 * satisfied are started. Any dependents that are online and have restart_on
1701 * set to "restart" or "refresh" are restarted because their dependencies have
1702 * just changed. This only happens with optional_all dependencies.
1703 */
1704 static void
1705 propagate_start(graph_vertex_t *v, void *arg)
1706 {
1707 restarter_error_t err = (restarter_error_t)arg;
1708
1709 if (is_inst_bypassed(v))
1710 return;
1711
1712 switch (v->gv_type) {
1713 case GVT_INST:
1714 /* Restarter */
1715 if (inst_running(v)) {
1716 if (err == RERR_RESTART || err == RERR_REFRESH) {
1717 vertex_send_event(v,
1718 RESTARTER_EVENT_TYPE_STOP_RESET);
1719 }
1720 } else {
1721 graph_start_if_satisfied(v);
1722 }
1723 break;
1724
1725 case GVT_GROUP:
1726 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) {
1727 graph_walk_dependents(v, propagate_stop,
1728 (void *)RERR_RESTART);
1729 break;
1730 }
1731 err = v->gv_restart;
1732 /* FALLTHROUGH */
1733
1734 case GVT_SVC:
1735 graph_walk_dependents(v, propagate_start, (void *)err);
1736 break;
1737
1738 case GVT_FILE:
1739 #ifndef NDEBUG
1740 uu_warn("%s:%d: propagate_start() encountered GVT_FILE.\n",
1741 __FILE__, __LINE__);
1742 #endif
1743 abort();
1744 /* NOTREACHED */
1745
1746 default:
1747 #ifndef NDEBUG
1748 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__,
1749 v->gv_type);
1750 #endif
1751 abort();
1752 }
1753 }
1754
1755 /*
1756 * propagate_stop()
1757 *
1758 * This function is used to propagate a stop event to the dependents of the
1759 * given vertex. Any dependents that are online (or in degraded state) with
1760 * the restart_on property set to "restart" or "refresh" will be stopped as
1761 * their dependencies have just changed, propagate_start() will start them
1762 * again once their dependencies have been re-satisfied.
1763 */
1764 static void
1765 propagate_stop(graph_vertex_t *v, void *arg)
1766 {
1767 restarter_error_t err = (restarter_error_t)arg;
1768
1769 if (is_inst_bypassed(v))
1770 return;
1771
1772 switch (v->gv_type) {
1773 case GVT_INST:
1774 /* Restarter */
1775 if (err > RERR_NONE && inst_running(v)) {
1776 if (err == RERR_RESTART || err == RERR_REFRESH) {
1777 vertex_send_event(v,
1778 RESTARTER_EVENT_TYPE_STOP_RESET);
1779 } else {
1780 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP);
1781 }
1782 }
1783 break;
1784
1785 case GVT_SVC:
1786 graph_walk_dependents(v, propagate_stop, arg);
1787 break;
1788
1789 case GVT_FILE:
1790 #ifndef NDEBUG
1791 uu_warn("%s:%d: propagate_stop() encountered GVT_FILE.\n",
1792 __FILE__, __LINE__);
1793 #endif
1794 abort();
1795 /* NOTREACHED */
1796
1797 case GVT_GROUP:
1798 if (v->gv_depgroup == DEPGRP_EXCLUDE_ALL) {
1799 graph_walk_dependents(v, propagate_start,
1800 (void *)RERR_NONE);
1801 break;
1802 }
1803
1804 if (err == RERR_NONE || err > v->gv_restart)
1805 break;
1806
1807 graph_walk_dependents(v, propagate_stop, arg);
1808 break;
1809
1810 default:
1811 #ifndef NDEBUG
1812 uu_warn("%s:%d: Unknown vertex type %d.\n", __FILE__, __LINE__,
1813 v->gv_type);
1814 #endif
1815 abort();
1816 }
1817 }
1818
1819 void
1820 offline_vertex(graph_vertex_t *v)
1821 {
1822 scf_handle_t *h = libscf_handle_create_bound_loop();
1823 scf_instance_t *scf_inst = safe_scf_instance_create(h);
1824 scf_propertygroup_t *pg = safe_scf_pg_create(h);
1825 restarter_instance_state_t state, next_state;
1826 int r;
1827
1828 assert(v->gv_type == GVT_INST);
1829
1830 if (scf_inst == NULL)
1831 bad_error("safe_scf_instance_create", scf_error());
1832 if (pg == NULL)
1833 bad_error("safe_scf_pg_create", scf_error());
1834
1835 /* if the vertex is already going offline, return */
1836 rep_retry:
1837 if (scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, scf_inst, NULL,
1838 NULL, SCF_DECODE_FMRI_EXACT) != 0) {
1839 switch (scf_error()) {
1840 case SCF_ERROR_CONNECTION_BROKEN:
1841 libscf_handle_rebind(h);
1842 goto rep_retry;
1843
1844 case SCF_ERROR_NOT_FOUND:
1845 scf_pg_destroy(pg);
1846 scf_instance_destroy(scf_inst);
1847 (void) scf_handle_unbind(h);
1848 scf_handle_destroy(h);
1849 return;
1850 }
1851 uu_die("Can't decode FMRI %s: %s\n", v->gv_name,
1852 scf_strerror(scf_error()));
1853 }
1854
1855 r = scf_instance_get_pg(scf_inst, SCF_PG_RESTARTER, pg);
1856 if (r != 0) {
1857 switch (scf_error()) {
1858 case SCF_ERROR_CONNECTION_BROKEN:
1859 libscf_handle_rebind(h);
1860 goto rep_retry;
1861
1862 case SCF_ERROR_NOT_SET:
1863 case SCF_ERROR_NOT_FOUND:
1864 scf_pg_destroy(pg);
1865 scf_instance_destroy(scf_inst);
1866 (void) scf_handle_unbind(h);
1867 scf_handle_destroy(h);
1868 return;
1869
1870 default:
1871 bad_error("scf_instance_get_pg", scf_error());
1872 }
1873 } else {
1874 r = libscf_read_states(pg, &state, &next_state);
1875 if (r == 0 && (next_state == RESTARTER_STATE_OFFLINE ||
1876 next_state == RESTARTER_STATE_DISABLED)) {
1877 log_framework(LOG_DEBUG,
1878 "%s: instance is already going down.\n",
1879 v->gv_name);
1880 scf_pg_destroy(pg);
1881 scf_instance_destroy(scf_inst);
1882 (void) scf_handle_unbind(h);
1883 scf_handle_destroy(h);
1884 return;
1885 }
1886 }
1887
1888 scf_pg_destroy(pg);
1889 scf_instance_destroy(scf_inst);
1890 (void) scf_handle_unbind(h);
1891 scf_handle_destroy(h);
1892
1893 vertex_send_event(v, RESTARTER_EVENT_TYPE_STOP_RESET);
1894 }
1895
1896 /*
1897 * void graph_enable_by_vertex()
1898 * If admin is non-zero, this is an administrative request for change
1899 * of the enabled property. Thus, send the ADMIN_DISABLE rather than
1900 * a plain DISABLE restarter event.
1901 */
1902 void
1903 graph_enable_by_vertex(graph_vertex_t *vertex, int enable, int admin)
1904 {
1905 graph_vertex_t *v;
1906 int r;
1907
1908 assert(MUTEX_HELD(&dgraph_lock));
1909 assert((vertex->gv_flags & GV_CONFIGURED));
1910
1911 vertex->gv_flags = (vertex->gv_flags & ~GV_ENABLED) |
1912 (enable ? GV_ENABLED : 0);
1913
1914 if (enable) {
1915 if (vertex->gv_state != RESTARTER_STATE_OFFLINE &&
1916 vertex->gv_state != RESTARTER_STATE_DEGRADED &&
1917 vertex->gv_state != RESTARTER_STATE_ONLINE) {
1918 /*
1919 * In case the vertex was notified to go down,
1920 * but now can return online, clear the _TOOFFLINE
1921 * and _TODISABLE flags.
1922 */
1923 vertex->gv_flags &= ~GV_TOOFFLINE;
1924 vertex->gv_flags &= ~GV_TODISABLE;
1925
1926 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ENABLE);
1927 }
1928
1929 /*
1930 * Wait for state update from restarter before sending _START or
1931 * _STOP.
1932 */
1933
1934 return;
1935 }
1936
1937 if (vertex->gv_state == RESTARTER_STATE_DISABLED)
1938 return;
1939
1940 if (!admin) {
1941 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_DISABLE);
1942
1943 /*
1944 * Wait for state update from restarter before sending _START or
1945 * _STOP.
1946 */
1947
1948 return;
1949 }
1950
1951 /*
1952 * If it is a DISABLE event requested by the administrator then we are
1953 * offlining the dependents first.
1954 */
1955
1956 /*
1957 * Set GV_TOOFFLINE for the services we are offlining. We cannot
1958 * clear the GV_TOOFFLINE bits from all the services because
1959 * other DISABLE events might be handled at the same time.
1960 */
1961 vertex->gv_flags |= GV_TOOFFLINE;
1962
1963 /* remember which vertex to disable... */
1964 vertex->gv_flags |= GV_TODISABLE;
1965
1966 log_framework(LOG_DEBUG, "Marking in-subtree vertices before "
1967 "disabling %s.\n", vertex->gv_name);
1968
1969 /* set GV_TOOFFLINE for its dependents */
1970 r = uu_list_walk(vertex->gv_dependents, (uu_walk_fn_t *)mark_subtree,
1971 NULL, 0);
1972 assert(r == 0);
1973
1974 /* disable the instance now if there is nothing else to offline */
1975 if (insubtree_dependents_down(vertex) == B_TRUE) {
1976 vertex_send_event(vertex, RESTARTER_EVENT_TYPE_ADMIN_DISABLE);
1977 return;
1978 }
1979
1980 /*
1981 * This loop is similar to the one used for the graph reversal shutdown
1982 * and could be improved in term of performance for the subtree reversal
1983 * disable case.
1984 */
1985 for (v = uu_list_first(dgraph); v != NULL;
1986 v = uu_list_next(dgraph, v)) {
1987 /* skip the vertex we are disabling for now */
1988 if (v == vertex)
1989 continue;
1990
1991 if (v->gv_type != GVT_INST ||
1992 (v->gv_flags & GV_CONFIGURED) == 0 ||
1993 (v->gv_flags & GV_ENABLED) == 0 ||
1994 (v->gv_flags & GV_TOOFFLINE) == 0)
1995 continue;
1996
1997 if ((v->gv_state != RESTARTER_STATE_ONLINE) &&
1998 (v->gv_state != RESTARTER_STATE_DEGRADED)) {
1999 /* continue if there is nothing to offline */
2000 continue;
2001 }
2002
2003 /*
2004 * Instances which are up need to come down before we're
2005 * done, but we can only offline the leaves here. An
2006 * instance is a leaf when all its dependents are down.
2007 */
2008 if (insubtree_dependents_down(v) == B_TRUE) {
2009 log_framework(LOG_DEBUG, "Offlining in-subtree "
2010 "instance %s for %s.\n",
2011 v->gv_name, vertex->gv_name);
2012 offline_vertex(v);
2013 }
2014 }
2015 }
2016
2017 static int configure_vertex(graph_vertex_t *, scf_instance_t *);
2018
2019 /*
2020 * Set the restarter for v to fmri_arg. That is, make sure a vertex for
2021 * fmri_arg exists, make v depend on it, and send _ADD_INSTANCE for v. If
2022 * v is already configured and fmri_arg indicates the current restarter, do
2023 * nothing. If v is configured and fmri_arg is a new restarter, delete v's
2024 * dependency on the restarter, send _REMOVE_INSTANCE for v, and set the new
2025 * restarter. Returns 0 on success, EINVAL if the FMRI is invalid,
2026 * ECONNABORTED if the repository connection is broken, and ELOOP
2027 * if the dependency would create a cycle. In the last case, *pathp will
2028 * point to a -1-terminated array of ids which compose the path from v to
2029 * restarter_fmri.
2030 */
2031 int
2032 graph_change_restarter(graph_vertex_t *v, const char *fmri_arg, scf_handle_t *h,
2033 int **pathp)
2034 {
2035 char *restarter_fmri = NULL;
2036 graph_vertex_t *rv;
2037 int err;
2038 int id;
2039
2040 assert(MUTEX_HELD(&dgraph_lock));
2041
2042 if (fmri_arg[0] != '\0') {
2043 err = fmri_canonify(fmri_arg, &restarter_fmri, B_TRUE);
2044 if (err != 0) {
2045 assert(err == EINVAL);
2046 return (err);
2047 }
2048 }
2049
2050 if (restarter_fmri == NULL ||
2051 strcmp(restarter_fmri, SCF_SERVICE_STARTD) == 0) {
2052 if (v->gv_flags & GV_CONFIGURED) {
2053 if (v->gv_restarter_id == -1) {
2054 if (restarter_fmri != NULL)
2055 startd_free(restarter_fmri,
2056 max_scf_fmri_size);
2057 return (0);
2058 }
2059
2060 graph_unset_restarter(v);
2061 }
2062
2063 /* Master restarter, nothing to do. */
2064 v->gv_restarter_id = -1;
2065 v->gv_restarter_channel = NULL;
2066 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE);
2067 return (0);
2068 }
2069
2070 if (v->gv_flags & GV_CONFIGURED) {
2071 id = dict_lookup_byname(restarter_fmri);
2072 if (id != -1 && v->gv_restarter_id == id) {
2073 startd_free(restarter_fmri, max_scf_fmri_size);
2074 return (0);
2075 }
2076
2077 graph_unset_restarter(v);
2078 }
2079
2080 err = graph_insert_vertex_unconfigured(restarter_fmri, GVT_INST, 0,
2081 RERR_NONE, &rv);
2082 startd_free(restarter_fmri, max_scf_fmri_size);
2083 assert(err == 0 || err == EEXIST);
2084
2085 if (rv->gv_delegate_initialized == 0) {
2086 if ((rv->gv_delegate_channel = restarter_protocol_init_delegate(
2087 rv->gv_name)) == NULL)
2088 return (EINVAL);
2089 rv->gv_delegate_initialized = 1;
2090 }
2091 v->gv_restarter_id = rv->gv_id;
2092 v->gv_restarter_channel = rv->gv_delegate_channel;
2093
2094 err = graph_insert_dependency(v, rv, pathp);
2095 if (err != 0) {
2096 assert(err == ELOOP);
2097 return (ELOOP);
2098 }
2099
2100 vertex_send_event(v, RESTARTER_EVENT_TYPE_ADD_INSTANCE);
2101
2102 if (!(rv->gv_flags & GV_CONFIGURED)) {
2103 scf_instance_t *inst;
2104
2105 err = libscf_fmri_get_instance(h, rv->gv_name, &inst);
2106 switch (err) {
2107 case 0:
2108 err = configure_vertex(rv, inst);
2109 scf_instance_destroy(inst);
2110 switch (err) {
2111 case 0:
2112 case ECANCELED:
2113 break;
2114
2115 case ECONNABORTED:
2116 return (ECONNABORTED);
2117
2118 default:
2119 bad_error("configure_vertex", err);
2120 }
2121 break;
2122
2123 case ECONNABORTED:
2124 return (ECONNABORTED);
2125
2126 case ENOENT:
2127 break;
2128
2129 case ENOTSUP:
2130 /*
2131 * The fmri doesn't specify an instance - translate
2132 * to EINVAL.
2133 */
2134 return (EINVAL);
2135
2136 case EINVAL:
2137 default:
2138 bad_error("libscf_fmri_get_instance", err);
2139 }
2140 }
2141
2142 return (0);
2143 }
2144
2145
2146 /*
2147 * Add all of the instances of the service named by fmri to the graph.
2148 * Returns
2149 * 0 - success
2150 * ENOENT - service indicated by fmri does not exist
2151 *
2152 * In both cases *reboundp will be B_TRUE if the handle was rebound, or B_FALSE
2153 * otherwise.
2154 */
2155 static int
2156 add_service(const char *fmri, scf_handle_t *h, boolean_t *reboundp)
2157 {
2158 scf_service_t *svc;
2159 scf_instance_t *inst;
2160 scf_iter_t *iter;
2161 char *inst_fmri;
2162 int ret, r;
2163
2164 *reboundp = B_FALSE;
2165
2166 svc = safe_scf_service_create(h);
2167 inst = safe_scf_instance_create(h);
2168 iter = safe_scf_iter_create(h);
2169 inst_fmri = startd_alloc(max_scf_fmri_size);
2170
2171 rebound:
2172 if (scf_handle_decode_fmri(h, fmri, NULL, svc, NULL, NULL, NULL,
2173 SCF_DECODE_FMRI_EXACT) != 0) {
2174 switch (scf_error()) {
2175 case SCF_ERROR_CONNECTION_BROKEN:
2176 default:
2177 libscf_handle_rebind(h);
2178 *reboundp = B_TRUE;
2179 goto rebound;
2180
2181 case SCF_ERROR_NOT_FOUND:
2182 ret = ENOENT;
2183 goto out;
2184
2185 case SCF_ERROR_INVALID_ARGUMENT:
2186 case SCF_ERROR_CONSTRAINT_VIOLATED:
2187 case SCF_ERROR_NOT_BOUND:
2188 case SCF_ERROR_HANDLE_MISMATCH:
2189 bad_error("scf_handle_decode_fmri", scf_error());
2190 }
2191 }
2192
2193 if (scf_iter_service_instances(iter, svc) != 0) {
2194 switch (scf_error()) {
2195 case SCF_ERROR_CONNECTION_BROKEN:
2196 default:
2197 libscf_handle_rebind(h);
2198 *reboundp = B_TRUE;
2199 goto rebound;
2200
2201 case SCF_ERROR_DELETED:
2202 ret = ENOENT;
2203 goto out;
2204
2205 case SCF_ERROR_HANDLE_MISMATCH:
2206 case SCF_ERROR_NOT_BOUND:
2207 case SCF_ERROR_NOT_SET:
2208 bad_error("scf_iter_service_instances", scf_error());
2209 }
2210 }
2211
2212 for (;;) {
2213 r = scf_iter_next_instance(iter, inst);
2214 if (r == 0)
2215 break;
2216 if (r != 1) {
2217 switch (scf_error()) {
2218 case SCF_ERROR_CONNECTION_BROKEN:
2219 default:
2220 libscf_handle_rebind(h);
2221 *reboundp = B_TRUE;
2222 goto rebound;
2223
2224 case SCF_ERROR_DELETED:
2225 ret = ENOENT;
2226 goto out;
2227
2228 case SCF_ERROR_HANDLE_MISMATCH:
2229 case SCF_ERROR_NOT_BOUND:
2230 case SCF_ERROR_NOT_SET:
2231 case SCF_ERROR_INVALID_ARGUMENT:
2232 bad_error("scf_iter_next_instance",
2233 scf_error());
2234 }
2235 }
2236
2237 if (scf_instance_to_fmri(inst, inst_fmri, max_scf_fmri_size) <
2238 0) {
2239 switch (scf_error()) {
2240 case SCF_ERROR_CONNECTION_BROKEN:
2241 libscf_handle_rebind(h);
2242 *reboundp = B_TRUE;
2243 goto rebound;
2244
2245 case SCF_ERROR_DELETED:
2246 continue;
2247
2248 case SCF_ERROR_NOT_BOUND:
2249 case SCF_ERROR_NOT_SET:
2250 bad_error("scf_instance_to_fmri", scf_error());
2251 }
2252 }
2253
2254 r = dgraph_add_instance(inst_fmri, inst, B_FALSE);
2255 switch (r) {
2256 case 0:
2257 case ECANCELED:
2258 break;
2259
2260 case EEXIST:
2261 continue;
2262
2263 case ECONNABORTED:
2264 libscf_handle_rebind(h);
2265 *reboundp = B_TRUE;
2266 goto rebound;
2267
2268 case EINVAL:
2269 default:
2270 bad_error("dgraph_add_instance", r);
2271 }
2272 }
2273
2274 ret = 0;
2275
2276 out:
2277 startd_free(inst_fmri, max_scf_fmri_size);
2278 scf_iter_destroy(iter);
2279 scf_instance_destroy(inst);
2280 scf_service_destroy(svc);
2281 return (ret);
2282 }
2283
2284 struct depfmri_info {
2285 graph_vertex_t *v; /* GVT_GROUP vertex */
2286 gv_type_t type; /* type of dependency */
2287 const char *inst_fmri; /* FMRI of parental GVT_INST vert. */
2288 const char *pg_name; /* Name of dependency pg */
2289 scf_handle_t *h;
2290 int err; /* return error code */
2291 int **pathp; /* return circular dependency path */
2292 };
2293
2294 /*
2295 * Find or create a vertex for fmri and make info->v depend on it.
2296 * Returns
2297 * 0 - success
2298 * nonzero - failure
2299 *
2300 * On failure, sets info->err to
2301 * EINVAL - fmri is invalid
2302 * fmri does not match info->type
2303 * ELOOP - Adding the dependency creates a circular dependency. *info->pathp
2304 * will point to an array of the ids of the members of the cycle.
2305 * ECONNABORTED - repository connection was broken
2306 * ECONNRESET - succeeded, but repository connection was reset
2307 */
2308 static int
2309 process_dependency_fmri(const char *fmri, struct depfmri_info *info)
2310 {
2311 int err;
2312 graph_vertex_t *depgroup_v, *v;
2313 char *fmri_copy, *cfmri;
2314 size_t fmri_copy_sz;
2315 const char *scope, *service, *instance, *pg;
2316 scf_instance_t *inst;
2317 boolean_t rebound;
2318
2319 assert(MUTEX_HELD(&dgraph_lock));
2320
2321 /* Get or create vertex for FMRI */
2322 depgroup_v = info->v;
2323
2324 if (strncmp(fmri, "file:", sizeof ("file:") - 1) == 0) {
2325 if (info->type != GVT_FILE) {
2326 log_framework(LOG_NOTICE,
2327 "FMRI \"%s\" is not allowed for the \"%s\" "
2328 "dependency's type of instance %s.\n", fmri,
2329 info->pg_name, info->inst_fmri);
2330 return (info->err = EINVAL);
2331 }
2332
2333 err = graph_insert_vertex_unconfigured(fmri, info->type, 0,
2334 RERR_NONE, &v);
2335 switch (err) {
2336 case 0:
2337 break;
2338
2339 case EEXIST:
2340 assert(v->gv_type == GVT_FILE);
2341 break;
2342
2343 case EINVAL: /* prevented above */
2344 default:
2345 bad_error("graph_insert_vertex_unconfigured", err);
2346 }
2347 } else {
2348 if (info->type != GVT_INST) {
2349 log_framework(LOG_NOTICE,
2350 "FMRI \"%s\" is not allowed for the \"%s\" "
2351 "dependency's type of instance %s.\n", fmri,
2352 info->pg_name, info->inst_fmri);
2353 return (info->err = EINVAL);
2354 }
2355
2356 /*
2357 * We must canonify fmri & add a vertex for it.
2358 */
2359 fmri_copy_sz = strlen(fmri) + 1;
2360 fmri_copy = startd_alloc(fmri_copy_sz);
2361 (void) strcpy(fmri_copy, fmri);
2362
2363 /* Determine if the FMRI is a property group or instance */
2364 if (scf_parse_svc_fmri(fmri_copy, &scope, &service,
2365 &instance, &pg, NULL) != 0) {
2366 startd_free(fmri_copy, fmri_copy_sz);
2367 log_framework(LOG_NOTICE,
2368 "Dependency \"%s\" of %s has invalid FMRI "
2369 "\"%s\".\n", info->pg_name, info->inst_fmri,
2370 fmri);
2371 return (info->err = EINVAL);
2372 }
2373
2374 if (service == NULL || pg != NULL) {
2375 startd_free(fmri_copy, fmri_copy_sz);
2376 log_framework(LOG_NOTICE,
2377 "Dependency \"%s\" of %s does not designate a "
2378 "service or instance.\n", info->pg_name,
2379 info->inst_fmri);
2380 return (info->err = EINVAL);
2381 }
2382
2383 if (scope == NULL || strcmp(scope, SCF_SCOPE_LOCAL) == 0) {
2384 cfmri = uu_msprintf("svc:/%s%s%s",
2385 service, instance ? ":" : "", instance ? instance :
2386 "");
2387 } else {
2388 cfmri = uu_msprintf("svc://%s/%s%s%s",
2389 scope, service, instance ? ":" : "", instance ?
2390 instance : "");
2391 }
2392
2393 startd_free(fmri_copy, fmri_copy_sz);
2394
2395 err = graph_insert_vertex_unconfigured(cfmri, instance ?
2396 GVT_INST : GVT_SVC, instance ? 0 : DEPGRP_REQUIRE_ANY,
2397 RERR_NONE, &v);
2398 uu_free(cfmri);
2399 switch (err) {
2400 case 0:
2401 break;
2402
2403 case EEXIST:
2404 /* Verify v. */
2405 if (instance != NULL)
2406 assert(v->gv_type == GVT_INST);
2407 else
2408 assert(v->gv_type == GVT_SVC);
2409 break;
2410
2411 default:
2412 bad_error("graph_insert_vertex_unconfigured", err);
2413 }
2414 }
2415
2416 /* Add dependency from depgroup_v to new vertex */
2417 info->err = graph_insert_dependency(depgroup_v, v, info->pathp);
2418 switch (info->err) {
2419 case 0:
2420 break;
2421
2422 case ELOOP:
2423 return (ELOOP);
2424
2425 default:
2426 bad_error("graph_insert_dependency", info->err);
2427 }
2428
2429 /* This must be after we insert the dependency, to avoid looping. */
2430 switch (v->gv_type) {
2431 case GVT_INST:
2432 if ((v->gv_flags & GV_CONFIGURED) != 0)
2433 break;
2434
2435 inst = safe_scf_instance_create(info->h);
2436
2437 rebound = B_FALSE;
2438
2439 rebound:
2440 err = libscf_lookup_instance(v->gv_name, inst);
2441 switch (err) {
2442 case 0:
2443 err = configure_vertex(v, inst);
2444 switch (err) {
2445 case 0:
2446 case ECANCELED:
2447 break;
2448
2449 case ECONNABORTED:
2450 libscf_handle_rebind(info->h);
2451 rebound = B_TRUE;
2452 goto rebound;
2453
2454 default:
2455 bad_error("configure_vertex", err);
2456 }
2457 break;
2458
2459 case ENOENT:
2460 break;
2461
2462 case ECONNABORTED:
2463 libscf_handle_rebind(info->h);
2464 rebound = B_TRUE;
2465 goto rebound;
2466
2467 case EINVAL:
2468 case ENOTSUP:
2469 default:
2470 bad_error("libscf_fmri_get_instance", err);
2471 }
2472
2473 scf_instance_destroy(inst);
2474
2475 if (rebound)
2476 return (info->err = ECONNRESET);
2477 break;
2478
2479 case GVT_SVC:
2480 (void) add_service(v->gv_name, info->h, &rebound);
2481 if (rebound)
2482 return (info->err = ECONNRESET);
2483 }
2484
2485 return (0);
2486 }
2487
2488 struct deppg_info {
2489 graph_vertex_t *v; /* GVT_INST vertex */
2490 int err; /* return error */
2491 int **pathp; /* return circular dependency path */
2492 };
2493
2494 /*
2495 * Make info->v depend on a new GVT_GROUP node for this property group,
2496 * and then call process_dependency_fmri() for the values of the entity
2497 * property. Return 0 on success, or if something goes wrong return nonzero
2498 * and set info->err to ECONNABORTED, EINVAL, or the error code returned by
2499 * process_dependency_fmri().
2500 */
2501 static int
2502 process_dependency_pg(scf_propertygroup_t *pg, struct deppg_info *info)
2503 {
2504 scf_handle_t *h;
2505 depgroup_type_t deptype;
2506 restarter_error_t rerr;
2507 struct depfmri_info linfo;
2508 char *fmri, *pg_name;
2509 size_t fmri_sz;
2510 graph_vertex_t *depgrp;
2511 scf_property_t *prop;
2512 int err;
2513 int empty;
2514 scf_error_t scferr;
2515 ssize_t len;
2516
2517 assert(MUTEX_HELD(&dgraph_lock));
2518
2519 h = scf_pg_handle(pg);
2520
2521 pg_name = startd_alloc(max_scf_name_size);
2522
2523 len = scf_pg_get_name(pg, pg_name, max_scf_name_size);
2524 if (len < 0) {
2525 startd_free(pg_name, max_scf_name_size);
2526 switch (scf_error()) {
2527 case SCF_ERROR_CONNECTION_BROKEN:
2528 default:
2529 return (info->err = ECONNABORTED);
2530
2531 case SCF_ERROR_DELETED:
2532 return (info->err = 0);
2533
2534 case SCF_ERROR_NOT_SET:
2535 bad_error("scf_pg_get_name", scf_error());
2536 }
2537 }
2538
2539 /*
2540 * Skip over empty dependency groups. Since dependency property
2541 * groups are updated atomically, they are either empty or
2542 * fully populated.
2543 */
2544 empty = depgroup_empty(h, pg);
2545 if (empty < 0) {
2546 log_error(LOG_INFO,
2547 "Error reading dependency group \"%s\" of %s: %s\n",
2548 pg_name, info->v->gv_name, scf_strerror(scf_error()));
2549 startd_free(pg_name, max_scf_name_size);
2550 return (info->err = EINVAL);
2551
2552 } else if (empty == 1) {
2553 log_framework(LOG_DEBUG,
2554 "Ignoring empty dependency group \"%s\" of %s\n",
2555 pg_name, info->v->gv_name);
2556 startd_free(pg_name, max_scf_name_size);
2557 return (info->err = 0);
2558 }
2559
2560 fmri_sz = strlen(info->v->gv_name) + 1 + len + 1;
2561 fmri = startd_alloc(fmri_sz);
2562
2563 (void) snprintf(fmri, fmri_sz, "%s>%s", info->v->gv_name,
2564 pg_name);
2565
2566 /* Validate the pg before modifying the graph */
2567 deptype = depgroup_read_grouping(h, pg);
2568 if (deptype == DEPGRP_UNSUPPORTED) {
2569 log_error(LOG_INFO,
2570 "Dependency \"%s\" of %s has an unknown grouping value.\n",
2571 pg_name, info->v->gv_name);
2572 startd_free(fmri, fmri_sz);
2573 startd_free(pg_name, max_scf_name_size);
2574 return (info->err = EINVAL);
2575 }
2576
2577 rerr = depgroup_read_restart(h, pg);
2578 if (rerr == RERR_UNSUPPORTED) {
2579 log_error(LOG_INFO,
2580 "Dependency \"%s\" of %s has an unknown restart_on value."
2581 "\n", pg_name, info->v->gv_name);
2582 startd_free(fmri, fmri_sz);
2583 startd_free(pg_name, max_scf_name_size);
2584 return (info->err = EINVAL);
2585 }
2586
2587 prop = safe_scf_property_create(h);
2588
2589 if (scf_pg_get_property(pg, SCF_PROPERTY_ENTITIES, prop) != 0) {
2590 scferr = scf_error();
2591 scf_property_destroy(prop);
2592 if (scferr == SCF_ERROR_DELETED) {
2593 startd_free(fmri, fmri_sz);
2594 startd_free(pg_name, max_scf_name_size);
2595 return (info->err = 0);
2596 } else if (scferr != SCF_ERROR_NOT_FOUND) {
2597 startd_free(fmri, fmri_sz);
2598 startd_free(pg_name, max_scf_name_size);
2599 return (info->err = ECONNABORTED);
2600 }
2601
2602 log_error(LOG_INFO,
2603 "Dependency \"%s\" of %s is missing a \"%s\" property.\n",
2604 pg_name, info->v->gv_name, SCF_PROPERTY_ENTITIES);
2605
2606 startd_free(fmri, fmri_sz);
2607 startd_free(pg_name, max_scf_name_size);
2608
2609 return (info->err = EINVAL);
2610 }
2611
2612 /* Create depgroup vertex for pg */
2613 err = graph_insert_vertex_unconfigured(fmri, GVT_GROUP, deptype,
2614 rerr, &depgrp);
2615 assert(err == 0);
2616 startd_free(fmri, fmri_sz);
2617
2618 /* Add dependency from inst vertex to new vertex */
2619 err = graph_insert_dependency(info->v, depgrp, info->pathp);
2620 /* ELOOP can't happen because this should be a new vertex */
2621 assert(err == 0);
2622
2623 linfo.v = depgrp;
2624 linfo.type = depgroup_read_scheme(h, pg);
2625 linfo.inst_fmri = info->v->gv_name;
2626 linfo.pg_name = pg_name;
2627 linfo.h = h;
2628 linfo.err = 0;
2629 linfo.pathp = info->pathp;
2630 err = walk_property_astrings(prop, (callback_t)process_dependency_fmri,
2631 &linfo);
2632
2633 scf_property_destroy(prop);
2634 startd_free(pg_name, max_scf_name_size);
2635
2636 switch (err) {
2637 case 0:
2638 case EINTR:
2639 return (info->err = linfo.err);
2640
2641 case ECONNABORTED:
2642 case EINVAL:
2643 return (info->err = err);
2644
2645 case ECANCELED:
2646 return (info->err = 0);
2647
2648 case ECONNRESET:
2649 return (info->err = ECONNABORTED);
2650
2651 default:
2652 bad_error("walk_property_astrings", err);
2653 /* NOTREACHED */
2654 }
2655 }
2656
2657 /*
2658 * Build the dependency info for v from the repository. Returns 0 on success,
2659 * ECONNABORTED on repository disconnection, EINVAL if the repository
2660 * configuration is invalid, and ELOOP if a dependency would cause a cycle.
2661 * In the last case, *pathp will point to a -1-terminated array of ids which
2662 * constitute the rest of the dependency cycle.
2663 */
2664 static int
2665 set_dependencies(graph_vertex_t *v, scf_instance_t *inst, int **pathp)
2666 {
2667 struct deppg_info info;
2668 int err;
2669 uint_t old_configured;
2670
2671 assert(MUTEX_HELD(&dgraph_lock));
2672
2673 /*
2674 * Mark the vertex as configured during dependency insertion to avoid
2675 * dependency cycles (which can appear in the graph if one of the
2676 * vertices is an exclusion-group).
2677 */
2678 old_configured = v->gv_flags & GV_CONFIGURED;
2679 v->gv_flags |= GV_CONFIGURED;
2680
2681 info.err = 0;
2682 info.v = v;
2683 info.pathp = pathp;
2684
2685 err = walk_dependency_pgs(inst, (callback_t)process_dependency_pg,
2686 &info);
2687
2688 if (!old_configured)
2689 v->gv_flags &= ~GV_CONFIGURED;
2690
2691 switch (err) {
2692 case 0:
2693 case EINTR:
2694 return (info.err);
2695
2696 case ECONNABORTED:
2697 return (ECONNABORTED);
2698
2699 case ECANCELED:
2700 /* Should get delete event, so return 0. */
2701 return (0);
2702
2703 default:
2704 bad_error("walk_dependency_pgs", err);
2705 /* NOTREACHED */
2706 }
2707 }
2708
2709
2710 static void
2711 handle_cycle(const char *fmri, int *path)
2712 {
2713 const char *cp;
2714 size_t sz;
2715
2716 assert(MUTEX_HELD(&dgraph_lock));
2717
2718 path_to_str(path, (char **)&cp, &sz);
2719
2720 log_error(LOG_ERR, "Transitioning %s to maintenance "
2721 "because it completes a dependency cycle (see svcs -xv for "
2722 "details):\n%s", fmri ? fmri : "?", cp);
2723
2724 startd_free((void *)cp, sz);
2725 }
2726
2727 /*
2728 * Increment the vertex's reference count to prevent the vertex removal
2729 * from the dgraph.
2730 */
2731 static void
2732 vertex_ref(graph_vertex_t *v)
2733 {
2734 assert(MUTEX_HELD(&dgraph_lock));
2735
2736 v->gv_refs++;
2737 }
2738
2739 /*
2740 * Decrement the vertex's reference count and remove the vertex from
2741 * the dgraph when possible.
2742 *
2743 * Return VERTEX_REMOVED when the vertex has been removed otherwise
2744 * return VERTEX_INUSE.
2745 */
2746 static int
2747 vertex_unref(graph_vertex_t *v)
2748 {
2749 assert(MUTEX_HELD(&dgraph_lock));
2750 assert(v->gv_refs > 0);
2751
2752 v->gv_refs--;
2753
2754 return (free_if_unrefed(v));
2755 }
2756
2757 /*
2758 * When run on the dependencies of a vertex, populates list with
2759 * graph_edge_t's which point to the service vertices or the instance
2760 * vertices (no GVT_GROUP nodes) on which the vertex depends.
2761 *
2762 * Increment the vertex's reference count once the vertex is inserted
2763 * in the list. The vertex won't be able to be deleted from the dgraph
2764 * while it is referenced.
2765 */
2766 static int
2767 append_svcs_or_insts(graph_edge_t *e, uu_list_t *list)
2768 {
2769 graph_vertex_t *v = e->ge_vertex;
2770 graph_edge_t *new;
2771 int r;
2772
2773 switch (v->gv_type) {
2774 case GVT_INST:
2775 case GVT_SVC:
2776 break;
2777
2778 case GVT_GROUP:
2779 r = uu_list_walk(v->gv_dependencies,
2780 (uu_walk_fn_t *)append_svcs_or_insts, list, 0);
2781 assert(r == 0);
2782 return (UU_WALK_NEXT);
2783
2784 case GVT_FILE:
2785 return (UU_WALK_NEXT);
2786
2787 default:
2788 #ifndef NDEBUG
2789 uu_warn("%s:%d: Unexpected vertex type %d.\n", __FILE__,
2790 __LINE__, v->gv_type);
2791 #endif
2792 abort();
2793 }
2794
2795 new = startd_alloc(sizeof (*new));
2796 new->ge_vertex = v;
2797 uu_list_node_init(new, &new->ge_link, graph_edge_pool);
2798 r = uu_list_insert_before(list, NULL, new);
2799 assert(r == 0);
2800
2801 /*
2802 * Because we are inserting the vertex in a list, we don't want
2803 * the vertex to be freed while the list is in use. In order to
2804 * achieve that, increment the vertex's reference count.
2805 */
2806 vertex_ref(v);
2807
2808 return (UU_WALK_NEXT);
2809 }
2810
2811 static boolean_t
2812 should_be_in_subgraph(graph_vertex_t *v)
2813 {
2814 graph_edge_t *e;
2815
2816 if (v == milestone)
2817 return (B_TRUE);
2818
2819 /*
2820 * v is in the subgraph if any of its dependents are in the subgraph.
2821 * Except for EXCLUDE_ALL dependents. And OPTIONAL dependents only
2822 * count if we're enabled.
2823 */
2824 for (e = uu_list_first(v->gv_dependents);
2825 e != NULL;
2826 e = uu_list_next(v->gv_dependents, e)) {
2827 graph_vertex_t *dv = e->ge_vertex;
2828
2829 if (!(dv->gv_flags & GV_INSUBGRAPH))
2830 continue;
2831
2832 /*
2833 * Don't include instances that are optional and disabled.
2834 */
2835 if (v->gv_type == GVT_INST && dv->gv_type == GVT_SVC) {
2836
2837 int in = 0;
2838 graph_edge_t *ee;
2839
2840 for (ee = uu_list_first(dv->gv_dependents);
2841 ee != NULL;
2842 ee = uu_list_next(dv->gv_dependents, ee)) {
2843
2844 graph_vertex_t *ddv = e->ge_vertex;
2845
2846 if (ddv->gv_type == GVT_GROUP &&
2847 ddv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
2848 continue;
2849
2850 if (ddv->gv_type == GVT_GROUP &&
2851 ddv->gv_depgroup == DEPGRP_OPTIONAL_ALL &&
2852 !(v->gv_flags & GV_ENBLD_NOOVR))
2853 continue;
2854
2855 in = 1;
2856 }
2857 if (!in)
2858 continue;
2859 }
2860 if (v->gv_type == GVT_INST &&
2861 dv->gv_type == GVT_GROUP &&
2862 dv->gv_depgroup == DEPGRP_OPTIONAL_ALL &&
2863 !(v->gv_flags & GV_ENBLD_NOOVR))
2864 continue;
2865
2866 /* Don't include excluded services and instances */
2867 if (dv->gv_type == GVT_GROUP &&
2868 dv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
2869 continue;
2870
2871 return (B_TRUE);
2872 }
2873
2874 return (B_FALSE);
2875 }
2876
2877 /*
2878 * Ensures that GV_INSUBGRAPH is set properly for v and its descendents. If
2879 * any bits change, manipulate the repository appropriately. Returns 0 or
2880 * ECONNABORTED.
2881 */
2882 static int
2883 eval_subgraph(graph_vertex_t *v, scf_handle_t *h)
2884 {
2885 boolean_t old = (v->gv_flags & GV_INSUBGRAPH) != 0;
2886 boolean_t new;
2887 graph_edge_t *e;
2888 scf_instance_t *inst;
2889 int ret = 0, r;
2890
2891 assert(milestone != NULL && milestone != MILESTONE_NONE);
2892
2893 new = should_be_in_subgraph(v);
2894
2895 if (new == old)
2896 return (0);
2897
2898 log_framework(LOG_DEBUG, new ? "Adding %s to the subgraph.\n" :
2899 "Removing %s from the subgraph.\n", v->gv_name);
2900
2901 v->gv_flags = (v->gv_flags & ~GV_INSUBGRAPH) |
2902 (new ? GV_INSUBGRAPH : 0);
2903
2904 if (v->gv_type == GVT_INST && (v->gv_flags & GV_CONFIGURED)) {
2905 int err;
2906
2907 get_inst:
2908 err = libscf_fmri_get_instance(h, v->gv_name, &inst);
2909 if (err != 0) {
2910 switch (err) {
2911 case ECONNABORTED:
2912 libscf_handle_rebind(h);
2913 ret = ECONNABORTED;
2914 goto get_inst;
2915
2916 case ENOENT:
2917 break;
2918
2919 case EINVAL:
2920 case ENOTSUP:
2921 default:
2922 bad_error("libscf_fmri_get_instance", err);
2923 }
2924 } else {
2925 const char *f;
2926
2927 if (new) {
2928 err = libscf_delete_enable_ovr(inst);
2929 f = "libscf_delete_enable_ovr";
2930 } else {
2931 err = libscf_set_enable_ovr(inst, 0);
2932 f = "libscf_set_enable_ovr";
2933 }
2934 scf_instance_destroy(inst);
2935 switch (err) {
2936 case 0:
2937 case ECANCELED:
2938 break;
2939
2940 case ECONNABORTED:
2941 libscf_handle_rebind(h);
2942 /*
2943 * We must continue so the graph is updated,
2944 * but we must return ECONNABORTED so any
2945 * libscf state held by any callers is reset.
2946 */
2947 ret = ECONNABORTED;
2948 goto get_inst;
2949
2950 case EROFS:
2951 case EPERM:
2952 log_error(LOG_WARNING,
2953 "Could not set %s/%s for %s: %s.\n",
2954 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
2955 v->gv_name, strerror(err));
2956 break;
2957
2958 default:
2959 bad_error(f, err);
2960 }
2961 }
2962 }
2963
2964 for (e = uu_list_first(v->gv_dependencies);
2965 e != NULL;
2966 e = uu_list_next(v->gv_dependencies, e)) {
2967 r = eval_subgraph(e->ge_vertex, h);
2968 if (r != 0) {
2969 assert(r == ECONNABORTED);
2970 ret = ECONNABORTED;
2971 }
2972 }
2973
2974 return (ret);
2975 }
2976
2977 /*
2978 * Delete the (property group) dependencies of v & create new ones based on
2979 * inst. If doing so would create a cycle, log a message and put the instance
2980 * into maintenance. Update GV_INSUBGRAPH flags as necessary. Returns 0 or
2981 * ECONNABORTED.
2982 */
2983 int
2984 refresh_vertex(graph_vertex_t *v, scf_instance_t *inst)
2985 {
2986 int err;
2987 int *path;
2988 char *fmri;
2989 int r;
2990 scf_handle_t *h = scf_instance_handle(inst);
2991 uu_list_t *old_deps;
2992 int ret = 0;
2993 graph_edge_t *e;
2994 graph_vertex_t *vv;
2995
2996 assert(MUTEX_HELD(&dgraph_lock));
2997 assert(v->gv_type == GVT_INST);
2998
2999 log_framework(LOG_DEBUG, "Graph engine: Refreshing %s.\n", v->gv_name);
3000
3001 if (milestone > MILESTONE_NONE) {
3002 /*
3003 * In case some of v's dependencies are being deleted we must
3004 * make a list of them now for GV_INSUBGRAPH-flag evaluation
3005 * after the new dependencies are in place.
3006 */
3007 old_deps = startd_list_create(graph_edge_pool, NULL, 0);
3008
3009 err = uu_list_walk(v->gv_dependencies,
3010 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0);
3011 assert(err == 0);
3012 }
3013
3014 delete_instance_dependencies(v, B_FALSE);
3015
3016 err = set_dependencies(v, inst, &path);
3017 switch (err) {
3018 case 0:
3019 break;
3020
3021 case ECONNABORTED:
3022 ret = err;
3023 goto out;
3024
3025 case EINVAL:
3026 case ELOOP:
3027 r = libscf_instance_get_fmri(inst, &fmri);
3028 switch (r) {
3029 case 0:
3030 break;
3031
3032 case ECONNABORTED:
3033 ret = ECONNABORTED;
3034 goto out;
3035
3036 case ECANCELED:
3037 ret = 0;
3038 goto out;
3039
3040 default:
3041 bad_error("libscf_instance_get_fmri", r);
3042 }
3043
3044 if (err == EINVAL) {
3045 log_error(LOG_ERR, "Transitioning %s "
3046 "to maintenance due to misconfiguration.\n",
3047 fmri ? fmri : "?");
3048 vertex_send_event(v,
3049 RESTARTER_EVENT_TYPE_INVALID_DEPENDENCY);
3050 } else {
3051 handle_cycle(fmri, path);
3052 vertex_send_event(v,
3053 RESTARTER_EVENT_TYPE_DEPENDENCY_CYCLE);
3054 }
3055 startd_free(fmri, max_scf_fmri_size);
3056 ret = 0;
3057 goto out;
3058
3059 default:
3060 bad_error("set_dependencies", err);
3061 }
3062
3063 if (milestone > MILESTONE_NONE) {
3064 boolean_t aborted = B_FALSE;
3065
3066 for (e = uu_list_first(old_deps);
3067 e != NULL;
3068 e = uu_list_next(old_deps, e)) {
3069 vv = e->ge_vertex;
3070
3071 if (vertex_unref(vv) == VERTEX_INUSE &&
3072 eval_subgraph(vv, h) == ECONNABORTED)
3073 aborted = B_TRUE;
3074 }
3075
3076 for (e = uu_list_first(v->gv_dependencies);
3077 e != NULL;
3078 e = uu_list_next(v->gv_dependencies, e)) {
3079 if (eval_subgraph(e->ge_vertex, h) ==
3080 ECONNABORTED)
3081 aborted = B_TRUE;
3082 }
3083
3084 if (aborted) {
3085 ret = ECONNABORTED;
3086 goto out;
3087 }
3088 }
3089
3090 graph_start_if_satisfied(v);
3091
3092 ret = 0;
3093
3094 out:
3095 if (milestone > MILESTONE_NONE) {
3096 void *cookie = NULL;
3097
3098 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL)
3099 startd_free(e, sizeof (*e));
3100
3101 uu_list_destroy(old_deps);
3102 }
3103
3104 return (ret);
3105 }
3106
3107 /*
3108 * Set up v according to inst. That is, make sure it depends on its
3109 * restarter and set up its dependencies. Send the ADD_INSTANCE command to
3110 * the restarter, and send ENABLE or DISABLE as appropriate.
3111 *
3112 * Returns 0 on success, ECONNABORTED on repository disconnection, or
3113 * ECANCELED if inst is deleted.
3114 */
3115 static int
3116 configure_vertex(graph_vertex_t *v, scf_instance_t *inst)
3117 {
3118 scf_handle_t *h;
3119 scf_propertygroup_t *pg;
3120 scf_snapshot_t *snap;
3121 char *restarter_fmri = startd_alloc(max_scf_value_size);
3122 int enabled, enabled_ovr;
3123 int err;
3124 int *path;
3125 int deathrow;
3126 int32_t tset;
3127
3128 restarter_fmri[0] = '\0';
3129
3130 assert(MUTEX_HELD(&dgraph_lock));
3131 assert(v->gv_type == GVT_INST);
3132 assert((v->gv_flags & GV_CONFIGURED) == 0);
3133
3134 /* GV_INSUBGRAPH should already be set properly. */
3135 assert(should_be_in_subgraph(v) ==
3136 ((v->gv_flags & GV_INSUBGRAPH) != 0));
3137
3138 /*
3139 * If the instance fmri is in the deathrow list then set the
3140 * GV_DEATHROW flag on the vertex and create and set to true the
3141 * SCF_PROPERTY_DEATHROW boolean property in the non-persistent
3142 * repository for this instance fmri.
3143 */
3144 if ((v->gv_flags & GV_DEATHROW) ||
3145 (is_fmri_in_deathrow(v->gv_name) == B_TRUE)) {
3146 if ((v->gv_flags & GV_DEATHROW) == 0) {
3147 /*
3148 * Set flag GV_DEATHROW, create and set to true
3149 * the SCF_PROPERTY_DEATHROW property in the
3150 * non-persistent repository for this instance fmri.
3151 */
3152 v->gv_flags |= GV_DEATHROW;
3153
3154 switch (err = libscf_set_deathrow(inst, 1)) {
3155 case 0:
3156 break;
3157
3158 case ECONNABORTED:
3159 case ECANCELED:
3160 startd_free(restarter_fmri, max_scf_value_size);
3161 return (err);
3162
3163 case EROFS:
3164 log_error(LOG_WARNING, "Could not set %s/%s "
3165 "for deathrow %s: %s.\n",
3166 SCF_PG_DEATHROW, SCF_PROPERTY_DEATHROW,
3167 v->gv_name, strerror(err));
3168 break;
3169
3170 case EPERM:
3171 uu_die("Permission denied.\n");
3172 /* NOTREACHED */
3173
3174 default:
3175 bad_error("libscf_set_deathrow", err);
3176 }
3177 log_framework(LOG_DEBUG, "Deathrow, graph set %s.\n",
3178 v->gv_name);
3179 }
3180 startd_free(restarter_fmri, max_scf_value_size);
3181 return (0);
3182 }
3183
3184 h = scf_instance_handle(inst);
3185
3186 /*
3187 * Using a temporary deathrow boolean property, set through
3188 * libscf_set_deathrow(), only for fmris on deathrow, is necessary
3189 * because deathrow_fini() may already have been called, and in case
3190 * of a refresh, GV_DEATHROW may need to be set again.
3191 * libscf_get_deathrow() sets deathrow to 1 only if this instance
3192 * has a temporary boolean property named 'deathrow' valued true
3193 * in a property group 'deathrow', -1 or 0 in all other cases.
3194 */
3195 err = libscf_get_deathrow(h, inst, &deathrow);
3196 switch (err) {
3197 case 0:
3198 break;
3199
3200 case ECONNABORTED:
3201 case ECANCELED:
3202 startd_free(restarter_fmri, max_scf_value_size);
3203 return (err);
3204
3205 default:
3206 bad_error("libscf_get_deathrow", err);
3207 }
3208
3209 if (deathrow == 1) {
3210 v->gv_flags |= GV_DEATHROW;
3211 startd_free(restarter_fmri, max_scf_value_size);
3212 return (0);
3213 }
3214
3215 log_framework(LOG_DEBUG, "Graph adding %s.\n", v->gv_name);
3216
3217 /*
3218 * If the instance does not have a restarter property group,
3219 * initialize its state to uninitialized/none, in case the restarter
3220 * is not enabled.
3221 */
3222 pg = safe_scf_pg_create(h);
3223
3224 if (scf_instance_get_pg(inst, SCF_PG_RESTARTER, pg) != 0) {
3225 instance_data_t idata;
3226 uint_t count = 0, msecs = ALLOC_DELAY;
3227
3228 switch (scf_error()) {
3229 case SCF_ERROR_NOT_FOUND:
3230 break;
3231
3232 case SCF_ERROR_CONNECTION_BROKEN:
3233 default:
3234 scf_pg_destroy(pg);
3235 startd_free(restarter_fmri, max_scf_value_size);
3236 return (ECONNABORTED);
3237
3238 case SCF_ERROR_DELETED:
3239 scf_pg_destroy(pg);
3240 startd_free(restarter_fmri, max_scf_value_size);
3241 return (ECANCELED);
3242
3243 case SCF_ERROR_NOT_SET:
3244 bad_error("scf_instance_get_pg", scf_error());
3245 }
3246
3247 switch (err = libscf_instance_get_fmri(inst,
3248 (char **)&idata.i_fmri)) {
3249 case 0:
3250 break;
3251
3252 case ECONNABORTED:
3253 case ECANCELED:
3254 scf_pg_destroy(pg);
3255 startd_free(restarter_fmri, max_scf_value_size);
3256 return (err);
3257
3258 default:
3259 bad_error("libscf_instance_get_fmri", err);
3260 }
3261
3262 idata.i_state = RESTARTER_STATE_NONE;
3263 idata.i_next_state = RESTARTER_STATE_NONE;
3264
3265 init_state:
3266 switch (err = _restarter_commit_states(h, &idata,
3267 RESTARTER_STATE_UNINIT, RESTARTER_STATE_NONE,
3268 restarter_get_str_short(restarter_str_insert_in_graph))) {
3269 case 0:
3270 break;
3271
3272 case ENOMEM:
3273 ++count;
3274 if (count < ALLOC_RETRY) {
3275 (void) poll(NULL, 0, msecs);
3276 msecs *= ALLOC_DELAY_MULT;
3277 goto init_state;
3278 }
3279
3280 uu_die("Insufficient memory.\n");
3281 /* NOTREACHED */
3282
3283 case ECONNABORTED:
3284 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3285 scf_pg_destroy(pg);
3286 startd_free(restarter_fmri, max_scf_value_size);
3287 return (ECONNABORTED);
3288
3289 case ENOENT:
3290 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3291 scf_pg_destroy(pg);
3292 startd_free(restarter_fmri, max_scf_value_size);
3293 return (ECANCELED);
3294
3295 case EPERM:
3296 case EACCES:
3297 case EROFS:
3298 log_error(LOG_NOTICE, "Could not initialize state for "
3299 "%s: %s.\n", idata.i_fmri, strerror(err));
3300 break;
3301
3302 case EINVAL:
3303 default:
3304 bad_error("_restarter_commit_states", err);
3305 }
3306
3307 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3308 }
3309
3310 scf_pg_destroy(pg);
3311
3312 if (milestone != NULL) {
3313 /*
3314 * Make sure the enable-override is set properly before we
3315 * read whether we should be enabled.
3316 */
3317 if (milestone == MILESTONE_NONE ||
3318 !(v->gv_flags & GV_INSUBGRAPH)) {
3319 /*
3320 * This might seem unjustified after the milestone
3321 * transition has completed (non_subgraph_svcs == 0),
3322 * but it's important because when we boot to
3323 * a milestone, we set the milestone before populating
3324 * the graph, and all of the new non-subgraph services
3325 * need to be disabled here.
3326 */
3327 switch (err = libscf_set_enable_ovr(inst, 0)) {
3328 case 0:
3329 break;
3330
3331 case ECONNABORTED:
3332 case ECANCELED:
3333 startd_free(restarter_fmri, max_scf_value_size);
3334 return (err);
3335
3336 case EROFS:
3337 log_error(LOG_WARNING,
3338 "Could not set %s/%s for %s: %s.\n",
3339 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
3340 v->gv_name, strerror(err));
3341 break;
3342
3343 case EPERM:
3344 uu_die("Permission denied.\n");
3345 /* NOTREACHED */
3346
3347 default:
3348 bad_error("libscf_set_enable_ovr", err);
3349 }
3350 } else {
3351 assert(v->gv_flags & GV_INSUBGRAPH);
3352 switch (err = libscf_delete_enable_ovr(inst)) {
3353 case 0:
3354 break;
3355
3356 case ECONNABORTED:
3357 case ECANCELED:
3358 startd_free(restarter_fmri, max_scf_value_size);
3359 return (err);
3360
3361 case EPERM:
3362 uu_die("Permission denied.\n");
3363 /* NOTREACHED */
3364
3365 default:
3366 bad_error("libscf_delete_enable_ovr", err);
3367 }
3368 }
3369 }
3370
3371 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled,
3372 &enabled_ovr, &restarter_fmri);
3373 switch (err) {
3374 case 0:
3375 break;
3376
3377 case ECONNABORTED:
3378 case ECANCELED:
3379 startd_free(restarter_fmri, max_scf_value_size);
3380 return (err);
3381
3382 case ENOENT:
3383 log_framework(LOG_DEBUG,
3384 "Ignoring %s because it has no general property group.\n",
3385 v->gv_name);
3386 startd_free(restarter_fmri, max_scf_value_size);
3387 return (0);
3388
3389 default:
3390 bad_error("libscf_get_basic_instance_data", err);
3391 }
3392
3393 if ((tset = libscf_get_stn_tset(inst)) == -1) {
3394 log_framework(LOG_WARNING,
3395 "Failed to get notification parameters for %s: %s\n",
3396 v->gv_name, scf_strerror(scf_error()));
3397 v->gv_stn_tset = 0;
3398 } else {
3399 v->gv_stn_tset = tset;
3400 }
3401 if (strcmp(v->gv_name, SCF_INSTANCE_GLOBAL) == 0)
3402 stn_global = v->gv_stn_tset;
3403
3404 if (enabled == -1) {
3405 startd_free(restarter_fmri, max_scf_value_size);
3406 return (0);
3407 }
3408
3409 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) |
3410 (enabled ? GV_ENBLD_NOOVR : 0);
3411
3412 if (enabled_ovr != -1)
3413 enabled = enabled_ovr;
3414
3415 v->gv_state = RESTARTER_STATE_UNINIT;
3416
3417 snap = libscf_get_or_make_running_snapshot(inst, v->gv_name, B_TRUE);
3418 scf_snapshot_destroy(snap);
3419
3420 /* Set up the restarter. (Sends _ADD_INSTANCE on success.) */
3421 err = graph_change_restarter(v, restarter_fmri, h, &path);
3422 if (err != 0) {
3423 instance_data_t idata;
3424 uint_t count = 0, msecs = ALLOC_DELAY;
3425 restarter_str_t reason;
3426
3427 if (err == ECONNABORTED) {
3428 startd_free(restarter_fmri, max_scf_value_size);
3429 return (err);
3430 }
3431
3432 assert(err == EINVAL || err == ELOOP);
3433
3434 if (err == EINVAL) {
3435 log_framework(LOG_ERR, emsg_invalid_restarter,
3436 v->gv_name, restarter_fmri);
3437 reason = restarter_str_invalid_restarter;
3438 } else {
3439 handle_cycle(v->gv_name, path);
3440 reason = restarter_str_dependency_cycle;
3441 }
3442
3443 startd_free(restarter_fmri, max_scf_value_size);
3444
3445 /*
3446 * We didn't register the instance with the restarter, so we
3447 * must set maintenance mode ourselves.
3448 */
3449 err = libscf_instance_get_fmri(inst, (char **)&idata.i_fmri);
3450 if (err != 0) {
3451 assert(err == ECONNABORTED || err == ECANCELED);
3452 return (err);
3453 }
3454
3455 idata.i_state = RESTARTER_STATE_NONE;
3456 idata.i_next_state = RESTARTER_STATE_NONE;
3457
3458 set_maint:
3459 switch (err = _restarter_commit_states(h, &idata,
3460 RESTARTER_STATE_MAINT, RESTARTER_STATE_NONE,
3461 restarter_get_str_short(reason))) {
3462 case 0:
3463 break;
3464
3465 case ENOMEM:
3466 ++count;
3467 if (count < ALLOC_RETRY) {
3468 (void) poll(NULL, 0, msecs);
3469 msecs *= ALLOC_DELAY_MULT;
3470 goto set_maint;
3471 }
3472
3473 uu_die("Insufficient memory.\n");
3474 /* NOTREACHED */
3475
3476 case ECONNABORTED:
3477 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3478 return (ECONNABORTED);
3479
3480 case ENOENT:
3481 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3482 return (ECANCELED);
3483
3484 case EPERM:
3485 case EACCES:
3486 case EROFS:
3487 log_error(LOG_NOTICE, "Could not initialize state for "
3488 "%s: %s.\n", idata.i_fmri, strerror(err));
3489 break;
3490
3491 case EINVAL:
3492 default:
3493 bad_error("_restarter_commit_states", err);
3494 }
3495
3496 startd_free((void *)idata.i_fmri, max_scf_fmri_size);
3497
3498 v->gv_state = RESTARTER_STATE_MAINT;
3499
3500 goto out;
3501 }
3502 startd_free(restarter_fmri, max_scf_value_size);
3503
3504 /* Add all the other dependencies. */
3505 err = refresh_vertex(v, inst);
3506 if (err != 0) {
3507 assert(err == ECONNABORTED);
3508 return (err);
3509 }
3510
3511 out:
3512 v->gv_flags |= GV_CONFIGURED;
3513
3514 graph_enable_by_vertex(v, enabled, 0);
3515
3516 return (0);
3517 }
3518
3519
3520 static void
3521 kill_user_procs(void)
3522 {
3523 (void) fputs("svc.startd: Killing user processes.\n", stdout);
3524
3525 /*
3526 * Despite its name, killall's role is to get select user processes--
3527 * basically those representing terminal-based logins-- to die. Victims
3528 * are located by killall in the utmp database. Since these are most
3529 * often shell based logins, and many shells mask SIGTERM (but are
3530 * responsive to SIGHUP) we first HUP and then shortly thereafter
3531 * kill -9.
3532 */
3533 (void) fork_with_timeout("/usr/sbin/killall HUP", 1, 5);
3534 (void) fork_with_timeout("/usr/sbin/killall KILL", 1, 5);
3535
3536 /*
3537 * Note the selection of user id's 0, 1 and 15, subsequently
3538 * inverted by -v. 15 is reserved for dladmd. Yes, this is a
3539 * kludge-- a better policy is needed.
3540 *
3541 * Note that fork_with_timeout will only wait out the 1 second
3542 * "grace time" if pkill actually returns 0. So if there are
3543 * no matches, this will run to completion much more quickly.
3544 */
3545 (void) fork_with_timeout("/usr/bin/pkill -TERM -v -u 0,1,15", 1, 5);
3546 (void) fork_with_timeout("/usr/bin/pkill -KILL -v -u 0,1,15", 1, 5);
3547 }
3548
3549 static void
3550 do_uadmin(void)
3551 {
3552 const char * const resetting = "/etc/svc/volatile/resetting";
3553 int fd;
3554 struct statvfs vfs;
3555 time_t now;
3556 struct tm nowtm;
3557 char down_buf[256], time_buf[256];
3558 uintptr_t mdep;
3559 #if defined(__x86)
3560 char *fbarg = NULL;
3561 #endif /* __x86 */
3562
3563 mdep = NULL;
3564 fd = creat(resetting, 0777);
3565 if (fd >= 0)
3566 startd_close(fd);
3567 else
3568 uu_warn("Could not create \"%s\"", resetting);
3569
3570 /* Kill dhcpagent if we're not using nfs for root */
3571 if ((statvfs("/", &vfs) == 0) &&
3572 (strncmp(vfs.f_basetype, "nfs", sizeof ("nfs") - 1) != 0))
3573 fork_with_timeout("/usr/bin/pkill -x -u 0 dhcpagent", 0, 5);
3574
3575 /*
3576 * Call sync(2) now, before we kill off user processes. This takes
3577 * advantage of the several seconds of pause we have before the
3578 * killalls are done. Time we can make good use of to get pages
3579 * moving out to disk.
3580 *
3581 * Inside non-global zones, we don't bother, and it's better not to
3582 * anyway, since sync(2) can have system-wide impact.
3583 */
3584 if (getzoneid() == 0)
3585 sync();
3586
3587 kill_user_procs();
3588
3589 /*
3590 * Note that this must come after the killing of user procs, since
3591 * killall relies on utmpx, and this command affects the contents of
3592 * said file.
3593 */
3594 if (access("/usr/lib/acct/closewtmp", X_OK) == 0)
3595 fork_with_timeout("/usr/lib/acct/closewtmp", 0, 5);
3596
3597 /*
3598 * For patches which may be installed as the system is shutting
3599 * down, we need to ensure, one more time, that the boot archive
3600 * really is up to date.
3601 */
3602 if (getzoneid() == 0 && access("/usr/sbin/bootadm", X_OK) == 0)
3603 fork_with_timeout("/usr/sbin/bootadm -ea update_all", 0, 3600);
3604
3605 /*
3606 * Right now, fast reboot is supported only on i386.
3607 * scf_is_fastboot_default() should take care of it.
3608 * If somehow we got there on unsupported platform -
3609 * print warning and fall back to regular reboot.
3610 */
3611 if (halting == AD_FASTREBOOT) {
3612 #if defined(__x86)
3613 if (be_get_boot_args(&fbarg, BE_ENTRY_DEFAULT) == 0) {
3614 mdep = (uintptr_t)fbarg;
3615 } else {
3616 /*
3617 * Failed to read BE info, fall back to normal reboot
3618 */
3619 halting = AD_BOOT;
3620 uu_warn("Failed to get fast reboot arguments.\n"
3621 "Falling back to regular reboot.\n");
3622 }
3623 #else /* __x86 */
3624 halting = AD_BOOT;
3625 uu_warn("Fast reboot configured, but not supported by "
3626 "this ISA\n");
3627 #endif /* __x86 */
3628 }
3629
3630 fork_with_timeout("/sbin/umountall -l", 0, 5);
3631 fork_with_timeout("/sbin/umount /tmp /var/adm /var/run /var "
3632 ">/dev/null 2>&1", 0, 5);
3633
3634 /*
3635 * Try to get to consistency for whatever UFS filesystems are left.
3636 * This is pretty expensive, so we save it for the end in the hopes of
3637 * minimizing what it must do. The other option would be to start in
3638 * parallel with the killall's, but lockfs tends to throw out much more
3639 * than is needed, and so subsequent commands (like umountall) take a
3640 * long time to get going again.
3641 *
3642 * Inside of zones, we don't bother, since we're not about to terminate
3643 * the whole OS instance.
3644 *
3645 * On systems using only ZFS, this call to lockfs -fa is a no-op.
3646 */
3647 if (getzoneid() == 0) {
3648 if (access("/usr/sbin/lockfs", X_OK) == 0)
3649 fork_with_timeout("/usr/sbin/lockfs -fa", 0, 30);
3650
3651 sync(); /* once more, with feeling */
3652 }
3653
3654 fork_with_timeout("/sbin/umount /usr >/dev/null 2>&1", 0, 5);
3655
3656 /*
3657 * Construct and emit the last words from userland:
3658 * "<timestamp> The system is down. Shutdown took <N> seconds."
3659 *
3660 * Normally we'd use syslog, but with /var and other things
3661 * potentially gone, try to minimize the external dependencies.
3662 */
3663 now = time(NULL);
3664 (void) localtime_r(&now, &nowtm);
3665
3666 if (strftime(down_buf, sizeof (down_buf),
3667 "%b %e %T The system is down.", &nowtm) == 0) {
3668 (void) strlcpy(down_buf, "The system is down.",
3669 sizeof (down_buf));
3670 }
3671
3672 if (halting_time != 0 && halting_time <= now) {
3673 (void) snprintf(time_buf, sizeof (time_buf),
3674 " Shutdown took %lu seconds.", now - halting_time);
3675 } else {
3676 time_buf[0] = '\0';
3677 }
3678 (void) printf("%s%s\n", down_buf, time_buf);
3679
3680 (void) uadmin(A_SHUTDOWN, halting, mdep);
3681 uu_warn("uadmin() failed");
3682
3683 #if defined(__x86)
3684 if (halting == AD_FASTREBOOT)
3685 free(fbarg);
3686 #endif /* __x86 */
3687
3688 if (remove(resetting) != 0 && errno != ENOENT)
3689 uu_warn("Could not remove \"%s\"", resetting);
3690 }
3691
3692 /*
3693 * If any of the up_svcs[] are online or satisfiable, return true. If they are
3694 * all missing, disabled, in maintenance, or unsatisfiable, return false.
3695 */
3696 boolean_t
3697 can_come_up(void)
3698 {
3699 int i;
3700
3701 assert(MUTEX_HELD(&dgraph_lock));
3702
3703 /*
3704 * If we are booting to single user (boot -s),
3705 * SCF_MILESTONE_SINGLE_USER is needed to come up because startd
3706 * spawns sulogin after single-user is online (see specials.c).
3707 */
3708 i = (booting_to_single_user ? 0 : 1);
3709
3710 for (; up_svcs[i] != NULL; ++i) {
3711 if (up_svcs_p[i] == NULL) {
3712 up_svcs_p[i] = vertex_get_by_name(up_svcs[i]);
3713
3714 if (up_svcs_p[i] == NULL)
3715 continue;
3716 }
3717
3718 /*
3719 * Ignore unconfigured services (the ones that have been
3720 * mentioned in a dependency from other services, but do
3721 * not exist in the repository). Services which exist
3722 * in the repository but don't have general/enabled
3723 * property will be also ignored.
3724 */
3725 if (!(up_svcs_p[i]->gv_flags & GV_CONFIGURED))
3726 continue;
3727
3728 switch (up_svcs_p[i]->gv_state) {
3729 case RESTARTER_STATE_ONLINE:
3730 case RESTARTER_STATE_DEGRADED:
3731 /*
3732 * Deactivate verbose boot once a login service has been
3733 * reached.
3734 */
3735 st->st_log_login_reached = 1;
3736 /*FALLTHROUGH*/
3737 case RESTARTER_STATE_UNINIT:
3738 return (B_TRUE);
3739
3740 case RESTARTER_STATE_OFFLINE:
3741 if (instance_satisfied(up_svcs_p[i], B_TRUE) != -1)
3742 return (B_TRUE);
3743 log_framework(LOG_DEBUG,
3744 "can_come_up(): %s is unsatisfiable.\n",
3745 up_svcs_p[i]->gv_name);
3746 continue;
3747
3748 case RESTARTER_STATE_DISABLED:
3749 case RESTARTER_STATE_MAINT:
3750 log_framework(LOG_DEBUG,
3751 "can_come_up(): %s is in state %s.\n",
3752 up_svcs_p[i]->gv_name,
3753 instance_state_str[up_svcs_p[i]->gv_state]);
3754 continue;
3755
3756 default:
3757 #ifndef NDEBUG
3758 uu_warn("%s:%d: Unexpected vertex state %d.\n",
3759 __FILE__, __LINE__, up_svcs_p[i]->gv_state);
3760 #endif
3761 abort();
3762 }
3763 }
3764
3765 /*
3766 * In the seed repository, console-login is unsatisfiable because
3767 * services are missing. To behave correctly in that case we don't want
3768 * to return false until manifest-import is online.
3769 */
3770
3771 if (manifest_import_p == NULL) {
3772 manifest_import_p = vertex_get_by_name(manifest_import);
3773
3774 if (manifest_import_p == NULL)
3775 return (B_FALSE);
3776 }
3777
3778 switch (manifest_import_p->gv_state) {
3779 case RESTARTER_STATE_ONLINE:
3780 case RESTARTER_STATE_DEGRADED:
3781 case RESTARTER_STATE_DISABLED:
3782 case RESTARTER_STATE_MAINT:
3783 break;
3784
3785 case RESTARTER_STATE_OFFLINE:
3786 if (instance_satisfied(manifest_import_p, B_TRUE) == -1)
3787 break;
3788 /* FALLTHROUGH */
3789
3790 case RESTARTER_STATE_UNINIT:
3791 return (B_TRUE);
3792 }
3793
3794 return (B_FALSE);
3795 }
3796
3797 /*
3798 * Runs sulogin. Returns
3799 * 0 - success
3800 * EALREADY - sulogin is already running
3801 * EBUSY - console-login is running
3802 */
3803 static int
3804 run_sulogin(const char *msg)
3805 {
3806 graph_vertex_t *v;
3807
3808 assert(MUTEX_HELD(&dgraph_lock));
3809
3810 if (sulogin_running)
3811 return (EALREADY);
3812
3813 v = vertex_get_by_name(console_login_fmri);
3814 if (v != NULL && inst_running(v))
3815 return (EBUSY);
3816
3817 sulogin_running = B_TRUE;
3818
3819 MUTEX_UNLOCK(&dgraph_lock);
3820
3821 fork_sulogin(B_FALSE, msg);
3822
3823 MUTEX_LOCK(&dgraph_lock);
3824
3825 sulogin_running = B_FALSE;
3826
3827 if (console_login_ready) {
3828 v = vertex_get_by_name(console_login_fmri);
3829
3830 if (v != NULL && v->gv_state == RESTARTER_STATE_OFFLINE) {
3831 if (v->gv_start_f == NULL)
3832 vertex_send_event(v,
3833 RESTARTER_EVENT_TYPE_START);
3834 else
3835 v->gv_start_f(v);
3836 }
3837
3838 console_login_ready = B_FALSE;
3839 }
3840
3841 return (0);
3842 }
3843
3844 /*
3845 * The sulogin thread runs sulogin while can_come_up() is false. run_sulogin()
3846 * keeps sulogin from stepping on console-login's toes.
3847 */
3848 /* ARGSUSED */
3849 static void *
3850 sulogin_thread(void *unused)
3851 {
3852 MUTEX_LOCK(&dgraph_lock);
3853
3854 assert(sulogin_thread_running);
3855
3856 do {
3857 (void) run_sulogin("Console login service(s) cannot run\n");
3858 } while (!can_come_up());
3859
3860 sulogin_thread_running = B_FALSE;
3861 MUTEX_UNLOCK(&dgraph_lock);
3862
3863 return (NULL);
3864 }
3865
3866 /* ARGSUSED */
3867 void *
3868 single_user_thread(void *unused)
3869 {
3870 uint_t left;
3871 scf_handle_t *h;
3872 scf_instance_t *inst;
3873 scf_property_t *prop;
3874 scf_value_t *val;
3875 const char *msg;
3876 char *buf;
3877 int r;
3878
3879 MUTEX_LOCK(&single_user_thread_lock);
3880 single_user_thread_count++;
3881
3882 if (!booting_to_single_user)
3883 kill_user_procs();
3884
3885 if (go_single_user_mode || booting_to_single_user) {
3886 msg = "SINGLE USER MODE\n";
3887 } else {
3888 assert(go_to_level1);
3889
3890 fork_rc_script('1', "start", B_TRUE);
3891
3892 uu_warn("The system is ready for administration.\n");
3893
3894 msg = "";
3895 }
3896
3897 MUTEX_UNLOCK(&single_user_thread_lock);
3898
3899 for (;;) {
3900 MUTEX_LOCK(&dgraph_lock);
3901 r = run_sulogin(msg);
3902 MUTEX_UNLOCK(&dgraph_lock);
3903 if (r == 0)
3904 break;
3905
3906 assert(r == EALREADY || r == EBUSY);
3907
3908 left = 3;
3909 while (left > 0)
3910 left = sleep(left);
3911 }
3912
3913 MUTEX_LOCK(&single_user_thread_lock);
3914
3915 /*
3916 * If another single user thread has started, let it finish changing
3917 * the run level.
3918 */
3919 if (single_user_thread_count > 1) {
3920 single_user_thread_count--;
3921 MUTEX_UNLOCK(&single_user_thread_lock);
3922 return (NULL);
3923 }
3924
3925 h = libscf_handle_create_bound_loop();
3926 inst = scf_instance_create(h);
3927 prop = safe_scf_property_create(h);
3928 val = safe_scf_value_create(h);
3929 buf = startd_alloc(max_scf_fmri_size);
3930
3931 lookup:
3932 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst,
3933 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
3934 switch (scf_error()) {
3935 case SCF_ERROR_NOT_FOUND:
3936 r = libscf_create_self(h);
3937 if (r == 0)
3938 goto lookup;
3939 assert(r == ECONNABORTED);
3940 /* FALLTHROUGH */
3941
3942 case SCF_ERROR_CONNECTION_BROKEN:
3943 libscf_handle_rebind(h);
3944 goto lookup;
3945
3946 case SCF_ERROR_INVALID_ARGUMENT:
3947 case SCF_ERROR_CONSTRAINT_VIOLATED:
3948 case SCF_ERROR_NOT_BOUND:
3949 case SCF_ERROR_HANDLE_MISMATCH:
3950 default:
3951 bad_error("scf_handle_decode_fmri", scf_error());
3952 }
3953 }
3954
3955 MUTEX_LOCK(&dgraph_lock);
3956
3957 r = scf_instance_delete_prop(inst, SCF_PG_OPTIONS_OVR,
3958 SCF_PROPERTY_MILESTONE);
3959 switch (r) {
3960 case 0:
3961 case ECANCELED:
3962 break;
3963
3964 case ECONNABORTED:
3965 MUTEX_UNLOCK(&dgraph_lock);
3966 libscf_handle_rebind(h);
3967 goto lookup;
3968
3969 case EPERM:
3970 case EACCES:
3971 case EROFS:
3972 log_error(LOG_WARNING, "Could not clear temporary milestone: "
3973 "%s.\n", strerror(r));
3974 break;
3975
3976 default:
3977 bad_error("scf_instance_delete_prop", r);
3978 }
3979
3980 MUTEX_UNLOCK(&dgraph_lock);
3981
3982 r = libscf_get_milestone(inst, prop, val, buf, max_scf_fmri_size);
3983 switch (r) {
3984 case ECANCELED:
3985 case ENOENT:
3986 case EINVAL:
3987 (void) strcpy(buf, "all");
3988 /* FALLTHROUGH */
3989
3990 case 0:
3991 uu_warn("Returning to milestone %s.\n", buf);
3992 break;
3993
3994 case ECONNABORTED:
3995 libscf_handle_rebind(h);
3996 goto lookup;
3997
3998 default:
3999 bad_error("libscf_get_milestone", r);
4000 }
4001
4002 r = dgraph_set_milestone(buf, h, B_FALSE);
4003 switch (r) {
4004 case 0:
4005 case ECONNRESET:
4006 case EALREADY:
4007 case EINVAL:
4008 case ENOENT:
4009 break;
4010
4011 default:
4012 bad_error("dgraph_set_milestone", r);
4013 }
4014
4015 /*
4016 * See graph_runlevel_changed().
4017 */
4018 MUTEX_LOCK(&dgraph_lock);
4019 utmpx_set_runlevel(target_milestone_as_runlevel(), 'S', B_TRUE);
4020 MUTEX_UNLOCK(&dgraph_lock);
4021
4022 startd_free(buf, max_scf_fmri_size);
4023 scf_value_destroy(val);
4024 scf_property_destroy(prop);
4025 scf_instance_destroy(inst);
4026 scf_handle_destroy(h);
4027
4028 /*
4029 * We'll give ourselves 3 seconds to respond to all of the enablings
4030 * that setting the milestone should have created before checking
4031 * whether to run sulogin.
4032 */
4033 left = 3;
4034 while (left > 0)
4035 left = sleep(left);
4036
4037 MUTEX_LOCK(&dgraph_lock);
4038 /*
4039 * Clearing these variables will allow the sulogin thread to run. We
4040 * check here in case there aren't any more state updates anytime soon.
4041 */
4042 go_to_level1 = go_single_user_mode = booting_to_single_user = B_FALSE;
4043 if (!sulogin_thread_running && !can_come_up()) {
4044 (void) startd_thread_create(sulogin_thread, NULL);
4045 sulogin_thread_running = B_TRUE;
4046 }
4047 MUTEX_UNLOCK(&dgraph_lock);
4048 single_user_thread_count--;
4049 MUTEX_UNLOCK(&single_user_thread_lock);
4050 return (NULL);
4051 }
4052
4053
4054 /*
4055 * Dependency graph operations API. These are handle-independent thread-safe
4056 * graph manipulation functions which are the entry points for the event
4057 * threads below.
4058 */
4059
4060 /*
4061 * If a configured vertex exists for inst_fmri, return EEXIST. If no vertex
4062 * exists for inst_fmri, add one. Then fetch the restarter from inst, make
4063 * this vertex dependent on it, and send _ADD_INSTANCE to the restarter.
4064 * Fetch whether the instance should be enabled from inst and send _ENABLE or
4065 * _DISABLE as appropriate. Finally rummage through inst's dependency
4066 * property groups and add vertices and edges as appropriate. If anything
4067 * goes wrong after sending _ADD_INSTANCE, send _ADMIN_MAINT_ON to put the
4068 * instance in maintenance. Don't send _START or _STOP until we get a state
4069 * update in case we're being restarted and the service is already running.
4070 *
4071 * To support booting to a milestone, we must also make sure all dependencies
4072 * encountered are configured, if they exist in the repository.
4073 *
4074 * Returns 0 on success, ECONNABORTED on repository disconnection, EINVAL if
4075 * inst_fmri is an invalid (or not canonical) FMRI, ECANCELED if inst is
4076 * deleted, or EEXIST if a configured vertex for inst_fmri already exists.
4077 */
4078 int
4079 dgraph_add_instance(const char *inst_fmri, scf_instance_t *inst,
4080 boolean_t lock_graph)
4081 {
4082 graph_vertex_t *v;
4083 int err;
4084
4085 if (strcmp(inst_fmri, SCF_SERVICE_STARTD) == 0)
4086 return (0);
4087
4088 /* Check for a vertex for inst_fmri. */
4089 if (lock_graph) {
4090 MUTEX_LOCK(&dgraph_lock);
4091 } else {
4092 assert(MUTEX_HELD(&dgraph_lock));
4093 }
4094
4095 v = vertex_get_by_name(inst_fmri);
4096
4097 if (v != NULL) {
4098 assert(v->gv_type == GVT_INST);
4099
4100 if (v->gv_flags & GV_CONFIGURED) {
4101 if (lock_graph)
4102 MUTEX_UNLOCK(&dgraph_lock);
4103 return (EEXIST);
4104 }
4105 } else {
4106 /* Add the vertex. */
4107 err = graph_insert_vertex_unconfigured(inst_fmri, GVT_INST, 0,
4108 RERR_NONE, &v);
4109 if (err != 0) {
4110 assert(err == EINVAL);
4111 if (lock_graph)
4112 MUTEX_UNLOCK(&dgraph_lock);
4113 return (EINVAL);
4114 }
4115 }
4116
4117 err = configure_vertex(v, inst);
4118
4119 if (lock_graph)
4120 MUTEX_UNLOCK(&dgraph_lock);
4121
4122 return (err);
4123 }
4124
4125 /*
4126 * Locate the vertex for this property group's instance. If it doesn't exist
4127 * or is unconfigured, call dgraph_add_instance() & return. Otherwise fetch
4128 * the restarter for the instance, and if it has changed, send
4129 * _REMOVE_INSTANCE to the old restarter, remove the dependency, make sure the
4130 * new restarter has a vertex, add a new dependency, and send _ADD_INSTANCE to
4131 * the new restarter. Then fetch whether the instance should be enabled, and
4132 * if it is different from what we had, or if we changed the restarter, send
4133 * the appropriate _ENABLE or _DISABLE command.
4134 *
4135 * Returns 0 on success, ENOTSUP if the pg's parent is not an instance,
4136 * ECONNABORTED on repository disconnection, ECANCELED if the instance is
4137 * deleted, or -1 if the instance's general property group is deleted or if
4138 * its enabled property is misconfigured.
4139 */
4140 static int
4141 dgraph_update_general(scf_propertygroup_t *pg)
4142 {
4143 scf_handle_t *h;
4144 scf_instance_t *inst;
4145 char *fmri;
4146 char *restarter_fmri;
4147 graph_vertex_t *v;
4148 int err;
4149 int enabled, enabled_ovr;
4150 int oldflags;
4151
4152 /* Find the vertex for this service */
4153 h = scf_pg_handle(pg);
4154
4155 inst = safe_scf_instance_create(h);
4156
4157 if (scf_pg_get_parent_instance(pg, inst) != 0) {
4158 switch (scf_error()) {
4159 case SCF_ERROR_CONSTRAINT_VIOLATED:
4160 return (ENOTSUP);
4161
4162 case SCF_ERROR_CONNECTION_BROKEN:
4163 default:
4164 return (ECONNABORTED);
4165
4166 case SCF_ERROR_DELETED:
4167 return (0);
4168
4169 case SCF_ERROR_NOT_SET:
4170 bad_error("scf_pg_get_parent_instance", scf_error());
4171 }
4172 }
4173
4174 err = libscf_instance_get_fmri(inst, &fmri);
4175 switch (err) {
4176 case 0:
4177 break;
4178
4179 case ECONNABORTED:
4180 scf_instance_destroy(inst);
4181 return (ECONNABORTED);
4182
4183 case ECANCELED:
4184 scf_instance_destroy(inst);
4185 return (0);
4186
4187 default:
4188 bad_error("libscf_instance_get_fmri", err);
4189 }
4190
4191 log_framework(LOG_DEBUG,
4192 "Graph engine: Reloading general properties for %s.\n", fmri);
4193
4194 MUTEX_LOCK(&dgraph_lock);
4195
4196 v = vertex_get_by_name(fmri);
4197 if (v == NULL || !(v->gv_flags & GV_CONFIGURED)) {
4198 /* Will get the up-to-date properties. */
4199 MUTEX_UNLOCK(&dgraph_lock);
4200 err = dgraph_add_instance(fmri, inst, B_TRUE);
4201 startd_free(fmri, max_scf_fmri_size);
4202 scf_instance_destroy(inst);
4203 return (err == ECANCELED ? 0 : err);
4204 }
4205
4206 /* Read enabled & restarter from repository. */
4207 restarter_fmri = startd_alloc(max_scf_value_size);
4208 err = libscf_get_basic_instance_data(h, inst, v->gv_name, &enabled,
4209 &enabled_ovr, &restarter_fmri);
4210 if (err != 0 || enabled == -1) {
4211 MUTEX_UNLOCK(&dgraph_lock);
4212 scf_instance_destroy(inst);
4213 startd_free(fmri, max_scf_fmri_size);
4214
4215 switch (err) {
4216 case ENOENT:
4217 case 0:
4218 startd_free(restarter_fmri, max_scf_value_size);
4219 return (-1);
4220
4221 case ECONNABORTED:
4222 case ECANCELED:
4223 startd_free(restarter_fmri, max_scf_value_size);
4224 return (err);
4225
4226 default:
4227 bad_error("libscf_get_basic_instance_data", err);
4228 }
4229 }
4230
4231 oldflags = v->gv_flags;
4232 v->gv_flags = (v->gv_flags & ~GV_ENBLD_NOOVR) |
4233 (enabled ? GV_ENBLD_NOOVR : 0);
4234
4235 if (enabled_ovr != -1)
4236 enabled = enabled_ovr;
4237
4238 /*
4239 * If GV_ENBLD_NOOVR has changed, then we need to re-evaluate the
4240 * subgraph.
4241 */
4242 if (milestone > MILESTONE_NONE && v->gv_flags != oldflags)
4243 (void) eval_subgraph(v, h);
4244
4245 scf_instance_destroy(inst);
4246
4247 /* Ignore restarter change for now. */
4248
4249 startd_free(restarter_fmri, max_scf_value_size);
4250 startd_free(fmri, max_scf_fmri_size);
4251
4252 /*
4253 * Always send _ENABLE or _DISABLE. We could avoid this if the
4254 * restarter didn't change and the enabled value didn't change, but
4255 * that's not easy to check and improbable anyway, so we'll just do
4256 * this.
4257 */
4258 graph_enable_by_vertex(v, enabled, 1);
4259
4260 MUTEX_UNLOCK(&dgraph_lock);
4261
4262 return (0);
4263 }
4264
4265 /*
4266 * Delete all of the property group dependencies of v, update inst's running
4267 * snapshot, and add the dependencies in the new snapshot. If any of the new
4268 * dependencies would create a cycle, send _ADMIN_MAINT_ON. Otherwise
4269 * reevaluate v's dependencies, send _START or _STOP as appropriate, and do
4270 * the same for v's dependents.
4271 *
4272 * Returns
4273 * 0 - success
4274 * ECONNABORTED - repository connection broken
4275 * ECANCELED - inst was deleted
4276 * EINVAL - inst is invalid (e.g., missing general/enabled)
4277 * -1 - libscf_snapshots_refresh() failed
4278 */
4279 static int
4280 dgraph_refresh_instance(graph_vertex_t *v, scf_instance_t *inst)
4281 {
4282 int r;
4283 int enabled;
4284 int32_t tset;
4285
4286 assert(MUTEX_HELD(&dgraph_lock));
4287 assert(v->gv_type == GVT_INST);
4288
4289 /* Only refresh services with valid general/enabled properties. */
4290 r = libscf_get_basic_instance_data(scf_instance_handle(inst), inst,
4291 v->gv_name, &enabled, NULL, NULL);
4292 switch (r) {
4293 case 0:
4294 break;
4295
4296 case ECONNABORTED:
4297 case ECANCELED:
4298 return (r);
4299
4300 case ENOENT:
4301 log_framework(LOG_DEBUG,
4302 "Ignoring %s because it has no general property group.\n",
4303 v->gv_name);
4304 return (EINVAL);
4305
4306 default:
4307 bad_error("libscf_get_basic_instance_data", r);
4308 }
4309
4310 if ((tset = libscf_get_stn_tset(inst)) == -1) {
4311 log_framework(LOG_WARNING,
4312 "Failed to get notification parameters for %s: %s\n",
4313 v->gv_name, scf_strerror(scf_error()));
4314 tset = 0;
4315 }
4316 v->gv_stn_tset = tset;
4317 if (strcmp(v->gv_name, SCF_INSTANCE_GLOBAL) == 0)
4318 stn_global = tset;
4319
4320 if (enabled == -1)
4321 return (EINVAL);
4322
4323 r = libscf_snapshots_refresh(inst, v->gv_name);
4324 if (r != 0) {
4325 if (r != -1)
4326 bad_error("libscf_snapshots_refresh", r);
4327
4328 /* error logged */
4329 return (r);
4330 }
4331
4332 r = refresh_vertex(v, inst);
4333 if (r != 0 && r != ECONNABORTED)
4334 bad_error("refresh_vertex", r);
4335 return (r);
4336 }
4337
4338 /*
4339 * Returns true only if none of this service's dependents are 'up' -- online
4340 * or degraded (offline is considered down in this situation). This function
4341 * is somehow similar to is_nonsubgraph_leaf() but works on subtrees.
4342 */
4343 static boolean_t
4344 insubtree_dependents_down(graph_vertex_t *v)
4345 {
4346 graph_vertex_t *vv;
4347 graph_edge_t *e;
4348
4349 assert(MUTEX_HELD(&dgraph_lock));
4350
4351 for (e = uu_list_first(v->gv_dependents); e != NULL;
4352 e = uu_list_next(v->gv_dependents, e)) {
4353 vv = e->ge_vertex;
4354 if (vv->gv_type == GVT_INST) {
4355 if ((vv->gv_flags & GV_CONFIGURED) == 0)
4356 continue;
4357
4358 if ((vv->gv_flags & GV_TOOFFLINE) == 0)
4359 continue;
4360
4361 if ((vv->gv_state == RESTARTER_STATE_ONLINE) ||
4362 (vv->gv_state == RESTARTER_STATE_DEGRADED))
4363 return (B_FALSE);
4364 } else {
4365 /*
4366 * Skip all excluded dependents and decide whether
4367 * to offline the service based on the restart_on
4368 * attribute.
4369 */
4370 if (is_depgrp_bypassed(vv))
4371 continue;
4372
4373 /*
4374 * For dependency groups or service vertices, keep
4375 * traversing to see if instances are running.
4376 */
4377 if (insubtree_dependents_down(vv) == B_FALSE)
4378 return (B_FALSE);
4379 }
4380 }
4381
4382 return (B_TRUE);
4383 }
4384
4385 /*
4386 * Returns true only if none of this service's dependents are 'up' -- online,
4387 * degraded, or offline.
4388 */
4389 static int
4390 is_nonsubgraph_leaf(graph_vertex_t *v)
4391 {
4392 graph_vertex_t *vv;
4393 graph_edge_t *e;
4394
4395 assert(MUTEX_HELD(&dgraph_lock));
4396
4397 for (e = uu_list_first(v->gv_dependents);
4398 e != NULL;
4399 e = uu_list_next(v->gv_dependents, e)) {
4400
4401 vv = e->ge_vertex;
4402 if (vv->gv_type == GVT_INST) {
4403 if ((vv->gv_flags & GV_CONFIGURED) == 0)
4404 continue;
4405
4406 if (vv->gv_flags & GV_INSUBGRAPH)
4407 continue;
4408
4409 if (up_state(vv->gv_state))
4410 return (0);
4411 } else {
4412 /*
4413 * For dependency group or service vertices, keep
4414 * traversing to see if instances are running.
4415 *
4416 * We should skip exclude_all dependencies otherwise
4417 * the vertex will never be considered as a leaf
4418 * if the dependent is offline. The main reason for
4419 * this is that disable_nonsubgraph_leaves() skips
4420 * exclusion dependencies.
4421 */
4422 if (vv->gv_type == GVT_GROUP &&
4423 vv->gv_depgroup == DEPGRP_EXCLUDE_ALL)
4424 continue;
4425
4426 if (!is_nonsubgraph_leaf(vv))
4427 return (0);
4428 }
4429 }
4430
4431 return (1);
4432 }
4433
4434 /*
4435 * Disable v temporarily. Attempt to do this by setting its enabled override
4436 * property in the repository. If that fails, send a _DISABLE command.
4437 * Returns 0 on success and ECONNABORTED if the repository connection is
4438 * broken.
4439 */
4440 static int
4441 disable_service_temporarily(graph_vertex_t *v, scf_handle_t *h)
4442 {
4443 const char * const emsg = "Could not temporarily disable %s because "
4444 "%s. Will stop service anyways. Repository status for the "
4445 "service may be inaccurate.\n";
4446 const char * const emsg_cbroken =
4447 "the repository connection was broken";
4448
4449 scf_instance_t *inst;
4450 int r;
4451
4452 inst = scf_instance_create(h);
4453 if (inst == NULL) {
4454 char buf[100];
4455
4456 (void) snprintf(buf, sizeof (buf),
4457 "scf_instance_create() failed (%s)",
4458 scf_strerror(scf_error()));
4459 log_error(LOG_WARNING, emsg, v->gv_name, buf);
4460
4461 graph_enable_by_vertex(v, 0, 0);
4462 return (0);
4463 }
4464
4465 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst,
4466 NULL, NULL, SCF_DECODE_FMRI_EXACT);
4467 if (r != 0) {
4468 switch (scf_error()) {
4469 case SCF_ERROR_CONNECTION_BROKEN:
4470 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken);
4471 graph_enable_by_vertex(v, 0, 0);
4472 return (ECONNABORTED);
4473
4474 case SCF_ERROR_NOT_FOUND:
4475 return (0);
4476
4477 case SCF_ERROR_HANDLE_MISMATCH:
4478 case SCF_ERROR_INVALID_ARGUMENT:
4479 case SCF_ERROR_CONSTRAINT_VIOLATED:
4480 case SCF_ERROR_NOT_BOUND:
4481 default:
4482 bad_error("scf_handle_decode_fmri",
4483 scf_error());
4484 }
4485 }
4486
4487 r = libscf_set_enable_ovr(inst, 0);
4488 switch (r) {
4489 case 0:
4490 scf_instance_destroy(inst);
4491 return (0);
4492
4493 case ECANCELED:
4494 scf_instance_destroy(inst);
4495 return (0);
4496
4497 case ECONNABORTED:
4498 log_error(LOG_WARNING, emsg, v->gv_name, emsg_cbroken);
4499 graph_enable_by_vertex(v, 0, 0);
4500 return (ECONNABORTED);
4501
4502 case EPERM:
4503 log_error(LOG_WARNING, emsg, v->gv_name,
4504 "the repository denied permission");
4505 graph_enable_by_vertex(v, 0, 0);
4506 return (0);
4507
4508 case EROFS:
4509 log_error(LOG_WARNING, emsg, v->gv_name,
4510 "the repository is read-only");
4511 graph_enable_by_vertex(v, 0, 0);
4512 return (0);
4513
4514 default:
4515 bad_error("libscf_set_enable_ovr", r);
4516 /* NOTREACHED */
4517 }
4518 }
4519
4520 /*
4521 * Of the transitive instance dependencies of v, offline those which are
4522 * in the subtree and which are leaves (i.e., have no dependents which are
4523 * "up").
4524 */
4525 void
4526 offline_subtree_leaves(graph_vertex_t *v, void *arg)
4527 {
4528 assert(MUTEX_HELD(&dgraph_lock));
4529
4530 /* If v isn't an instance, recurse on its dependencies. */
4531 if (v->gv_type != GVT_INST) {
4532 graph_walk_dependencies(v, offline_subtree_leaves, arg);
4533 return;
4534 }
4535
4536 /*
4537 * If v is not in the subtree, so should all of its dependencies,
4538 * so do nothing.
4539 */
4540 if ((v->gv_flags & GV_TOOFFLINE) == 0)
4541 return;
4542
4543 /* If v isn't a leaf because it's already down, recurse. */
4544 if (!up_state(v->gv_state)) {
4545 graph_walk_dependencies(v, offline_subtree_leaves, arg);
4546 return;
4547 }
4548
4549 /* if v is a leaf, offline it or disable it if it's the last one */
4550 if (insubtree_dependents_down(v) == B_TRUE) {
4551 if (v->gv_flags & GV_TODISABLE)
4552 vertex_send_event(v,
4553 RESTARTER_EVENT_TYPE_ADMIN_DISABLE);
4554 else
4555 offline_vertex(v);
4556 }
4557 }
4558
4559 void
4560 graph_offline_subtree_leaves(graph_vertex_t *v, void *h)
4561 {
4562 graph_walk_dependencies(v, offline_subtree_leaves, (void *)h);
4563 }
4564
4565
4566 /*
4567 * Of the transitive instance dependencies of v, disable those which are not
4568 * in the subgraph and which are leaves (i.e., have no dependents which are
4569 * "up").
4570 */
4571 static void
4572 disable_nonsubgraph_leaves(graph_vertex_t *v, void *arg)
4573 {
4574 assert(MUTEX_HELD(&dgraph_lock));
4575
4576 /*
4577 * We must skip exclusion dependencies because they are allowed to
4578 * complete dependency cycles. This is correct because A's exclusion
4579 * dependency on B doesn't bear on the order in which they should be
4580 * stopped. Indeed, the exclusion dependency should guarantee that
4581 * they are never online at the same time.
4582 */
4583 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
4584 return;
4585
4586 /* If v isn't an instance, recurse on its dependencies. */
4587 if (v->gv_type != GVT_INST)
4588 goto recurse;
4589
4590 if ((v->gv_flags & GV_CONFIGURED) == 0)
4591 /*
4592 * Unconfigured instances should have no dependencies, but in
4593 * case they ever get them,
4594 */
4595 goto recurse;
4596
4597 /*
4598 * If v is in the subgraph, so should all of its dependencies, so do
4599 * nothing.
4600 */
4601 if (v->gv_flags & GV_INSUBGRAPH)
4602 return;
4603
4604 /* If v isn't a leaf because it's already down, recurse. */
4605 if (!up_state(v->gv_state))
4606 goto recurse;
4607
4608 /* If v is disabled but not down yet, be patient. */
4609 if ((v->gv_flags & GV_ENABLED) == 0)
4610 return;
4611
4612 /* If v is a leaf, disable it. */
4613 if (is_nonsubgraph_leaf(v))
4614 (void) disable_service_temporarily(v, (scf_handle_t *)arg);
4615
4616 return;
4617
4618 recurse:
4619 graph_walk_dependencies(v, disable_nonsubgraph_leaves, arg);
4620 }
4621
4622 static int
4623 stn_restarter_state(restarter_instance_state_t rstate)
4624 {
4625 static const struct statemap {
4626 restarter_instance_state_t restarter_state;
4627 int scf_state;
4628 } map[] = {
4629 { RESTARTER_STATE_UNINIT, SCF_STATE_UNINIT },
4630 { RESTARTER_STATE_MAINT, SCF_STATE_MAINT },
4631 { RESTARTER_STATE_OFFLINE, SCF_STATE_OFFLINE },
4632 { RESTARTER_STATE_DISABLED, SCF_STATE_DISABLED },
4633 { RESTARTER_STATE_ONLINE, SCF_STATE_ONLINE },
4634 { RESTARTER_STATE_DEGRADED, SCF_STATE_DEGRADED }
4635 };
4636
4637 int i;
4638
4639 for (i = 0; i < sizeof (map) / sizeof (map[0]); i++) {
4640 if (rstate == map[i].restarter_state)
4641 return (map[i].scf_state);
4642 }
4643
4644 return (-1);
4645 }
4646
4647 /*
4648 * State transition counters
4649 * Not incremented atomically - indicative only
4650 */
4651 static uint64_t stev_ct_maint;
4652 static uint64_t stev_ct_hwerr;
4653 static uint64_t stev_ct_service;
4654 static uint64_t stev_ct_global;
4655 static uint64_t stev_ct_noprefs;
4656 static uint64_t stev_ct_from_uninit;
4657 static uint64_t stev_ct_bad_state;
4658 static uint64_t stev_ct_ovr_prefs;
4659
4660 static void
4661 dgraph_state_transition_notify(graph_vertex_t *v,
4662 restarter_instance_state_t old_state, restarter_str_t reason)
4663 {
4664 restarter_instance_state_t new_state = v->gv_state;
4665 int stn_transition, maint;
4666 int from, to;
4667 nvlist_t *attr;
4668 fmev_pri_t pri = FMEV_LOPRI;
4669 int raise = 0;
4670
4671 if ((from = stn_restarter_state(old_state)) == -1 ||
4672 (to = stn_restarter_state(new_state)) == -1) {
4673 stev_ct_bad_state++;
4674 return;
4675 }
4676
4677 stn_transition = from << 16 | to;
4678
4679 maint = (to == SCF_STATE_MAINT || from == SCF_STATE_MAINT);
4680
4681 if (maint) {
4682 /*
4683 * All transitions to/from maintenance state must raise
4684 * an event.
4685 */
4686 raise++;
4687 pri = FMEV_HIPRI;
4688 stev_ct_maint++;
4689 } else if (reason == restarter_str_ct_ev_hwerr) {
4690 /*
4691 * All transitions caused by hardware fault must raise
4692 * an event
4693 */
4694 raise++;
4695 pri = FMEV_HIPRI;
4696 stev_ct_hwerr++;
4697 } else if (stn_transition & v->gv_stn_tset) {
4698 /*
4699 * Specifically enabled event.
4700 */
4701 raise++;
4702 stev_ct_service++;
4703 } else if (from == SCF_STATE_UNINIT) {
4704 /*
4705 * Only raise these if specifically selected above.
4706 */
4707 stev_ct_from_uninit++;
4708 } else if (stn_transition & stn_global &&
4709 (IS_ENABLED(v) == 1 || to == SCF_STATE_DISABLED)) {
4710 raise++;
4711 stev_ct_global++;
4712 } else {
4713 stev_ct_noprefs++;
4714 }
4715
4716 if (info_events_all) {
4717 stev_ct_ovr_prefs++;
4718 raise++;
4719 }
4720 if (!raise)
4721 return;
4722
4723 if (nvlist_alloc(&attr, NV_UNIQUE_NAME, 0) != 0 ||
4724 nvlist_add_string(attr, "fmri", v->gv_name) != 0 ||
4725 nvlist_add_uint32(attr, "reason-version",
4726 restarter_str_version()) || nvlist_add_string(attr, "reason-short",
4727 restarter_get_str_short(reason)) != 0 ||
4728 nvlist_add_string(attr, "reason-long",
4729 restarter_get_str_long(reason)) != 0 ||
4730 nvlist_add_int32(attr, "transition", stn_transition) != 0) {
4731 log_framework(LOG_WARNING,
4732 "FMEV: %s could not create nvlist for transition "
4733 "event: %s\n", v->gv_name, strerror(errno));
4734 nvlist_free(attr);
4735 return;
4736 }
4737
4738 if (fmev_rspublish_nvl(FMEV_RULESET_SMF, "state-transition",
4739 instance_state_str[new_state], pri, attr) != FMEV_SUCCESS) {
4740 log_framework(LOG_DEBUG,
4741 "FMEV: %s failed to publish transition event: %s\n",
4742 v->gv_name, fmev_strerror(fmev_errno));
4743 nvlist_free(attr);
4744 }
4745 }
4746
4747 /*
4748 * Find the vertex for inst_name. If it doesn't exist, return ENOENT.
4749 * Otherwise set its state to state. If the instance has entered a state
4750 * which requires automatic action, take it (Uninitialized: do
4751 * dgraph_refresh_instance() without the snapshot update. Disabled: if the
4752 * instance should be enabled, send _ENABLE. Offline: if the instance should
4753 * be disabled, send _DISABLE, and if its dependencies are satisfied, send
4754 * _START. Online, Degraded: if the instance wasn't running, update its start
4755 * snapshot. Maintenance: no action.)
4756 *
4757 * Also fails with ECONNABORTED, or EINVAL if state is invalid.
4758 */
4759 static int
4760 dgraph_set_instance_state(scf_handle_t *h, const char *inst_name,
4761 protocol_states_t *states)
4762 {
4763 graph_vertex_t *v;
4764 int err = 0;
4765 restarter_instance_state_t old_state;
4766 restarter_instance_state_t state = states->ps_state;
4767 restarter_error_t serr = states->ps_err;
4768
4769 MUTEX_LOCK(&dgraph_lock);
4770
4771 v = vertex_get_by_name(inst_name);
4772 if (v == NULL) {
4773 MUTEX_UNLOCK(&dgraph_lock);
4774 return (ENOENT);
4775 }
4776
4777 assert(v->gv_type == GVT_INST);
4778
4779 switch (state) {
4780 case RESTARTER_STATE_UNINIT:
4781 case RESTARTER_STATE_DISABLED:
4782 case RESTARTER_STATE_OFFLINE:
4783 case RESTARTER_STATE_ONLINE:
4784 case RESTARTER_STATE_DEGRADED:
4785 case RESTARTER_STATE_MAINT:
4786 break;
4787
4788 default:
4789 MUTEX_UNLOCK(&dgraph_lock);
4790 return (EINVAL);
4791 }
4792
4793 log_framework(LOG_DEBUG, "Graph noting %s %s -> %s.\n", v->gv_name,
4794 instance_state_str[v->gv_state], instance_state_str[state]);
4795
4796 old_state = v->gv_state;
4797 v->gv_state = state;
4798
4799 v->gv_reason = states->ps_reason;
4800 err = gt_transition(h, v, serr, old_state);
4801 if (err == 0 && v->gv_state != old_state) {
4802 dgraph_state_transition_notify(v, old_state, states->ps_reason);
4803 }
4804
4805 MUTEX_UNLOCK(&dgraph_lock);
4806 return (err);
4807 }
4808
4809 /*
4810 * Handle state changes during milestone shutdown. See
4811 * dgraph_set_milestone(). If the repository connection is broken,
4812 * ECONNABORTED will be returned, though a _DISABLE command will be sent for
4813 * the vertex anyway.
4814 */
4815 int
4816 vertex_subgraph_dependencies_shutdown(scf_handle_t *h, graph_vertex_t *v,
4817 restarter_instance_state_t old_state)
4818 {
4819 int was_up, now_up;
4820 int ret = 0;
4821
4822 assert(v->gv_type == GVT_INST);
4823
4824 /* Don't care if we're not going to a milestone. */
4825 if (milestone == NULL)
4826 return (0);
4827
4828 /* Don't care if we already finished coming down. */
4829 if (non_subgraph_svcs == 0)
4830 return (0);
4831
4832 /* Don't care if the service is in the subgraph. */
4833 if (v->gv_flags & GV_INSUBGRAPH)
4834 return (0);
4835
4836 /*
4837 * Update non_subgraph_svcs. It is the number of non-subgraph
4838 * services which are in online, degraded, or offline.
4839 */
4840
4841 was_up = up_state(old_state);
4842 now_up = up_state(v->gv_state);
4843
4844 if (!was_up && now_up) {
4845 ++non_subgraph_svcs;
4846 } else if (was_up && !now_up) {
4847 --non_subgraph_svcs;
4848
4849 if (non_subgraph_svcs == 0) {
4850 if (halting != -1) {
4851 do_uadmin();
4852 } else if (go_single_user_mode || go_to_level1) {
4853 (void) startd_thread_create(single_user_thread,
4854 NULL);
4855 }
4856 return (0);
4857 }
4858 }
4859
4860 /* If this service is a leaf, it should be disabled. */
4861 if ((v->gv_flags & GV_ENABLED) && is_nonsubgraph_leaf(v)) {
4862 int r;
4863
4864 r = disable_service_temporarily(v, h);
4865 switch (r) {
4866 case 0:
4867 break;
4868
4869 case ECONNABORTED:
4870 ret = ECONNABORTED;
4871 break;
4872
4873 default:
4874 bad_error("disable_service_temporarily", r);
4875 }
4876 }
4877
4878 /*
4879 * If the service just came down, propagate the disable to the newly
4880 * exposed leaves.
4881 */
4882 if (was_up && !now_up)
4883 graph_walk_dependencies(v, disable_nonsubgraph_leaves,
4884 (void *)h);
4885
4886 return (ret);
4887 }
4888
4889 /*
4890 * Decide whether to start up an sulogin thread after a service is
4891 * finished changing state. Only need to do the full can_come_up()
4892 * evaluation if an instance is changing state, we're not halfway through
4893 * loading the thread, and we aren't shutting down or going to the single
4894 * user milestone.
4895 */
4896 void
4897 graph_transition_sulogin(restarter_instance_state_t state,
4898 restarter_instance_state_t old_state)
4899 {
4900 assert(MUTEX_HELD(&dgraph_lock));
4901
4902 if (state != old_state && st->st_load_complete &&
4903 !go_single_user_mode && !go_to_level1 &&
4904 halting == -1) {
4905 if (!sulogin_thread_running && !can_come_up()) {
4906 (void) startd_thread_create(sulogin_thread, NULL);
4907 sulogin_thread_running = B_TRUE;
4908 }
4909 }
4910 }
4911
4912 /*
4913 * Propagate a start, stop event, or a satisfiability event.
4914 *
4915 * PROPAGATE_START and PROPAGATE_STOP simply propagate the transition event
4916 * to direct dependents. PROPAGATE_SAT propagates a start then walks the
4917 * full dependent graph to check for newly satisfied nodes. This is
4918 * necessary for cases when non-direct dependents may be effected but direct
4919 * dependents may not (e.g. for optional_all evaluations, see the
4920 * propagate_satbility() comments).
4921 *
4922 * PROPAGATE_SAT should be used whenever a non-running service moves into
4923 * a state which can satisfy optional dependencies, like disabled or
4924 * maintenance.
4925 */
4926 void
4927 graph_transition_propagate(graph_vertex_t *v, propagate_event_t type,
4928 restarter_error_t rerr)
4929 {
4930 if (type == PROPAGATE_STOP) {
4931 graph_walk_dependents(v, propagate_stop, (void *)rerr);
4932 } else if (type == PROPAGATE_START || type == PROPAGATE_SAT) {
4933 graph_walk_dependents(v, propagate_start, (void *)RERR_NONE);
4934
4935 if (type == PROPAGATE_SAT)
4936 propagate_satbility(v);
4937 } else {
4938 #ifndef NDEBUG
4939 uu_warn("%s:%d: Unexpected type value %d.\n", __FILE__,
4940 __LINE__, type);
4941 #endif
4942 abort();
4943 }
4944 }
4945
4946 /*
4947 * If a vertex for fmri exists and it is enabled, send _DISABLE to the
4948 * restarter. If it is running, send _STOP. Send _REMOVE_INSTANCE. Delete
4949 * all property group dependencies, and the dependency on the restarter,
4950 * disposing of vertices as appropriate. If other vertices depend on this
4951 * one, mark it unconfigured and return. Otherwise remove the vertex. Always
4952 * returns 0.
4953 */
4954 static int
4955 dgraph_remove_instance(const char *fmri, scf_handle_t *h)
4956 {
4957 graph_vertex_t *v;
4958 graph_edge_t *e;
4959 uu_list_t *old_deps;
4960 int err;
4961
4962 log_framework(LOG_DEBUG, "Graph engine: Removing %s.\n", fmri);
4963
4964 MUTEX_LOCK(&dgraph_lock);
4965
4966 v = vertex_get_by_name(fmri);
4967 if (v == NULL) {
4968 MUTEX_UNLOCK(&dgraph_lock);
4969 return (0);
4970 }
4971
4972 /* Send restarter delete event. */
4973 if (v->gv_flags & GV_CONFIGURED)
4974 graph_unset_restarter(v);
4975
4976 if (milestone > MILESTONE_NONE) {
4977 /*
4978 * Make a list of v's current dependencies so we can
4979 * reevaluate their GV_INSUBGRAPH flags after the dependencies
4980 * are removed.
4981 */
4982 old_deps = startd_list_create(graph_edge_pool, NULL, 0);
4983
4984 err = uu_list_walk(v->gv_dependencies,
4985 (uu_walk_fn_t *)append_svcs_or_insts, old_deps, 0);
4986 assert(err == 0);
4987 }
4988
4989 delete_instance_dependencies(v, B_TRUE);
4990
4991 /*
4992 * Deleting an instance can both satisfy and unsatisfy dependencies,
4993 * depending on their type. First propagate the stop as a RERR_RESTART
4994 * event -- deletion isn't a fault, just a normal stop. This gives
4995 * dependent services the chance to do a clean shutdown. Then, mark
4996 * the service as unconfigured and propagate the start event for the
4997 * optional_all dependencies that might have become satisfied.
4998 */
4999 graph_walk_dependents(v, propagate_stop, (void *)RERR_RESTART);
5000
5001 v->gv_flags &= ~GV_CONFIGURED;
5002 v->gv_flags &= ~GV_DEATHROW;
5003
5004 graph_walk_dependents(v, propagate_start, (void *)RERR_NONE);
5005 propagate_satbility(v);
5006
5007 /*
5008 * If there are no (non-service) dependents, the vertex can be
5009 * completely removed.
5010 */
5011 if (v != milestone && v->gv_refs == 0 &&
5012 uu_list_numnodes(v->gv_dependents) == 1)
5013 remove_inst_vertex(v);
5014
5015 if (milestone > MILESTONE_NONE) {
5016 void *cookie = NULL;
5017
5018 while ((e = uu_list_teardown(old_deps, &cookie)) != NULL) {
5019 v = e->ge_vertex;
5020
5021 if (vertex_unref(v) == VERTEX_INUSE)
5022 while (eval_subgraph(v, h) == ECONNABORTED)
5023 libscf_handle_rebind(h);
5024
5025 startd_free(e, sizeof (*e));
5026 }
5027
5028 uu_list_destroy(old_deps);
5029 }
5030
5031 MUTEX_UNLOCK(&dgraph_lock);
5032
5033 return (0);
5034 }
5035
5036 /*
5037 * Return the eventual (maybe current) milestone in the form of a
5038 * legacy runlevel.
5039 */
5040 static char
5041 target_milestone_as_runlevel()
5042 {
5043 assert(MUTEX_HELD(&dgraph_lock));
5044
5045 if (milestone == NULL)
5046 return ('3');
5047 else if (milestone == MILESTONE_NONE)
5048 return ('0');
5049
5050 if (strcmp(milestone->gv_name, multi_user_fmri) == 0)
5051 return ('2');
5052 else if (strcmp(milestone->gv_name, single_user_fmri) == 0)
5053 return ('S');
5054 else if (strcmp(milestone->gv_name, multi_user_svr_fmri) == 0)
5055 return ('3');
5056
5057 #ifndef NDEBUG
5058 (void) fprintf(stderr, "%s:%d: Unknown milestone name \"%s\".\n",
5059 __FILE__, __LINE__, milestone->gv_name);
5060 #endif
5061 abort();
5062 /* NOTREACHED */
5063 }
5064
5065 static struct {
5066 char rl;
5067 int sig;
5068 } init_sigs[] = {
5069 { 'S', SIGBUS },
5070 { '0', SIGINT },
5071 { '1', SIGQUIT },
5072 { '2', SIGILL },
5073 { '3', SIGTRAP },
5074 { '4', SIGIOT },
5075 { '5', SIGEMT },
5076 { '6', SIGFPE },
5077 { 0, 0 }
5078 };
5079
5080 static void
5081 signal_init(char rl)
5082 {
5083 pid_t init_pid;
5084 int i;
5085
5086 assert(MUTEX_HELD(&dgraph_lock));
5087
5088 if (zone_getattr(getzoneid(), ZONE_ATTR_INITPID, &init_pid,
5089 sizeof (init_pid)) != sizeof (init_pid)) {
5090 log_error(LOG_NOTICE, "Could not get pid to signal init.\n");
5091 return;
5092 }
5093
5094 for (i = 0; init_sigs[i].rl != 0; ++i)
5095 if (init_sigs[i].rl == rl)
5096 break;
5097
5098 if (init_sigs[i].rl != 0) {
5099 if (kill(init_pid, init_sigs[i].sig) != 0) {
5100 switch (errno) {
5101 case EPERM:
5102 case ESRCH:
5103 log_error(LOG_NOTICE, "Could not signal init: "
5104 "%s.\n", strerror(errno));
5105 break;
5106
5107 case EINVAL:
5108 default:
5109 bad_error("kill", errno);
5110 }
5111 }
5112 }
5113 }
5114
5115 /*
5116 * This is called when one of the major milestones changes state, or when
5117 * init is signalled and tells us it was told to change runlevel. We wait
5118 * to reach the milestone because this allows /etc/inittab entries to retain
5119 * some boot ordering: historically, entries could place themselves before/after
5120 * the running of /sbin/rcX scripts but we can no longer make the
5121 * distinction because the /sbin/rcX scripts no longer exist as punctuation
5122 * marks in /etc/inittab.
5123 *
5124 * Also, we only trigger an update when we reach the eventual target
5125 * milestone: without this, an /etc/inittab entry marked only for
5126 * runlevel 2 would be executed for runlevel 3, which is not how
5127 * /etc/inittab entries work.
5128 *
5129 * If we're single user coming online, then we set utmpx to the target
5130 * runlevel so that legacy scripts can work as expected.
5131 */
5132 static void
5133 graph_runlevel_changed(char rl, int online)
5134 {
5135 char trl;
5136
5137 assert(MUTEX_HELD(&dgraph_lock));
5138
5139 trl = target_milestone_as_runlevel();
5140
5141 if (online) {
5142 if (rl == trl) {
5143 current_runlevel = trl;
5144 signal_init(trl);
5145 } else if (rl == 'S') {
5146 /*
5147 * At boot, set the entry early for the benefit of the
5148 * legacy init scripts.
5149 */
5150 utmpx_set_runlevel(trl, 'S', B_FALSE);
5151 }
5152 } else {
5153 if (rl == '3' && trl == '2') {
5154 current_runlevel = trl;
5155 signal_init(trl);
5156 } else if (rl == '2' && trl == 'S') {
5157 current_runlevel = trl;
5158 signal_init(trl);
5159 }
5160 }
5161 }
5162
5163 /*
5164 * Move to a backwards-compatible runlevel by executing the appropriate
5165 * /etc/rc?.d/K* scripts and/or setting the milestone.
5166 *
5167 * Returns
5168 * 0 - success
5169 * ECONNRESET - success, but handle was reset
5170 * ECONNABORTED - repository connection broken
5171 * ECANCELED - pg was deleted
5172 */
5173 static int
5174 dgraph_set_runlevel(scf_propertygroup_t *pg, scf_property_t *prop)
5175 {
5176 char rl;
5177 scf_handle_t *h;
5178 int r;
5179 const char *ms = NULL; /* what to commit as options/milestone */
5180 boolean_t rebound = B_FALSE;
5181 int mark_rl = 0;
5182
5183 const char * const stop = "stop";
5184
5185 r = libscf_extract_runlevel(prop, &rl);
5186 switch (r) {
5187 case 0:
5188 break;
5189
5190 case ECONNABORTED:
5191 case ECANCELED:
5192 return (r);
5193
5194 case EINVAL:
5195 case ENOENT:
5196 log_error(LOG_WARNING, "runlevel property is misconfigured; "
5197 "ignoring.\n");
5198 /* delete the bad property */
5199 goto nolock_out;
5200
5201 default:
5202 bad_error("libscf_extract_runlevel", r);
5203 }
5204
5205 switch (rl) {
5206 case 's':
5207 rl = 'S';
5208 /* FALLTHROUGH */
5209
5210 case 'S':
5211 case '2':
5212 case '3':
5213 /*
5214 * These cases cause a milestone change, so
5215 * graph_runlevel_changed() will eventually deal with
5216 * signalling init.
5217 */
5218 break;
5219
5220 case '0':
5221 case '1':
5222 case '4':
5223 case '5':
5224 case '6':
5225 mark_rl = 1;
5226 break;
5227
5228 default:
5229 log_framework(LOG_NOTICE, "Unknown runlevel '%c'.\n", rl);
5230 ms = NULL;
5231 goto nolock_out;
5232 }
5233
5234 h = scf_pg_handle(pg);
5235
5236 MUTEX_LOCK(&dgraph_lock);
5237
5238 /*
5239 * Since this triggers no milestone changes, force it by hand.
5240 */
5241 if (current_runlevel == '4' && rl == '3')
5242 mark_rl = 1;
5243
5244 /*
5245 * 1. If we are here after an "init X":
5246 *
5247 * init X
5248 * init/lscf_set_runlevel()
5249 * process_pg_event()
5250 * dgraph_set_runlevel()
5251 *
5252 * then we haven't passed through graph_runlevel_changed() yet,
5253 * therefore 'current_runlevel' has not changed for sure but 'rl' has.
5254 * In consequence, if 'rl' is lower than 'current_runlevel', we change
5255 * the system runlevel and execute the appropriate /etc/rc?.d/K* scripts
5256 * past this test.
5257 *
5258 * 2. On the other hand, if we are here after a "svcadm milestone":
5259 *
5260 * svcadm milestone X
5261 * dgraph_set_milestone()
5262 * handle_graph_update_event()
5263 * dgraph_set_instance_state()
5264 * graph_post_X_[online|offline]()
5265 * graph_runlevel_changed()
5266 * signal_init()
5267 * init/lscf_set_runlevel()
5268 * process_pg_event()
5269 * dgraph_set_runlevel()
5270 *
5271 * then we already passed through graph_runlevel_changed() (by the way
5272 * of dgraph_set_milestone()) and 'current_runlevel' may have changed
5273 * and already be equal to 'rl' so we are going to return immediately
5274 * from dgraph_set_runlevel() without changing the system runlevel and
5275 * without executing the /etc/rc?.d/K* scripts.
5276 */
5277 if (rl == current_runlevel) {
5278 ms = NULL;
5279 goto out;
5280 }
5281
5282 log_framework(LOG_DEBUG, "Changing to runlevel '%c'.\n", rl);
5283
5284 /*
5285 * Make sure stop rc scripts see the new settings via who -r.
5286 */
5287 utmpx_set_runlevel(rl, current_runlevel, B_TRUE);
5288
5289 /*
5290 * Some run levels don't have a direct correspondence to any
5291 * milestones, so we have to signal init directly.
5292 */
5293 if (mark_rl) {
5294 current_runlevel = rl;
5295 signal_init(rl);
5296 }
5297
5298 switch (rl) {
5299 case 'S':
5300 uu_warn("The system is coming down for administration. "
5301 "Please wait.\n");
5302 fork_rc_script(rl, stop, B_FALSE);
5303 ms = single_user_fmri;
5304 go_single_user_mode = B_TRUE;
5305 break;
5306
5307 case '0':
5308 halting_time = time(NULL);
5309 fork_rc_script(rl, stop, B_TRUE);
5310 halting = AD_HALT;
5311 goto uadmin;
5312
5313 case '5':
5314 halting_time = time(NULL);
5315 fork_rc_script(rl, stop, B_TRUE);
5316 halting = AD_POWEROFF;
5317 goto uadmin;
5318
5319 case '6':
5320 halting_time = time(NULL);
5321 fork_rc_script(rl, stop, B_TRUE);
5322 if (scf_is_fastboot_default() && getzoneid() == GLOBAL_ZONEID)
5323 halting = AD_FASTREBOOT;
5324 else
5325 halting = AD_BOOT;
5326
5327 uadmin:
5328 uu_warn("The system is coming down. Please wait.\n");
5329 ms = "none";
5330
5331 /*
5332 * We can't wait until all services are offline since this
5333 * thread is responsible for taking them offline. Instead we
5334 * set halting to the second argument for uadmin() and call
5335 * do_uadmin() from dgraph_set_instance_state() when
5336 * appropriate.
5337 */
5338 break;
5339
5340 case '1':
5341 if (current_runlevel != 'S') {
5342 uu_warn("Changing to state 1.\n");
5343 fork_rc_script(rl, stop, B_FALSE);
5344 } else {
5345 uu_warn("The system is coming up for administration. "
5346 "Please wait.\n");
5347 }
5348 ms = single_user_fmri;
5349 go_to_level1 = B_TRUE;
5350 break;
5351
5352 case '2':
5353 if (current_runlevel == '3' || current_runlevel == '4')
5354 fork_rc_script(rl, stop, B_FALSE);
5355 ms = multi_user_fmri;
5356 break;
5357
5358 case '3':
5359 case '4':
5360 ms = "all";
5361 break;
5362
5363 default:
5364 #ifndef NDEBUG
5365 (void) fprintf(stderr, "%s:%d: Uncaught case %d ('%c').\n",
5366 __FILE__, __LINE__, rl, rl);
5367 #endif
5368 abort();
5369 }
5370
5371 out:
5372 MUTEX_UNLOCK(&dgraph_lock);
5373
5374 nolock_out:
5375 switch (r = libscf_clear_runlevel(pg, ms)) {
5376 case 0:
5377 break;
5378
5379 case ECONNABORTED:
5380 libscf_handle_rebind(h);
5381 rebound = B_TRUE;
5382 goto nolock_out;
5383
5384 case ECANCELED:
5385 break;
5386
5387 case EPERM:
5388 case EACCES:
5389 case EROFS:
5390 log_error(LOG_NOTICE, "Could not delete \"%s/%s\" property: "
5391 "%s.\n", SCF_PG_OPTIONS, "runlevel", strerror(r));
5392 break;
5393
5394 default:
5395 bad_error("libscf_clear_runlevel", r);
5396 }
5397
5398 return (rebound ? ECONNRESET : 0);
5399 }
5400
5401 /*
5402 * mark_subtree walks the dependents and add the GV_TOOFFLINE flag
5403 * to the instances that are supposed to go offline during an
5404 * administrative disable operation.
5405 */
5406 static int
5407 mark_subtree(graph_edge_t *e, void *arg)
5408 {
5409 graph_vertex_t *v;
5410 int r;
5411
5412 v = e->ge_vertex;
5413
5414 /* If it's already in the subgraph, skip. */
5415 if (v->gv_flags & GV_TOOFFLINE)
5416 return (UU_WALK_NEXT);
5417
5418 switch (v->gv_type) {
5419 case GVT_INST:
5420 /* If the instance is already offline, skip it. */
5421 if (!inst_running(v))
5422 return (UU_WALK_NEXT);
5423
5424 v->gv_flags |= GV_TOOFFLINE;
5425 log_framework(LOG_DEBUG, "%s added to subtree\n", v->gv_name);
5426 break;
5427 case GVT_GROUP:
5428 /*
5429 * Skip all excluded dependents and decide whether to offline
5430 * the service based on the restart_on attribute.
5431 */
5432 if (is_depgrp_bypassed(v))
5433 return (UU_WALK_NEXT);
5434 break;
5435 }
5436
5437 r = uu_list_walk(v->gv_dependents, (uu_walk_fn_t *)mark_subtree, arg,
5438 0);
5439 assert(r == 0);
5440 return (UU_WALK_NEXT);
5441 }
5442
5443 static int
5444 mark_subgraph(graph_edge_t *e, void *arg)
5445 {
5446 graph_vertex_t *v;
5447 int r;
5448 int optional = (int)arg;
5449
5450 v = e->ge_vertex;
5451
5452 /* If it's already in the subgraph, skip. */
5453 if (v->gv_flags & GV_INSUBGRAPH)
5454 return (UU_WALK_NEXT);
5455
5456 /*
5457 * Keep track if walk has entered an optional dependency group
5458 */
5459 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_OPTIONAL_ALL) {
5460 optional = 1;
5461 }
5462 /*
5463 * Quit if we are in an optional dependency group and the instance
5464 * is disabled
5465 */
5466 if (optional && (v->gv_type == GVT_INST) &&
5467 (!(v->gv_flags & GV_ENBLD_NOOVR)))
5468 return (UU_WALK_NEXT);
5469
5470 v->gv_flags |= GV_INSUBGRAPH;
5471
5472 /* Skip all excluded dependencies. */
5473 if (v->gv_type == GVT_GROUP && v->gv_depgroup == DEPGRP_EXCLUDE_ALL)
5474 return (UU_WALK_NEXT);
5475
5476 r = uu_list_walk(v->gv_dependencies, (uu_walk_fn_t *)mark_subgraph,
5477 (void *)optional, 0);
5478 assert(r == 0);
5479 return (UU_WALK_NEXT);
5480 }
5481
5482 /*
5483 * Bring down all services which are not dependencies of fmri. The
5484 * dependencies of fmri (direct & indirect) will constitute the "subgraph",
5485 * and will have the GV_INSUBGRAPH flag set. The rest must be brought down,
5486 * which means the state is "disabled", "maintenance", or "uninitialized". We
5487 * could consider "offline" to be down, and refrain from sending start
5488 * commands for such services, but that's not strictly necessary, so we'll
5489 * decline to intrude on the state machine. It would probably confuse users
5490 * anyway.
5491 *
5492 * The services should be brought down in reverse-dependency order, so we
5493 * can't do it all at once here. We initiate by override-disabling the leaves
5494 * of the dependency tree -- those services which are up but have no
5495 * dependents which are up. When they come down,
5496 * vertex_subgraph_dependencies_shutdown() will override-disable the newly
5497 * exposed leaves. Perseverance will ensure completion.
5498 *
5499 * Sometimes we need to take action when the transition is complete, like
5500 * start sulogin or halt the system. To tell when we're done, we initialize
5501 * non_subgraph_svcs here to be the number of services which need to come
5502 * down. As each does, we decrement the counter. When it hits zero, we take
5503 * the appropriate action. See vertex_subgraph_dependencies_shutdown().
5504 *
5505 * In case we're coming up, we also remove any enable-overrides for the
5506 * services which are dependencies of fmri.
5507 *
5508 * If norepository is true, the function will not change the repository.
5509 *
5510 * The decision to change the system run level in accordance with the milestone
5511 * is taken in dgraph_set_runlevel().
5512 *
5513 * Returns
5514 * 0 - success
5515 * ECONNRESET - success, but handle was rebound
5516 * EINVAL - fmri is invalid (error is logged)
5517 * EALREADY - the milestone is already set to fmri
5518 * ENOENT - a configured vertex does not exist for fmri (an error is logged)
5519 */
5520 static int
5521 dgraph_set_milestone(const char *fmri, scf_handle_t *h, boolean_t norepository)
5522 {
5523 const char *cfmri, *fs;
5524 graph_vertex_t *nm, *v;
5525 int ret = 0, r;
5526 scf_instance_t *inst;
5527 boolean_t isall, isnone, rebound = B_FALSE;
5528
5529 /* Validate fmri */
5530 isall = (strcmp(fmri, "all") == 0);
5531 isnone = (strcmp(fmri, "none") == 0);
5532
5533 if (!isall && !isnone) {
5534 if (fmri_canonify(fmri, (char **)&cfmri, B_FALSE) == EINVAL)
5535 goto reject;
5536
5537 if (strcmp(cfmri, single_user_fmri) != 0 &&
5538 strcmp(cfmri, multi_user_fmri) != 0 &&
5539 strcmp(cfmri, multi_user_svr_fmri) != 0) {
5540 startd_free((void *)cfmri, max_scf_fmri_size);
5541 reject:
5542 log_framework(LOG_WARNING,
5543 "Rejecting request for invalid milestone \"%s\".\n",
5544 fmri);
5545 return (EINVAL);
5546 }
5547 }
5548
5549 inst = safe_scf_instance_create(h);
5550
5551 MUTEX_LOCK(&dgraph_lock);
5552
5553 if (milestone == NULL) {
5554 if (isall) {
5555 log_framework(LOG_DEBUG,
5556 "Milestone already set to all.\n");
5557 ret = EALREADY;
5558 goto out;
5559 }
5560 } else if (milestone == MILESTONE_NONE) {
5561 if (isnone) {
5562 log_framework(LOG_DEBUG,
5563 "Milestone already set to none.\n");
5564 ret = EALREADY;
5565 goto out;
5566 }
5567 } else {
5568 if (!isall && !isnone &&
5569 strcmp(cfmri, milestone->gv_name) == 0) {
5570 log_framework(LOG_DEBUG,
5571 "Milestone already set to %s.\n", cfmri);
5572 ret = EALREADY;
5573 goto out;
5574 }
5575 }
5576
5577 if (!isall && !isnone) {
5578 nm = vertex_get_by_name(cfmri);
5579 if (nm == NULL || !(nm->gv_flags & GV_CONFIGURED)) {
5580 log_framework(LOG_WARNING, "Cannot set milestone to %s "
5581 "because no such service exists.\n", cfmri);
5582 ret = ENOENT;
5583 goto out;
5584 }
5585 }
5586
5587 log_framework(LOG_DEBUG, "Changing milestone to %s.\n", fmri);
5588
5589 /*
5590 * Set milestone, removing the old one if this was the last reference.
5591 */
5592 if (milestone > MILESTONE_NONE)
5593 (void) vertex_unref(milestone);
5594
5595 if (isall)
5596 milestone = NULL;
5597 else if (isnone)
5598 milestone = MILESTONE_NONE;
5599 else {
5600 milestone = nm;
5601 /* milestone should count as a reference */
5602 vertex_ref(milestone);
5603 }
5604
5605 /* Clear all GV_INSUBGRAPH bits. */
5606 for (v = uu_list_first(dgraph); v != NULL; v = uu_list_next(dgraph, v))
5607 v->gv_flags &= ~GV_INSUBGRAPH;
5608
5609 if (!isall && !isnone) {
5610 /* Set GV_INSUBGRAPH for milestone & descendents. */
5611 milestone->gv_flags |= GV_INSUBGRAPH;
5612
5613 r = uu_list_walk(milestone->gv_dependencies,
5614 (uu_walk_fn_t *)mark_subgraph, NULL, 0);
5615 assert(r == 0);
5616 }
5617
5618 /* Un-override services in the subgraph & override-disable the rest. */
5619 if (norepository)
5620 goto out;
5621
5622 non_subgraph_svcs = 0;
5623 for (v = uu_list_first(dgraph);
5624 v != NULL;
5625 v = uu_list_next(dgraph, v)) {
5626 if (v->gv_type != GVT_INST ||
5627 (v->gv_flags & GV_CONFIGURED) == 0)
5628 continue;
5629
5630 again:
5631 r = scf_handle_decode_fmri(h, v->gv_name, NULL, NULL, inst,
5632 NULL, NULL, SCF_DECODE_FMRI_EXACT);
5633 if (r != 0) {
5634 switch (scf_error()) {
5635 case SCF_ERROR_CONNECTION_BROKEN:
5636 default:
5637 libscf_handle_rebind(h);
5638 rebound = B_TRUE;
5639 goto again;
5640
5641 case SCF_ERROR_NOT_FOUND:
5642 continue;
5643
5644 case SCF_ERROR_HANDLE_MISMATCH:
5645 case SCF_ERROR_INVALID_ARGUMENT:
5646 case SCF_ERROR_CONSTRAINT_VIOLATED:
5647 case SCF_ERROR_NOT_BOUND:
5648 bad_error("scf_handle_decode_fmri",
5649 scf_error());
5650 }
5651 }
5652
5653 if (isall || (v->gv_flags & GV_INSUBGRAPH)) {
5654 r = libscf_delete_enable_ovr(inst);
5655 fs = "libscf_delete_enable_ovr";
5656 } else {
5657 assert(isnone || (v->gv_flags & GV_INSUBGRAPH) == 0);
5658
5659 /*
5660 * Services which are up need to come down before
5661 * we're done, but we can only disable the leaves
5662 * here.
5663 */
5664
5665 if (up_state(v->gv_state))
5666 ++non_subgraph_svcs;
5667
5668 /* If it's already disabled, don't bother. */
5669 if ((v->gv_flags & GV_ENABLED) == 0)
5670 continue;
5671
5672 if (!is_nonsubgraph_leaf(v))
5673 continue;
5674
5675 r = libscf_set_enable_ovr(inst, 0);
5676 fs = "libscf_set_enable_ovr";
5677 }
5678 switch (r) {
5679 case 0:
5680 case ECANCELED:
5681 break;
5682
5683 case ECONNABORTED:
5684 libscf_handle_rebind(h);
5685 rebound = B_TRUE;
5686 goto again;
5687
5688 case EPERM:
5689 case EROFS:
5690 log_error(LOG_WARNING,
5691 "Could not set %s/%s for %s: %s.\n",
5692 SCF_PG_GENERAL_OVR, SCF_PROPERTY_ENABLED,
5693 v->gv_name, strerror(r));
5694 break;
5695
5696 default:
5697 bad_error(fs, r);
5698 }
5699 }
5700
5701 if (halting != -1) {
5702 if (non_subgraph_svcs > 1)
5703 uu_warn("%d system services are now being stopped.\n",
5704 non_subgraph_svcs);
5705 else if (non_subgraph_svcs == 1)
5706 uu_warn("One system service is now being stopped.\n");
5707 else if (non_subgraph_svcs == 0)
5708 do_uadmin();
5709 }
5710
5711 ret = rebound ? ECONNRESET : 0;
5712
5713 out:
5714 MUTEX_UNLOCK(&dgraph_lock);
5715 if (!isall && !isnone)
5716 startd_free((void *)cfmri, max_scf_fmri_size);
5717 scf_instance_destroy(inst);
5718 return (ret);
5719 }
5720
5721
5722 /*
5723 * Returns 0, ECONNABORTED, or EINVAL.
5724 */
5725 static int
5726 handle_graph_update_event(scf_handle_t *h, graph_protocol_event_t *e)
5727 {
5728 int r;
5729
5730 switch (e->gpe_type) {
5731 case GRAPH_UPDATE_RELOAD_GRAPH:
5732 log_error(LOG_WARNING,
5733 "graph_event: reload graph unimplemented\n");
5734 break;
5735
5736 case GRAPH_UPDATE_STATE_CHANGE: {
5737 protocol_states_t *states = e->gpe_data;
5738
5739 switch (r = dgraph_set_instance_state(h, e->gpe_inst, states)) {
5740 case 0:
5741 case ENOENT:
5742 break;
5743
5744 case ECONNABORTED:
5745 return (ECONNABORTED);
5746
5747 case EINVAL:
5748 default:
5749 #ifndef NDEBUG
5750 (void) fprintf(stderr, "dgraph_set_instance_state() "
5751 "failed with unexpected error %d at %s:%d.\n", r,
5752 __FILE__, __LINE__);
5753 #endif
5754 abort();
5755 }
5756
5757 startd_free(states, sizeof (protocol_states_t));
5758 break;
5759 }
5760
5761 default:
5762 log_error(LOG_WARNING,
5763 "graph_event_loop received an unknown event: %d\n",
5764 e->gpe_type);
5765 break;
5766 }
5767
5768 return (0);
5769 }
5770
5771 /*
5772 * graph_event_thread()
5773 * Wait for state changes from the restarters.
5774 */
5775 /*ARGSUSED*/
5776 void *
5777 graph_event_thread(void *unused)
5778 {
5779 scf_handle_t *h;
5780 int err;
5781
5782 h = libscf_handle_create_bound_loop();
5783
5784 /*CONSTCOND*/
5785 while (1) {
5786 graph_protocol_event_t *e;
5787
5788 MUTEX_LOCK(&gu->gu_lock);
5789
5790 while (gu->gu_wakeup == 0)
5791 (void) pthread_cond_wait(&gu->gu_cv, &gu->gu_lock);
5792
5793 gu->gu_wakeup = 0;
5794
5795 while ((e = graph_event_dequeue()) != NULL) {
5796 MUTEX_LOCK(&e->gpe_lock);
5797 MUTEX_UNLOCK(&gu->gu_lock);
5798
5799 while ((err = handle_graph_update_event(h, e)) ==
5800 ECONNABORTED)
5801 libscf_handle_rebind(h);
5802
5803 if (err == 0)
5804 graph_event_release(e);
5805 else
5806 graph_event_requeue(e);
5807
5808 MUTEX_LOCK(&gu->gu_lock);
5809 }
5810
5811 MUTEX_UNLOCK(&gu->gu_lock);
5812 }
5813
5814 /*
5815 * Unreachable for now -- there's currently no graceful cleanup
5816 * called on exit().
5817 */
5818 MUTEX_UNLOCK(&gu->gu_lock);
5819 scf_handle_destroy(h);
5820 return (NULL);
5821 }
5822
5823 static void
5824 set_initial_milestone(scf_handle_t *h)
5825 {
5826 scf_instance_t *inst;
5827 char *fmri, *cfmri;
5828 size_t sz;
5829 int r;
5830
5831 inst = safe_scf_instance_create(h);
5832 fmri = startd_alloc(max_scf_fmri_size);
5833
5834 /*
5835 * If -m milestone= was specified, we want to set options_ovr/milestone
5836 * to it. Otherwise we want to read what the milestone should be set
5837 * to. Either way we need our inst.
5838 */
5839 get_self:
5840 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL, inst,
5841 NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
5842 switch (scf_error()) {
5843 case SCF_ERROR_CONNECTION_BROKEN:
5844 libscf_handle_rebind(h);
5845 goto get_self;
5846
5847 case SCF_ERROR_NOT_FOUND:
5848 if (st->st_subgraph != NULL &&
5849 st->st_subgraph[0] != '\0') {
5850 sz = strlcpy(fmri, st->st_subgraph,
5851 max_scf_fmri_size);
5852 assert(sz < max_scf_fmri_size);
5853 } else {
5854 fmri[0] = '\0';
5855 }
5856 break;
5857
5858 case SCF_ERROR_INVALID_ARGUMENT:
5859 case SCF_ERROR_CONSTRAINT_VIOLATED:
5860 case SCF_ERROR_HANDLE_MISMATCH:
5861 default:
5862 bad_error("scf_handle_decode_fmri", scf_error());
5863 }
5864 } else {
5865 if (st->st_subgraph != NULL && st->st_subgraph[0] != '\0') {
5866 scf_propertygroup_t *pg;
5867
5868 pg = safe_scf_pg_create(h);
5869
5870 sz = strlcpy(fmri, st->st_subgraph, max_scf_fmri_size);
5871 assert(sz < max_scf_fmri_size);
5872
5873 r = libscf_inst_get_or_add_pg(inst, SCF_PG_OPTIONS_OVR,
5874 SCF_PG_OPTIONS_OVR_TYPE, SCF_PG_OPTIONS_OVR_FLAGS,
5875 pg);
5876 switch (r) {
5877 case 0:
5878 break;
5879
5880 case ECONNABORTED:
5881 libscf_handle_rebind(h);
5882 goto get_self;
5883
5884 case EPERM:
5885 case EACCES:
5886 case EROFS:
5887 log_error(LOG_WARNING, "Could not set %s/%s: "
5888 "%s.\n", SCF_PG_OPTIONS_OVR,
5889 SCF_PROPERTY_MILESTONE, strerror(r));
5890 /* FALLTHROUGH */
5891
5892 case ECANCELED:
5893 sz = strlcpy(fmri, st->st_subgraph,
5894 max_scf_fmri_size);
5895 assert(sz < max_scf_fmri_size);
5896 break;
5897
5898 default:
5899 bad_error("libscf_inst_get_or_add_pg", r);
5900 }
5901
5902 r = libscf_clear_runlevel(pg, fmri);
5903 switch (r) {
5904 case 0:
5905 break;
5906
5907 case ECONNABORTED:
5908 libscf_handle_rebind(h);
5909 goto get_self;
5910
5911 case EPERM:
5912 case EACCES:
5913 case EROFS:
5914 log_error(LOG_WARNING, "Could not set %s/%s: "
5915 "%s.\n", SCF_PG_OPTIONS_OVR,
5916 SCF_PROPERTY_MILESTONE, strerror(r));
5917 /* FALLTHROUGH */
5918
5919 case ECANCELED:
5920 sz = strlcpy(fmri, st->st_subgraph,
5921 max_scf_fmri_size);
5922 assert(sz < max_scf_fmri_size);
5923 break;
5924
5925 default:
5926 bad_error("libscf_clear_runlevel", r);
5927 }
5928
5929 scf_pg_destroy(pg);
5930 } else {
5931 scf_property_t *prop;
5932 scf_value_t *val;
5933
5934 prop = safe_scf_property_create(h);
5935 val = safe_scf_value_create(h);
5936
5937 r = libscf_get_milestone(inst, prop, val, fmri,
5938 max_scf_fmri_size);
5939 switch (r) {
5940 case 0:
5941 break;
5942
5943 case ECONNABORTED:
5944 libscf_handle_rebind(h);
5945 goto get_self;
5946
5947 case EINVAL:
5948 log_error(LOG_WARNING, "Milestone property is "
5949 "misconfigured. Defaulting to \"all\".\n");
5950 /* FALLTHROUGH */
5951
5952 case ECANCELED:
5953 case ENOENT:
5954 fmri[0] = '\0';
5955 break;
5956
5957 default:
5958 bad_error("libscf_get_milestone", r);
5959 }
5960
5961 scf_value_destroy(val);
5962 scf_property_destroy(prop);
5963 }
5964 }
5965
5966 if (fmri[0] == '\0' || strcmp(fmri, "all") == 0)
5967 goto out;
5968
5969 if (strcmp(fmri, "none") != 0) {
5970 retry:
5971 if (scf_handle_decode_fmri(h, fmri, NULL, NULL, inst, NULL,
5972 NULL, SCF_DECODE_FMRI_EXACT) != 0) {
5973 switch (scf_error()) {
5974 case SCF_ERROR_INVALID_ARGUMENT:
5975 log_error(LOG_WARNING,
5976 "Requested milestone \"%s\" is invalid. "
5977 "Reverting to \"all\".\n", fmri);
5978 goto out;
5979
5980 case SCF_ERROR_CONSTRAINT_VIOLATED:
5981 log_error(LOG_WARNING, "Requested milestone "
5982 "\"%s\" does not specify an instance. "
5983 "Reverting to \"all\".\n", fmri);
5984 goto out;
5985
5986 case SCF_ERROR_CONNECTION_BROKEN:
5987 libscf_handle_rebind(h);
5988 goto retry;
5989
5990 case SCF_ERROR_NOT_FOUND:
5991 log_error(LOG_WARNING, "Requested milestone "
5992 "\"%s\" not in repository. Reverting to "
5993 "\"all\".\n", fmri);
5994 goto out;
5995
5996 case SCF_ERROR_HANDLE_MISMATCH:
5997 default:
5998 bad_error("scf_handle_decode_fmri",
5999 scf_error());
6000 }
6001 }
6002
6003 r = fmri_canonify(fmri, &cfmri, B_FALSE);
6004 assert(r == 0);
6005
6006 r = dgraph_add_instance(cfmri, inst, B_TRUE);
6007 startd_free(cfmri, max_scf_fmri_size);
6008 switch (r) {
6009 case 0:
6010 break;
6011
6012 case ECONNABORTED:
6013 goto retry;
6014
6015 case EINVAL:
6016 log_error(LOG_WARNING,
6017 "Requested milestone \"%s\" is invalid. "
6018 "Reverting to \"all\".\n", fmri);
6019 goto out;
6020
6021 case ECANCELED:
6022 log_error(LOG_WARNING,
6023 "Requested milestone \"%s\" not "
6024 "in repository. Reverting to \"all\".\n",
6025 fmri);
6026 goto out;
6027
6028 case EEXIST:
6029 default:
6030 bad_error("dgraph_add_instance", r);
6031 }
6032 }
6033
6034 log_console(LOG_INFO, "Booting to milestone \"%s\".\n", fmri);
6035
6036 r = dgraph_set_milestone(fmri, h, B_FALSE);
6037 switch (r) {
6038 case 0:
6039 case ECONNRESET:
6040 case EALREADY:
6041 break;
6042
6043 case EINVAL:
6044 case ENOENT:
6045 default:
6046 bad_error("dgraph_set_milestone", r);
6047 }
6048
6049 out:
6050 startd_free(fmri, max_scf_fmri_size);
6051 scf_instance_destroy(inst);
6052 }
6053
6054 void
6055 set_restart_milestone(scf_handle_t *h)
6056 {
6057 scf_instance_t *inst;
6058 scf_property_t *prop;
6059 scf_value_t *val;
6060 char *fmri;
6061 int r;
6062
6063 inst = safe_scf_instance_create(h);
6064
6065 get_self:
6066 if (scf_handle_decode_fmri(h, SCF_SERVICE_STARTD, NULL, NULL,
6067 inst, NULL, NULL, SCF_DECODE_FMRI_EXACT) != 0) {
6068 switch (scf_error()) {
6069 case SCF_ERROR_CONNECTION_BROKEN:
6070 libscf_handle_rebind(h);
6071 goto get_self;
6072
6073 case SCF_ERROR_NOT_FOUND:
6074 break;
6075
6076 case SCF_ERROR_INVALID_ARGUMENT:
6077 case SCF_ERROR_CONSTRAINT_VIOLATED:
6078 case SCF_ERROR_HANDLE_MISMATCH:
6079 default:
6080 bad_error("scf_handle_decode_fmri", scf_error());
6081 }
6082
6083 scf_instance_destroy(inst);
6084 return;
6085 }
6086
6087 prop = safe_scf_property_create(h);
6088 val = safe_scf_value_create(h);
6089 fmri = startd_alloc(max_scf_fmri_size);
6090
6091 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size);
6092 switch (r) {
6093 case 0:
6094 break;
6095
6096 case ECONNABORTED:
6097 libscf_handle_rebind(h);
6098 goto get_self;
6099
6100 case ECANCELED:
6101 case ENOENT:
6102 case EINVAL:
6103 goto out;
6104
6105 default:
6106 bad_error("libscf_get_milestone", r);
6107 }
6108
6109 r = dgraph_set_milestone(fmri, h, B_TRUE);
6110 switch (r) {
6111 case 0:
6112 case ECONNRESET:
6113 case EALREADY:
6114 case EINVAL:
6115 case ENOENT:
6116 break;
6117
6118 default:
6119 bad_error("dgraph_set_milestone", r);
6120 }
6121
6122 out:
6123 startd_free(fmri, max_scf_fmri_size);
6124 scf_value_destroy(val);
6125 scf_property_destroy(prop);
6126 scf_instance_destroy(inst);
6127 }
6128
6129 /*
6130 * void *graph_thread(void *)
6131 *
6132 * Graph management thread.
6133 */
6134 /*ARGSUSED*/
6135 void *
6136 graph_thread(void *arg)
6137 {
6138 scf_handle_t *h;
6139 int err;
6140
6141 h = libscf_handle_create_bound_loop();
6142
6143 if (st->st_initial)
6144 set_initial_milestone(h);
6145
6146 MUTEX_LOCK(&dgraph_lock);
6147 initial_milestone_set = B_TRUE;
6148 err = pthread_cond_broadcast(&initial_milestone_cv);
6149 assert(err == 0);
6150 MUTEX_UNLOCK(&dgraph_lock);
6151
6152 libscf_populate_graph(h);
6153
6154 if (!st->st_initial)
6155 set_restart_milestone(h);
6156
6157 MUTEX_LOCK(&st->st_load_lock);
6158 st->st_load_complete = 1;
6159 (void) pthread_cond_broadcast(&st->st_load_cv);
6160 MUTEX_UNLOCK(&st->st_load_lock);
6161
6162 MUTEX_LOCK(&dgraph_lock);
6163 /*
6164 * Now that we've set st_load_complete we need to check can_come_up()
6165 * since if we booted to a milestone, then there won't be any more
6166 * state updates.
6167 */
6168 if (!go_single_user_mode && !go_to_level1 &&
6169 halting == -1) {
6170 if (!sulogin_thread_running && !can_come_up()) {
6171 (void) startd_thread_create(sulogin_thread, NULL);
6172 sulogin_thread_running = B_TRUE;
6173 }
6174 }
6175 MUTEX_UNLOCK(&dgraph_lock);
6176
6177 (void) pthread_mutex_lock(&gu->gu_freeze_lock);
6178
6179 /*CONSTCOND*/
6180 while (1) {
6181 (void) pthread_cond_wait(&gu->gu_freeze_cv,
6182 &gu->gu_freeze_lock);
6183 }
6184
6185 /*
6186 * Unreachable for now -- there's currently no graceful cleanup
6187 * called on exit().
6188 */
6189 (void) pthread_mutex_unlock(&gu->gu_freeze_lock);
6190 scf_handle_destroy(h);
6191
6192 return (NULL);
6193 }
6194
6195
6196 /*
6197 * int next_action()
6198 * Given an array of timestamps 'a' with 'num' elements, find the
6199 * lowest non-zero timestamp and return its index. If there are no
6200 * non-zero elements, return -1.
6201 */
6202 static int
6203 next_action(hrtime_t *a, int num)
6204 {
6205 hrtime_t t = 0;
6206 int i = 0, smallest = -1;
6207
6208 for (i = 0; i < num; i++) {
6209 if (t == 0) {
6210 t = a[i];
6211 smallest = i;
6212 } else if (a[i] != 0 && a[i] < t) {
6213 t = a[i];
6214 smallest = i;
6215 }
6216 }
6217
6218 if (t == 0)
6219 return (-1);
6220 else
6221 return (smallest);
6222 }
6223
6224 /*
6225 * void process_actions()
6226 * Process actions requested by the administrator. Possibilities include:
6227 * refresh, restart, maintenance mode off, maintenance mode on,
6228 * maintenance mode immediate, and degraded.
6229 *
6230 * The set of pending actions is represented in the repository as a
6231 * per-instance property group, with each action being a single property
6232 * in that group. This property group is converted to an array, with each
6233 * action type having an array slot. The actions in the array at the
6234 * time process_actions() is called are acted on in the order of the
6235 * timestamp (which is the value stored in the slot). A value of zero
6236 * indicates that there is no pending action of the type associated with
6237 * a particular slot.
6238 *
6239 * Sending an action event multiple times before the restarter has a
6240 * chance to process that action will force it to be run at the last
6241 * timestamp where it appears in the ordering.
6242 *
6243 * Turning maintenance mode on trumps all other actions.
6244 *
6245 * Returns 0 or ECONNABORTED.
6246 */
6247 static int
6248 process_actions(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst)
6249 {
6250 scf_property_t *prop = NULL;
6251 scf_value_t *val = NULL;
6252 scf_type_t type;
6253 graph_vertex_t *vertex;
6254 admin_action_t a;
6255 int i, ret = 0, r;
6256 hrtime_t action_ts[NACTIONS];
6257 char *inst_name;
6258
6259 r = libscf_instance_get_fmri(inst, &inst_name);
6260 switch (r) {
6261 case 0:
6262 break;
6263
6264 case ECONNABORTED:
6265 return (ECONNABORTED);
6266
6267 case ECANCELED:
6268 return (0);
6269
6270 default:
6271 bad_error("libscf_instance_get_fmri", r);
6272 }
6273
6274 MUTEX_LOCK(&dgraph_lock);
6275
6276 vertex = vertex_get_by_name(inst_name);
6277 if (vertex == NULL) {
6278 MUTEX_UNLOCK(&dgraph_lock);
6279 log_framework(LOG_DEBUG, "%s: Can't find graph vertex. "
6280 "The instance must have been removed.\n", inst_name);
6281 startd_free(inst_name, max_scf_fmri_size);
6282 return (0);
6283 }
6284
6285 prop = safe_scf_property_create(h);
6286 val = safe_scf_value_create(h);
6287
6288 for (i = 0; i < NACTIONS; i++) {
6289 if (scf_pg_get_property(pg, admin_actions[i], prop) != 0) {
6290 switch (scf_error()) {
6291 case SCF_ERROR_CONNECTION_BROKEN:
6292 default:
6293 ret = ECONNABORTED;
6294 goto out;
6295
6296 case SCF_ERROR_DELETED:
6297 goto out;
6298
6299 case SCF_ERROR_NOT_FOUND:
6300 action_ts[i] = 0;
6301 continue;
6302
6303 case SCF_ERROR_HANDLE_MISMATCH:
6304 case SCF_ERROR_INVALID_ARGUMENT:
6305 case SCF_ERROR_NOT_SET:
6306 bad_error("scf_pg_get_property", scf_error());
6307 }
6308 }
6309
6310 if (scf_property_type(prop, &type) != 0) {
6311 switch (scf_error()) {
6312 case SCF_ERROR_CONNECTION_BROKEN:
6313 default:
6314 ret = ECONNABORTED;
6315 goto out;
6316
6317 case SCF_ERROR_DELETED:
6318 action_ts[i] = 0;
6319 continue;
6320
6321 case SCF_ERROR_NOT_SET:
6322 bad_error("scf_property_type", scf_error());
6323 }
6324 }
6325
6326 if (type != SCF_TYPE_INTEGER) {
6327 action_ts[i] = 0;
6328 continue;
6329 }
6330
6331 if (scf_property_get_value(prop, val) != 0) {
6332 switch (scf_error()) {
6333 case SCF_ERROR_CONNECTION_BROKEN:
6334 default:
6335 ret = ECONNABORTED;
6336 goto out;
6337
6338 case SCF_ERROR_DELETED:
6339 goto out;
6340
6341 case SCF_ERROR_NOT_FOUND:
6342 case SCF_ERROR_CONSTRAINT_VIOLATED:
6343 action_ts[i] = 0;
6344 continue;
6345
6346 case SCF_ERROR_NOT_SET:
6347 case SCF_ERROR_PERMISSION_DENIED:
6348 bad_error("scf_property_get_value",
6349 scf_error());
6350 }
6351 }
6352
6353 r = scf_value_get_integer(val, &action_ts[i]);
6354 assert(r == 0);
6355 }
6356
6357 a = ADMIN_EVENT_MAINT_ON_IMMEDIATE;
6358 if (action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ||
6359 action_ts[ADMIN_EVENT_MAINT_ON]) {
6360 a = action_ts[ADMIN_EVENT_MAINT_ON_IMMEDIATE] ?
6361 ADMIN_EVENT_MAINT_ON_IMMEDIATE : ADMIN_EVENT_MAINT_ON;
6362
6363 vertex_send_event(vertex, admin_events[a]);
6364 r = libscf_unset_action(h, pg, a, action_ts[a]);
6365 switch (r) {
6366 case 0:
6367 case EACCES:
6368 break;
6369
6370 case ECONNABORTED:
6371 ret = ECONNABORTED;
6372 goto out;
6373
6374 case EPERM:
6375 uu_die("Insufficient privilege.\n");
6376 /* NOTREACHED */
6377
6378 default:
6379 bad_error("libscf_unset_action", r);
6380 }
6381 }
6382
6383 while ((a = next_action(action_ts, NACTIONS)) != -1) {
6384 log_framework(LOG_DEBUG,
6385 "Graph: processing %s action for %s.\n", admin_actions[a],
6386 inst_name);
6387
6388 if (a == ADMIN_EVENT_REFRESH) {
6389 r = dgraph_refresh_instance(vertex, inst);
6390 switch (r) {
6391 case 0:
6392 case ECANCELED:
6393 case EINVAL:
6394 case -1:
6395 break;
6396
6397 case ECONNABORTED:
6398 /* pg & inst are reset now, so just return. */
6399 ret = ECONNABORTED;
6400 goto out;
6401
6402 default:
6403 bad_error("dgraph_refresh_instance", r);
6404 }
6405 }
6406
6407 vertex_send_event(vertex, admin_events[a]);
6408
6409 r = libscf_unset_action(h, pg, a, action_ts[a]);
6410 switch (r) {
6411 case 0:
6412 case EACCES:
6413 break;
6414
6415 case ECONNABORTED:
6416 ret = ECONNABORTED;
6417 goto out;
6418
6419 case EPERM:
6420 uu_die("Insufficient privilege.\n");
6421 /* NOTREACHED */
6422
6423 default:
6424 bad_error("libscf_unset_action", r);
6425 }
6426
6427 action_ts[a] = 0;
6428 }
6429
6430 out:
6431 MUTEX_UNLOCK(&dgraph_lock);
6432
6433 scf_property_destroy(prop);
6434 scf_value_destroy(val);
6435 startd_free(inst_name, max_scf_fmri_size);
6436 return (ret);
6437 }
6438
6439 /*
6440 * inst and pg_name are scratch space, and are unset on entry.
6441 * Returns
6442 * 0 - success
6443 * ECONNRESET - success, but repository handle rebound
6444 * ECONNABORTED - repository connection broken
6445 */
6446 static int
6447 process_pg_event(scf_handle_t *h, scf_propertygroup_t *pg, scf_instance_t *inst,
6448 char *pg_name)
6449 {
6450 int r;
6451 scf_property_t *prop;
6452 scf_value_t *val;
6453 char *fmri;
6454 boolean_t rebound = B_FALSE, rebind_inst = B_FALSE;
6455
6456 if (scf_pg_get_name(pg, pg_name, max_scf_value_size) < 0) {
6457 switch (scf_error()) {
6458 case SCF_ERROR_CONNECTION_BROKEN:
6459 default:
6460 return (ECONNABORTED);
6461
6462 case SCF_ERROR_DELETED:
6463 return (0);
6464
6465 case SCF_ERROR_NOT_SET:
6466 bad_error("scf_pg_get_name", scf_error());
6467 }
6468 }
6469
6470 if (strcmp(pg_name, SCF_PG_GENERAL) == 0 ||
6471 strcmp(pg_name, SCF_PG_GENERAL_OVR) == 0) {
6472 r = dgraph_update_general(pg);
6473 switch (r) {
6474 case 0:
6475 case ENOTSUP:
6476 case ECANCELED:
6477 return (0);
6478
6479 case ECONNABORTED:
6480 return (ECONNABORTED);
6481
6482 case -1:
6483 /* Error should have been logged. */
6484 return (0);
6485
6486 default:
6487 bad_error("dgraph_update_general", r);
6488 }
6489 } else if (strcmp(pg_name, SCF_PG_RESTARTER_ACTIONS) == 0) {
6490 if (scf_pg_get_parent_instance(pg, inst) != 0) {
6491 switch (scf_error()) {
6492 case SCF_ERROR_CONNECTION_BROKEN:
6493 return (ECONNABORTED);
6494
6495 case SCF_ERROR_DELETED:
6496 case SCF_ERROR_CONSTRAINT_VIOLATED:
6497 /* Ignore commands on services. */
6498 return (0);
6499
6500 case SCF_ERROR_NOT_BOUND:
6501 case SCF_ERROR_HANDLE_MISMATCH:
6502 case SCF_ERROR_NOT_SET:
6503 default:
6504 bad_error("scf_pg_get_parent_instance",
6505 scf_error());
6506 }
6507 }
6508
6509 return (process_actions(h, pg, inst));
6510 }
6511
6512 if (strcmp(pg_name, SCF_PG_OPTIONS) != 0 &&
6513 strcmp(pg_name, SCF_PG_OPTIONS_OVR) != 0)
6514 return (0);
6515
6516 /*
6517 * We only care about the options[_ovr] property groups of our own
6518 * instance, so get the fmri and compare. Plus, once we know it's
6519 * correct, if the repository connection is broken we know exactly what
6520 * property group we were operating on, and can look it up again.
6521 */
6522 if (scf_pg_get_parent_instance(pg, inst) != 0) {
6523 switch (scf_error()) {
6524 case SCF_ERROR_CONNECTION_BROKEN:
6525 return (ECONNABORTED);
6526
6527 case SCF_ERROR_DELETED:
6528 case SCF_ERROR_CONSTRAINT_VIOLATED:
6529 return (0);
6530
6531 case SCF_ERROR_HANDLE_MISMATCH:
6532 case SCF_ERROR_NOT_BOUND:
6533 case SCF_ERROR_NOT_SET:
6534 default:
6535 bad_error("scf_pg_get_parent_instance",
6536 scf_error());
6537 }
6538 }
6539
6540 switch (r = libscf_instance_get_fmri(inst, &fmri)) {
6541 case 0:
6542 break;
6543
6544 case ECONNABORTED:
6545 return (ECONNABORTED);
6546
6547 case ECANCELED:
6548 return (0);
6549
6550 default:
6551 bad_error("libscf_instance_get_fmri", r);
6552 }
6553
6554 if (strcmp(fmri, SCF_SERVICE_STARTD) != 0) {
6555 startd_free(fmri, max_scf_fmri_size);
6556 return (0);
6557 }
6558
6559 /*
6560 * update the information events flag
6561 */
6562 if (strcmp(pg_name, SCF_PG_OPTIONS) == 0)
6563 info_events_all = libscf_get_info_events_all(pg);
6564
6565 prop = safe_scf_property_create(h);
6566 val = safe_scf_value_create(h);
6567
6568 if (strcmp(pg_name, SCF_PG_OPTIONS_OVR) == 0) {
6569 /* See if we need to set the runlevel. */
6570 /* CONSTCOND */
6571 if (0) {
6572 rebind_pg:
6573 libscf_handle_rebind(h);
6574 rebound = B_TRUE;
6575
6576 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst);
6577 switch (r) {
6578 case 0:
6579 break;
6580
6581 case ECONNABORTED:
6582 goto rebind_pg;
6583
6584 case ENOENT:
6585 goto out;
6586
6587 case EINVAL:
6588 case ENOTSUP:
6589 bad_error("libscf_lookup_instance", r);
6590 }
6591
6592 if (scf_instance_get_pg(inst, pg_name, pg) != 0) {
6593 switch (scf_error()) {
6594 case SCF_ERROR_DELETED:
6595 case SCF_ERROR_NOT_FOUND:
6596 goto out;
6597
6598 case SCF_ERROR_CONNECTION_BROKEN:
6599 goto rebind_pg;
6600
6601 case SCF_ERROR_HANDLE_MISMATCH:
6602 case SCF_ERROR_NOT_BOUND:
6603 case SCF_ERROR_NOT_SET:
6604 case SCF_ERROR_INVALID_ARGUMENT:
6605 default:
6606 bad_error("scf_instance_get_pg",
6607 scf_error());
6608 }
6609 }
6610 }
6611
6612 if (scf_pg_get_property(pg, "runlevel", prop) == 0) {
6613 r = dgraph_set_runlevel(pg, prop);
6614 switch (r) {
6615 case ECONNRESET:
6616 rebound = B_TRUE;
6617 rebind_inst = B_TRUE;
6618 /* FALLTHROUGH */
6619
6620 case 0:
6621 break;
6622
6623 case ECONNABORTED:
6624 goto rebind_pg;
6625
6626 case ECANCELED:
6627 goto out;
6628
6629 default:
6630 bad_error("dgraph_set_runlevel", r);
6631 }
6632 } else {
6633 switch (scf_error()) {
6634 case SCF_ERROR_CONNECTION_BROKEN:
6635 default:
6636 goto rebind_pg;
6637
6638 case SCF_ERROR_DELETED:
6639 goto out;
6640
6641 case SCF_ERROR_NOT_FOUND:
6642 break;
6643
6644 case SCF_ERROR_INVALID_ARGUMENT:
6645 case SCF_ERROR_HANDLE_MISMATCH:
6646 case SCF_ERROR_NOT_BOUND:
6647 case SCF_ERROR_NOT_SET:
6648 bad_error("scf_pg_get_property", scf_error());
6649 }
6650 }
6651 }
6652
6653 if (rebind_inst) {
6654 lookup_inst:
6655 r = libscf_lookup_instance(SCF_SERVICE_STARTD, inst);
6656 switch (r) {
6657 case 0:
6658 break;
6659
6660 case ECONNABORTED:
6661 libscf_handle_rebind(h);
6662 rebound = B_TRUE;
6663 goto lookup_inst;
6664
6665 case ENOENT:
6666 goto out;
6667
6668 case EINVAL:
6669 case ENOTSUP:
6670 bad_error("libscf_lookup_instance", r);
6671 }
6672 }
6673
6674 r = libscf_get_milestone(inst, prop, val, fmri, max_scf_fmri_size);
6675 switch (r) {
6676 case 0:
6677 break;
6678
6679 case ECONNABORTED:
6680 libscf_handle_rebind(h);
6681 rebound = B_TRUE;
6682 goto lookup_inst;
6683
6684 case EINVAL:
6685 log_error(LOG_NOTICE,
6686 "%s/%s property of %s is misconfigured.\n", pg_name,
6687 SCF_PROPERTY_MILESTONE, SCF_SERVICE_STARTD);
6688 /* FALLTHROUGH */
6689
6690 case ECANCELED:
6691 case ENOENT:
6692 (void) strcpy(fmri, "all");
6693 break;
6694
6695 default:
6696 bad_error("libscf_get_milestone", r);
6697 }
6698
6699 r = dgraph_set_milestone(fmri, h, B_FALSE);
6700 switch (r) {
6701 case 0:
6702 case ECONNRESET:
6703 case EALREADY:
6704 break;
6705
6706 case EINVAL:
6707 log_error(LOG_WARNING, "Milestone %s is invalid.\n", fmri);
6708 break;
6709
6710 case ENOENT:
6711 log_error(LOG_WARNING, "Milestone %s does not exist.\n", fmri);
6712 break;
6713
6714 default:
6715 bad_error("dgraph_set_milestone", r);
6716 }
6717
6718 out:
6719 startd_free(fmri, max_scf_fmri_size);
6720 scf_value_destroy(val);
6721 scf_property_destroy(prop);
6722
6723 return (rebound ? ECONNRESET : 0);
6724 }
6725
6726 /*
6727 * process_delete() deletes an instance from the dgraph if 'fmri' is an
6728 * instance fmri or if 'fmri' matches the 'general' property group of an
6729 * instance (or the 'general/enabled' property).
6730 *
6731 * 'fmri' may be overwritten and cannot be trusted on return by the caller.
6732 */
6733 static void
6734 process_delete(char *fmri, scf_handle_t *h)
6735 {
6736 char *lfmri, *end_inst_fmri;
6737 const char *inst_name = NULL;
6738 const char *pg_name = NULL;
6739 const char *prop_name = NULL;
6740
6741 lfmri = safe_strdup(fmri);
6742
6743 /* Determine if the FMRI is a property group or instance */
6744 if (scf_parse_svc_fmri(lfmri, NULL, NULL, &inst_name, &pg_name,
6745 &prop_name) != SCF_SUCCESS) {
6746 log_error(LOG_WARNING,
6747 "Received invalid FMRI \"%s\" from repository server.\n",
6748 fmri);
6749 } else if (inst_name != NULL && pg_name == NULL) {
6750 (void) dgraph_remove_instance(fmri, h);
6751 } else if (inst_name != NULL && pg_name != NULL) {
6752 /*
6753 * If we're deleting the 'general' property group or
6754 * 'general/enabled' property then the whole instance
6755 * must be removed from the dgraph.
6756 */
6757 if (strcmp(pg_name, SCF_PG_GENERAL) != 0) {
6758 free(lfmri);
6759 return;
6760 }
6761
6762 if (prop_name != NULL &&
6763 strcmp(prop_name, SCF_PROPERTY_ENABLED) != 0) {
6764 free(lfmri);
6765 return;
6766 }
6767
6768 /*
6769 * Because the instance has already been deleted from the
6770 * repository, we cannot use any scf_ functions to retrieve
6771 * the instance FMRI however we can easily reconstruct it
6772 * manually.
6773 */
6774 end_inst_fmri = strstr(fmri, SCF_FMRI_PROPERTYGRP_PREFIX);
6775 if (end_inst_fmri == NULL)
6776 bad_error("process_delete", 0);
6777
6778 end_inst_fmri[0] = '\0';
6779
6780 (void) dgraph_remove_instance(fmri, h);
6781 }
6782
6783 free(lfmri);
6784 }
6785
6786 /*ARGSUSED*/
6787 void *
6788 repository_event_thread(void *unused)
6789 {
6790 scf_handle_t *h;
6791 scf_propertygroup_t *pg;
6792 scf_instance_t *inst;
6793 char *fmri = startd_alloc(max_scf_fmri_size);
6794 char *pg_name = startd_alloc(max_scf_value_size);
6795 int r;
6796
6797 h = libscf_handle_create_bound_loop();
6798
6799 pg = safe_scf_pg_create(h);
6800 inst = safe_scf_instance_create(h);
6801
6802 retry:
6803 if (_scf_notify_add_pgtype(h, SCF_GROUP_FRAMEWORK) != SCF_SUCCESS) {
6804 if (scf_error() == SCF_ERROR_CONNECTION_BROKEN) {
6805 libscf_handle_rebind(h);
6806 } else {
6807 log_error(LOG_WARNING,
6808 "Couldn't set up repository notification "
6809 "for property group type %s: %s\n",
6810 SCF_GROUP_FRAMEWORK, scf_strerror(scf_error()));
6811
6812 (void) sleep(1);
6813 }
6814
6815 goto retry;
6816 }
6817
6818 /*CONSTCOND*/
6819 while (1) {
6820 ssize_t res;
6821
6822 /* Note: fmri is only set on delete events. */
6823 res = _scf_notify_wait(pg, fmri, max_scf_fmri_size);
6824 if (res < 0) {
6825 libscf_handle_rebind(h);
6826 goto retry;
6827 } else if (res == 0) {
6828 /*
6829 * property group modified. inst and pg_name are
6830 * pre-allocated scratch space.
6831 */
6832 if (scf_pg_update(pg) < 0) {
6833 switch (scf_error()) {
6834 case SCF_ERROR_DELETED:
6835 continue;
6836
6837 case SCF_ERROR_CONNECTION_BROKEN:
6838 log_error(LOG_WARNING,
6839 "Lost repository event due to "
6840 "disconnection.\n");
6841 libscf_handle_rebind(h);
6842 goto retry;
6843
6844 case SCF_ERROR_NOT_BOUND:
6845 case SCF_ERROR_NOT_SET:
6846 default:
6847 bad_error("scf_pg_update", scf_error());
6848 }
6849 }
6850
6851 r = process_pg_event(h, pg, inst, pg_name);
6852 switch (r) {
6853 case 0:
6854 break;
6855
6856 case ECONNABORTED:
6857 log_error(LOG_WARNING, "Lost repository event "
6858 "due to disconnection.\n");
6859 libscf_handle_rebind(h);
6860 /* FALLTHROUGH */
6861
6862 case ECONNRESET:
6863 goto retry;
6864
6865 default:
6866 bad_error("process_pg_event", r);
6867 }
6868 } else {
6869 /*
6870 * Service, instance, or pg deleted.
6871 * Don't trust fmri on return.
6872 */
6873 process_delete(fmri, h);
6874 }
6875 }
6876
6877 /*NOTREACHED*/
6878 return (NULL);
6879 }
6880
6881 void
6882 graph_engine_start()
6883 {
6884 int err;
6885
6886 (void) startd_thread_create(graph_thread, NULL);
6887
6888 MUTEX_LOCK(&dgraph_lock);
6889 while (!initial_milestone_set) {
6890 err = pthread_cond_wait(&initial_milestone_cv, &dgraph_lock);
6891 assert(err == 0);
6892 }
6893 MUTEX_UNLOCK(&dgraph_lock);
6894
6895 (void) startd_thread_create(repository_event_thread, NULL);
6896 (void) startd_thread_create(graph_event_thread, NULL);
6897 }
unleashed repo fork