1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2018 Joyent, Inc.
24 * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
25 * Copyright 2014 Igor Kozhukhov <ikozhukhov@gmail.com>.
26 */
27
28 #ifndef _SYS_ZONE_H
29 #define _SYS_ZONE_H
30
31 #include <sys/types.h>
32 #include <sys/param.h>
33 #include <sys/tsol/label.h>
34 #include <sys/uadmin.h>
35 #include <netinet/in.h>
36
37 #ifdef _KERNEL
38 /*
39 * Many includes are kernel-only to reduce namespace pollution of
40 * userland applications.
41 */
42 #include <sys/mutex.h>
43 #include <sys/rctl.h>
44 #include <sys/ipc_rctl.h>
45 #include <sys/pset.h>
622
623 /*
624 * DTrace-private per-zone state
625 */
626 int zone_dtrace_getf; /* # of unprivileged getf()s */
627
628 /*
629 * Synchronization primitives used to synchronize between mounts and
630 * zone creation/destruction.
631 */
632 int zone_mounts_in_progress;
633 kcondvar_t zone_mount_cv;
634 kmutex_t zone_mount_lock;
635 } zone_t;
636
637 /*
638 * Special value of zone_psetid to indicate that pools are disabled.
639 */
640 #define ZONE_PS_INVAL PS_MYID
641
642
643 extern zone_t zone0;
644 extern zone_t *global_zone;
645 extern uint_t maxzones;
646 extern rctl_hndl_t rc_zone_nlwps;
647 extern rctl_hndl_t rc_zone_nprocs;
648
649 extern long zone(int, void *, void *, void *, void *);
650 extern void zone_zsd_init(void);
651 extern void zone_init(void);
652 extern void zone_hold(zone_t *);
653 extern void zone_rele(zone_t *);
654 extern void zone_init_ref(zone_ref_t *);
655 extern void zone_hold_ref(zone_t *, zone_ref_t *, zone_ref_subsys_t);
656 extern void zone_rele_ref(zone_ref_t *, zone_ref_subsys_t);
657 extern void zone_cred_hold(zone_t *);
658 extern void zone_cred_rele(zone_t *);
659 extern void zone_task_hold(zone_t *);
660 extern void zone_task_rele(zone_t *);
661 extern zone_t *zone_find_by_id(zoneid_t);
662 extern zone_t *zone_find_by_label(const ts_label_t *);
764 #define ZONE_PATH_VISIBLE(path, zone) \
765 (strncmp((path), (zone)->zone_rootpath, \
766 (zone)->zone_rootpathlen - 1) == 0)
767
768 /*
769 * Convenience macro to go from the global view of a path to that seen
770 * from within said zone. It is the responsibility of the caller to
771 * ensure that the path is a resolved one (ie, no '..'s or '.'s), and is
772 * in fact visible from within the zone.
773 */
774 #define ZONE_PATH_TRANSLATE(path, zone) \
775 (ASSERT(ZONE_PATH_VISIBLE(path, zone)), \
776 (path) + (zone)->zone_rootpathlen - 2)
777
778 /*
779 * Special processes visible in all zones.
780 */
781 #define ZONE_SPECIALPID(x) ((x) == 0 || (x) == 1)
782
783 /*
784 * Zone-safe version of thread_create() to be used when the caller wants to
785 * create a kernel thread to run within the current zone's context.
786 */
787 extern kthread_t *zthread_create(caddr_t, size_t, void (*)(), void *, size_t,
788 pri_t);
789 extern void zthread_exit(void);
790
791 /*
792 * Functions for an external observer to register interest in a zone's status
793 * change. Observers will be woken up when the zone status equals the status
794 * argument passed in (in the case of zone_status_timedwait, the function may
795 * also return because of a timeout; zone_status_wait_sig may return early due
796 * to a signal being delivered; zone_status_timedwait_sig may return for any of
797 * the above reasons).
798 *
799 * Otherwise these behave identically to cv_timedwait(), cv_wait(), and
800 * cv_wait_sig() respectively.
801 */
802 extern clock_t zone_status_timedwait(zone_t *, clock_t, zone_status_t);
803 extern clock_t zone_status_timedwait_sig(zone_t *, clock_t, zone_status_t);
|
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2014 Igor Kozhukhov <ikozhukhov@gmail.com>.
25 * Copyright 2019 Nexenta Systems, Inc. All rights reserved.
26 * Copyright 2020 Joyent, Inc.
27 */
28
29 #ifndef _SYS_ZONE_H
30 #define _SYS_ZONE_H
31
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/tsol/label.h>
35 #include <sys/uadmin.h>
36 #include <netinet/in.h>
37
38 #ifdef _KERNEL
39 /*
40 * Many includes are kernel-only to reduce namespace pollution of
41 * userland applications.
42 */
43 #include <sys/mutex.h>
44 #include <sys/rctl.h>
45 #include <sys/ipc_rctl.h>
46 #include <sys/pset.h>
623
624 /*
625 * DTrace-private per-zone state
626 */
627 int zone_dtrace_getf; /* # of unprivileged getf()s */
628
629 /*
630 * Synchronization primitives used to synchronize between mounts and
631 * zone creation/destruction.
632 */
633 int zone_mounts_in_progress;
634 kcondvar_t zone_mount_cv;
635 kmutex_t zone_mount_lock;
636 } zone_t;
637
638 /*
639 * Special value of zone_psetid to indicate that pools are disabled.
640 */
641 #define ZONE_PS_INVAL PS_MYID
642
643 extern zone_t zone0;
644 extern zone_t *global_zone;
645 extern uint_t maxzones;
646 extern rctl_hndl_t rc_zone_nlwps;
647 extern rctl_hndl_t rc_zone_nprocs;
648
649 extern long zone(int, void *, void *, void *, void *);
650 extern void zone_zsd_init(void);
651 extern void zone_init(void);
652 extern void zone_hold(zone_t *);
653 extern void zone_rele(zone_t *);
654 extern void zone_init_ref(zone_ref_t *);
655 extern void zone_hold_ref(zone_t *, zone_ref_t *, zone_ref_subsys_t);
656 extern void zone_rele_ref(zone_ref_t *, zone_ref_subsys_t);
657 extern void zone_cred_hold(zone_t *);
658 extern void zone_cred_rele(zone_t *);
659 extern void zone_task_hold(zone_t *);
660 extern void zone_task_rele(zone_t *);
661 extern zone_t *zone_find_by_id(zoneid_t);
662 extern zone_t *zone_find_by_label(const ts_label_t *);
764 #define ZONE_PATH_VISIBLE(path, zone) \
765 (strncmp((path), (zone)->zone_rootpath, \
766 (zone)->zone_rootpathlen - 1) == 0)
767
768 /*
769 * Convenience macro to go from the global view of a path to that seen
770 * from within said zone. It is the responsibility of the caller to
771 * ensure that the path is a resolved one (ie, no '..'s or '.'s), and is
772 * in fact visible from within the zone.
773 */
774 #define ZONE_PATH_TRANSLATE(path, zone) \
775 (ASSERT(ZONE_PATH_VISIBLE(path, zone)), \
776 (path) + (zone)->zone_rootpathlen - 2)
777
778 /*
779 * Special processes visible in all zones.
780 */
781 #define ZONE_SPECIALPID(x) ((x) == 0 || (x) == 1)
782
783 /*
784 * A root vnode of the current zone.
785 *
786 * NOTE: It may be necessary (initialization time for file sharing where an
787 * NGZ loads a file-sharing kernel module that does zsd initialization) to NOT
788 * use this macro. One should ASSERT() that curzone == active ZSD (an
789 * ASSERTion that's not always true at ZSD initialization time) during regular
790 * use of this macro.
791 */
792 #define ZONE_ROOTVP() (curzone->zone_rootvp)
793
794 /*
795 * Since a zone's root isn't necessarily an actual filesystem boundary
796 * (i.e. VROOT may not be set on zone->zone_rootvp) we need to not assume it.
797 * This macro helps in checking if a vnode is the current zone's rootvp.
798 * NOTE: Using the VN_ prefix, even though it's defined here in zone.h.
799 * NOTE2: See above warning about ZONE_ROOTVP().
800 */
801 #define VN_IS_CURZONEROOT(vp) (VN_CMP(vp, ZONE_ROOTVP()))
802
803 /*
804 * Zone-safe version of thread_create() to be used when the caller wants to
805 * create a kernel thread to run within the current zone's context.
806 */
807 extern kthread_t *zthread_create(caddr_t, size_t, void (*)(), void *, size_t,
808 pri_t);
809 extern void zthread_exit(void);
810
811 /*
812 * Functions for an external observer to register interest in a zone's status
813 * change. Observers will be woken up when the zone status equals the status
814 * argument passed in (in the case of zone_status_timedwait, the function may
815 * also return because of a timeout; zone_status_wait_sig may return early due
816 * to a signal being delivered; zone_status_timedwait_sig may return for any of
817 * the above reasons).
818 *
819 * Otherwise these behave identically to cv_timedwait(), cv_wait(), and
820 * cv_wait_sig() respectively.
821 */
822 extern clock_t zone_status_timedwait(zone_t *, clock_t, zone_status_t);
823 extern clock_t zone_status_timedwait_sig(zone_t *, clock_t, zone_status_t);
|