Print this page
Extra lint fixes
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/contract/process.c
+++ new/usr/src/uts/common/contract/process.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 * Copyright 2016 Joyent, Inc.
25 25 */
26 26
27 27 #include <sys/mutex.h>
28 28 #include <sys/debug.h>
29 29 #include <sys/types.h>
30 30 #include <sys/param.h>
31 31 #include <sys/kmem.h>
32 32 #include <sys/thread.h>
33 33 #include <sys/id_space.h>
34 34 #include <sys/avl.h>
35 35 #include <sys/list.h>
36 36 #include <sys/sysmacros.h>
37 37 #include <sys/proc.h>
38 38 #include <sys/contract.h>
39 39 #include <sys/contract_impl.h>
40 40 #include <sys/contract/process.h>
41 41 #include <sys/contract/process_impl.h>
42 42 #include <sys/cmn_err.h>
43 43 #include <sys/nvpair.h>
44 44 #include <sys/policy.h>
45 45 #include <sys/refstr.h>
46 46 #include <sys/sunddi.h>
47 47
48 48 /*
49 49 * Process Contracts
50 50 * -----------------
51 51 *
52 52 * Generally speaking, a process contract is a contract between a
53 53 * process and a set of its descendent processes. In some cases, when
54 54 * the child processes outlive the author of the contract, the contract
55 55 * may be held by (and therefore be between the child processes and) a
56 56 * successor process which adopts the contract after the death of the
57 57 * original author.
58 58 *
59 59 * The process contract adds two new concepts to the Solaris process
60 60 * model. The first is that a process contract forms a rigid fault
61 61 * boundary around a set of processes. Hardware, software, and even
62 62 * administrator errors impacting a process in a process contract
63 63 * generate specific events and can be requested to atomically shutdown
64 64 * all processes in the contract. The second is that a process
65 65 * contract is a process collective whose leader is not a member of the
66 66 * collective. This means that the leader can reliably react to events
67 67 * in the collective, and may also act upon the collective without
68 68 * special casing itself.
69 69 *
70 70 * A composite outcome of these two concepts is that we can now create
71 71 * a tree of process contracts, rooted at init(1M), which represent
72 72 * services and subservices that are reliably observed and can be
73 73 * restarted when fatal errors occur. The service management framework
74 74 * (SMF) realizes this structure.
75 75 *
76 76 * For more details, see the "restart agreements" case, PSARC 2003/193.
77 77 *
78 78 * There are four sets of routines in this file: the process contract
79 79 * standard template operations, the process contract standard contract
80 80 * operations, a couple routines used only by the contract subsystem to
81 81 * handle process contracts' unique role as a temporary holder of
82 82 * abandoned contracts, and the interfaces which allow the system to
83 83 * create and act upon process contracts. The first two are defined by
84 84 * the contracts framework and won't be discussed further. As for the
85 85 * remaining two:
86 86 *
87 87 * Special framework interfaces
88 88 * ----------------------------
89 89 *
90 90 * contract_process_accept - determines if a process contract is a
91 91 * regent, i.e. if it can inherit other contracts.
92 92 *
93 93 * contract_process_take - tells a regent process contract to inherit
94 94 * an abandoned contract
95 95 *
96 96 * contract_process_adopt - tells a regent process contract that a
97 97 * contract it has inherited is being adopted by a process.
98 98 *
99 99 * Process contract interfaces
100 100 * ---------------------------
101 101 *
102 102 * contract_process_fork - called when a process is created; adds the
103 103 * new process to an existing contract or to a newly created one.
104 104 *
105 105 * contract_process_exit - called when a process exits
106 106 *
107 107 * contract_process_core - called when a process would have dumped core
108 108 * (even if a core file wasn't generated)
109 109 *
110 110 * contract_process_hwerr - called when a process was killed because of
111 111 * an uncorrectable hardware error
112 112 *
113 113 * contract_process_sig - called when a process was killed by a fatal
114 114 * signal sent by a process in another process contract
115 115 *
116 116 */
117 117
118 118 ct_type_t *process_type;
119 119 ctmpl_process_t *sys_process_tmpl;
120 120 refstr_t *conp_svc_aux_default;
121 121
122 122 /*
123 123 * Macro predicates for determining when events should be sent and how.
124 124 */
125 125 #define EVSENDP(ctp, flag) \
126 126 ((ctp->conp_contract.ct_ev_info | ctp->conp_contract.ct_ev_crit) & flag)
127 127
128 128 #define EVINFOP(ctp, flag) \
129 129 ((ctp->conp_contract.ct_ev_crit & flag) == 0)
130 130
131 131 #define EVFATALP(ctp, flag) \
132 132 (ctp->conp_ev_fatal & flag)
133 133
134 134
135 135 /*
136 136 * Process contract template implementation
137 137 */
138 138
139 139 /*
140 140 * ctmpl_process_dup
141 141 *
142 142 * The process contract template dup entry point. Other than the
143 143 * to-be-subsumed contract, which must be held, this simply copies all
144 144 * the fields of the original.
145 145 */
146 146 static struct ct_template *
147 147 ctmpl_process_dup(struct ct_template *template)
148 148 {
149 149 ctmpl_process_t *new;
150 150 ctmpl_process_t *old = template->ctmpl_data;
151 151
152 152 new = kmem_alloc(sizeof (ctmpl_process_t), KM_SLEEP);
153 153
154 154 ctmpl_copy(&new->ctp_ctmpl, template);
155 155 new->ctp_ctmpl.ctmpl_data = new;
156 156
157 157 new->ctp_subsume = old->ctp_subsume;
158 158 if (new->ctp_subsume)
159 159 contract_hold(new->ctp_subsume);
160 160 new->ctp_params = old->ctp_params;
161 161 new->ctp_ev_fatal = old->ctp_ev_fatal;
162 162 new->ctp_svc_fmri = old->ctp_svc_fmri;
163 163 if (new->ctp_svc_fmri != NULL) {
164 164 refstr_hold(new->ctp_svc_fmri);
165 165 }
166 166 new->ctp_svc_aux = old->ctp_svc_aux;
167 167 if (new->ctp_svc_aux != NULL) {
168 168 refstr_hold(new->ctp_svc_aux);
169 169 }
170 170
171 171 return (&new->ctp_ctmpl);
172 172 }
173 173
174 174 /*
175 175 * ctmpl_process_free
176 176 *
177 177 * The process contract template free entry point. Just releases a
178 178 * to-be-subsumed contract and frees the template.
179 179 */
180 180 static void
181 181 ctmpl_process_free(struct ct_template *template)
182 182 {
183 183 ctmpl_process_t *ctp = template->ctmpl_data;
184 184
185 185 if (ctp->ctp_subsume)
186 186 contract_rele(ctp->ctp_subsume);
187 187 if (ctp->ctp_svc_fmri != NULL) {
188 188 refstr_rele(ctp->ctp_svc_fmri);
189 189 }
190 190 if (ctp->ctp_svc_aux != NULL) {
191 191 refstr_rele(ctp->ctp_svc_aux);
192 192 }
193 193 kmem_free(template, sizeof (ctmpl_process_t));
194 194 }
195 195
196 196 /*
197 197 * SAFE_EV is the set of events which a non-privileged process is
198 198 * allowed to make critical but not fatal or if the PGRPONLY parameter
199 199 * is set. EXCESS tells us if "value", a critical event set, requires
200 200 * additional privilege given the template "ctp".
201 201 */
202 202 #define SAFE_EV (CT_PR_EV_EMPTY)
203 203 #define EXCESS(ctp, value) \
204 204 (((value) & ~((ctp)->ctp_ev_fatal | SAFE_EV)) || \
205 205 (((value) & ~SAFE_EV) && (ctp->ctp_params & CT_PR_PGRPONLY)))
206 206
207 207 /*
208 208 * ctmpl_process_set
209 209 *
210 210 * The process contract template set entry point. None of the terms
211 211 * may be unconditionally set, and setting the parameters or fatal
212 212 * event set may result in events being implicitly removed from to the
213 213 * critical event set and added to the informative event set. The
214 214 * (admittedly subtle) reason we implicitly change the critical event
215 215 * set when the parameter or fatal event set is modified but not the
216 216 * other way around is because a change to the critical event set only
217 217 * affects the contract's owner, whereas a change to the parameter set
218 218 * and fatal set can affect the execution of the application running in
219 219 * the contract (and should therefore be only made explicitly). We
220 220 * allow implicit changes at all so that setting contract terms doesn't
221 221 * become a complex dance dependent on the template's initial state and
222 222 * the desired terms.
223 223 */
224 224 static int
225 225 ctmpl_process_set(struct ct_template *tmpl, ct_kparam_t *kparam,
226 226 const cred_t *cr)
227 227 {
228 228 ctmpl_process_t *ctp = tmpl->ctmpl_data;
229 229 ct_param_t *param = &kparam->param;
230 230 contract_t *ct;
231 231 int error;
232 232 uint64_t param_value;
233 233 char *str_value;
234 234
235 235 if ((param->ctpm_id == CTPP_SVC_FMRI) ||
236 236 (param->ctpm_id == CTPP_CREATOR_AUX)) {
237 237 str_value = (char *)kparam->ctpm_kbuf;
238 238 str_value[param->ctpm_size - 1] = '\0';
239 239 } else {
240 240 if (param->ctpm_size < sizeof (uint64_t))
241 241 return (EINVAL);
242 242 param_value = *(uint64_t *)kparam->ctpm_kbuf;
243 243 /*
244 244 * No process contract parameters are > 32 bits.
245 245 * Unless it is a string.
246 246 */
247 247 if (param_value & ~UINT32_MAX)
248 248 return (EINVAL);
249 249 }
250 250
251 251 switch (param->ctpm_id) {
252 252 case CTPP_SUBSUME:
253 253 if (param_value != 0) {
254 254 /*
255 255 * Ensure that the contract exists, that we
256 256 * hold the contract, and that the contract is
257 257 * empty.
258 258 */
259 259 ct = contract_type_ptr(process_type, param_value,
260 260 curproc->p_zone->zone_uniqid);
261 261 if (ct == NULL)
262 262 return (ESRCH);
263 263 if (ct->ct_owner != curproc) {
264 264 contract_rele(ct);
265 265 return (EACCES);
266 266 }
267 267 if (((cont_process_t *)ct->ct_data)->conp_nmembers) {
268 268 contract_rele(ct);
269 269 return (ENOTEMPTY);
270 270 }
271 271 } else {
272 272 ct = NULL;
273 273 }
274 274 if (ctp->ctp_subsume)
275 275 contract_rele(ctp->ctp_subsume);
276 276 ctp->ctp_subsume = ct;
277 277 break;
278 278 case CTPP_PARAMS:
279 279 if (param_value & ~CT_PR_ALLPARAM)
280 280 return (EINVAL);
281 281 ctp->ctp_params = param_value;
282 282 /*
283 283 * If an unprivileged process requests that
284 284 * CT_PR_PGRPONLY be set, remove any unsafe events from
285 285 * the critical event set and add them to the
286 286 * informative event set.
287 287 */
288 288 if ((ctp->ctp_params & CT_PR_PGRPONLY) &&
289 289 EXCESS(ctp, tmpl->ctmpl_ev_crit) &&
290 290 !secpolicy_contract_event_choice(cr)) {
291 291 tmpl->ctmpl_ev_info |= (tmpl->ctmpl_ev_crit & ~SAFE_EV);
292 292 tmpl->ctmpl_ev_crit &= SAFE_EV;
293 293 }
294 294
295 295 break;
296 296 case CTPP_SVC_FMRI:
297 297 if (error = secpolicy_contract_identity(cr))
298 298 return (error);
299 299 if (ctp->ctp_svc_fmri != NULL)
300 300 refstr_rele(ctp->ctp_svc_fmri);
301 301 if (strcmp(CT_PR_SVC_DEFAULT, str_value) == 0)
302 302 ctp->ctp_svc_fmri = NULL;
303 303 else
304 304 ctp->ctp_svc_fmri =
305 305 refstr_alloc(str_value);
306 306 break;
307 307 case CTPP_CREATOR_AUX:
308 308 if (ctp->ctp_svc_aux != NULL)
309 309 refstr_rele(ctp->ctp_svc_aux);
310 310 if (param->ctpm_size == 1) /* empty string */
311 311 ctp->ctp_svc_aux = NULL;
312 312 else
313 313 ctp->ctp_svc_aux =
314 314 refstr_alloc(str_value);
315 315 break;
316 316 case CTP_EV_CRITICAL:
317 317 /*
318 318 * We simply don't allow adding events to the critical
319 319 * event set which aren't permitted by our policy or by
320 320 * privilege.
321 321 */
322 322 if (EXCESS(ctp, param_value) &&
323 323 (error = secpolicy_contract_event(cr)) != 0)
324 324 return (error);
325 325 tmpl->ctmpl_ev_crit = param_value;
326 326 break;
327 327 case CTPP_EV_FATAL:
328 328 if (param_value & ~CT_PR_ALLFATAL)
329 329 return (EINVAL);
330 330 ctp->ctp_ev_fatal = param_value;
331 331 /*
332 332 * Check to see if an unprivileged process is
333 333 * requesting that events be removed from the fatal
334 334 * event set which are still in the critical event set.
335 335 */
336 336 if (EXCESS(ctp, tmpl->ctmpl_ev_crit) &&
337 337 !secpolicy_contract_event_choice(cr)) {
338 338 int allowed =
339 339 SAFE_EV | (ctp->ctp_params & CT_PR_PGRPONLY) ?
340 340 0 : ctp->ctp_ev_fatal;
341 341 tmpl->ctmpl_ev_info |= (tmpl->ctmpl_ev_crit & ~allowed);
342 342 tmpl->ctmpl_ev_crit &= allowed;
343 343 }
344 344 break;
345 345 default:
346 346 return (EINVAL);
347 347 }
348 348
349 349 return (0);
350 350 }
351 351
352 352 /*
353 353 * ctmpl_process_get
354 354 *
355 355 * The process contract template get entry point. Simply fetches and
356 356 * returns the requested term.
357 357 */
358 358 static int
359 359 ctmpl_process_get(struct ct_template *template, ct_kparam_t *kparam)
360 360 {
361 361 ctmpl_process_t *ctp = template->ctmpl_data;
362 362 ct_param_t *param = &kparam->param;
363 363 uint64_t *param_value = kparam->ctpm_kbuf;
364 364
365 365 if (param->ctpm_id == CTPP_SUBSUME ||
366 366 param->ctpm_id == CTPP_PARAMS ||
367 367 param->ctpm_id == CTPP_EV_FATAL) {
368 368 if (param->ctpm_size < sizeof (uint64_t))
369 369 return (EINVAL);
370 370 kparam->ret_size = sizeof (uint64_t);
371 371 }
372 372
373 373 switch (param->ctpm_id) {
374 374 case CTPP_SUBSUME:
375 375 *param_value = ctp->ctp_subsume ?
376 376 ctp->ctp_subsume->ct_id : 0;
377 377 break;
378 378 case CTPP_PARAMS:
379 379 *param_value = ctp->ctp_params;
380 380 break;
381 381 case CTPP_SVC_FMRI:
382 382 if (ctp->ctp_svc_fmri == NULL) {
383 383 kparam->ret_size =
384 384 strlcpy((char *)kparam->ctpm_kbuf,
385 385 CT_PR_SVC_DEFAULT, param->ctpm_size);
386 386 } else {
387 387 kparam->ret_size =
388 388 strlcpy((char *)kparam->ctpm_kbuf,
389 389 refstr_value(ctp->ctp_svc_fmri), param->ctpm_size);
390 390 }
391 391 kparam->ret_size++;
392 392 break;
393 393 case CTPP_CREATOR_AUX:
394 394 if (ctp->ctp_svc_aux == NULL) {
395 395 kparam->ret_size =
396 396 strlcpy((char *)kparam->ctpm_kbuf,
397 397 refstr_value(conp_svc_aux_default),
398 398 param->ctpm_size);
399 399 } else {
400 400 kparam->ret_size =
401 401 strlcpy((char *)kparam->ctpm_kbuf,
402 402 refstr_value(ctp->ctp_svc_aux), param->ctpm_size);
403 403 }
404 404 kparam->ret_size++;
405 405 break;
406 406 case CTPP_EV_FATAL:
407 407 *param_value = ctp->ctp_ev_fatal;
408 408 break;
409 409 default:
410 410 return (EINVAL);
411 411 }
412 412
413 413 return (0);
414 414 }
415 415
416 416 static ctmplops_t ctmpl_process_ops = {
417 417 ctmpl_process_dup, /* ctop_dup */
418 418 ctmpl_process_free, /* ctop_free */
419 419 ctmpl_process_set, /* ctop_set */
420 420 ctmpl_process_get, /* ctop_get */
421 421 ctmpl_create_inval, /* ctop_create */
422 422 CT_PR_ALLEVENT
423 423 };
424 424
425 425
426 426 /*
427 427 * Process contract implementation
428 428 */
429 429
430 430 /*
431 431 * ctmpl_process_default
432 432 *
433 433 * The process contract default template entry point. Creates a
434 434 * process contract template with no parameters set, with informative
435 435 * core and signal events, critical empty and hwerr events, and fatal
436 436 * hwerr events.
437 437 */
438 438 static ct_template_t *
439 439 contract_process_default(void)
440 440 {
441 441 ctmpl_process_t *new;
442 442
443 443 new = kmem_alloc(sizeof (ctmpl_process_t), KM_SLEEP);
444 444 ctmpl_init(&new->ctp_ctmpl, &ctmpl_process_ops, process_type, new);
445 445
446 446 new->ctp_subsume = NULL;
447 447 new->ctp_params = 0;
448 448 new->ctp_ctmpl.ctmpl_ev_info = CT_PR_EV_CORE | CT_PR_EV_SIGNAL;
449 449 new->ctp_ctmpl.ctmpl_ev_crit = CT_PR_EV_EMPTY | CT_PR_EV_HWERR;
450 450 new->ctp_ev_fatal = CT_PR_EV_HWERR;
451 451 new->ctp_svc_fmri = NULL;
452 452 new->ctp_svc_aux = NULL;
453 453
454 454 return (&new->ctp_ctmpl);
455 455 }
456 456
457 457 /*
458 458 * contract_process_free
459 459 *
460 460 * The process contract free entry point.
461 461 */
462 462 static void
463 463 contract_process_free(contract_t *ct)
464 464 {
465 465 cont_process_t *ctp = ct->ct_data;
466 466 crfree(ctp->conp_cred);
467 467 list_destroy(&ctp->conp_members);
468 468 list_destroy(&ctp->conp_inherited);
469 469 if (ctp->conp_svc_fmri != NULL) {
470 470 refstr_rele(ctp->conp_svc_fmri);
471 471 }
472 472 if (ctp->conp_svc_aux != NULL) {
473 473 refstr_rele(ctp->conp_svc_aux);
474 474 }
475 475 if (ctp->conp_svc_creator != NULL) {
476 476 refstr_rele(ctp->conp_svc_creator);
477 477 }
478 478 kmem_free(ctp, sizeof (cont_process_t));
479 479 }
480 480
481 481 /*
482 482 * contract_process_cankill
483 483 *
484 484 * Determine if the contract author had or if the process generating
485 485 * the event, sp, has adequate privileges to kill process tp.
486 486 */
487 487 static int
488 488 contract_process_cankill(proc_t *tp, proc_t *sp, cont_process_t *ctp)
489 489 {
490 490 int cankill;
491 491
492 492 mutex_enter(&tp->p_crlock);
493 493 cankill = hasprocperm(tp->p_cred, ctp->conp_cred);
494 494 mutex_exit(&tp->p_crlock);
495 495 if (cankill || (sp && prochasprocperm(tp, sp, CRED())))
496 496 return (1);
497 497
498 498 return (0);
499 499 }
500 500
501 501 /*
502 502 * contract_process_kill
503 503 *
504 504 * Kills all processes in a contract, or all processes in the
505 505 * intersection of a contract and ex's process group (if ex is non-NULL
506 506 * and the contract's PGRPONLY parameter is set). If checkpriv is
507 507 * true, only those processes which may be signaled by the contract
508 508 * author or ex are killed.
509 509 */
510 510 static void
511 511 contract_process_kill(contract_t *ct, proc_t *ex, int checkpriv)
512 512 {
513 513 cont_process_t *ctp = ct->ct_data;
514 514 proc_t *p;
515 515 pid_t pgrp = -1;
516 516
517 517 ASSERT(MUTEX_HELD(&ct->ct_lock));
518 518
519 519 if (ex && (ctp->conp_params & CT_PR_PGRPONLY)) {
520 520 pgrp = ex->p_pgrp;
521 521 mutex_enter(&pidlock);
522 522 }
523 523
524 524 for (p = list_head(&ctp->conp_members); p != NULL;
525 525 p = list_next(&ctp->conp_members, p)) {
526 526 if ((p == ex) ||
527 527 (pgrp != -1 && (p->p_stat == SIDL || p->p_pgrp != pgrp)) ||
528 528 (checkpriv && !contract_process_cankill(p, ex, ctp)))
529 529 continue;
530 530
531 531 psignal(p, SIGKILL);
532 532 }
533 533
534 534 if (pgrp != -1)
535 535 mutex_exit(&pidlock);
536 536 }
537 537
538 538
539 539 /*
540 540 * contract_process_accept
541 541 *
542 542 * Tests if the process contract is willing to act as a regent for
543 543 * inherited contracts. Though brief and only called from one place,
544 544 * this functionality is kept here to avoid including knowledge of
545 545 * process contract implementation in the generic contract code.
546 546 */
547 547 int
548 548 contract_process_accept(contract_t *parent)
549 549 {
550 550 cont_process_t *ctp = parent->ct_data;
551 551
552 552 ASSERT(parent->ct_type == process_type);
553 553
554 554 return (ctp->conp_params & CT_PR_REGENT);
555 555 }
556 556
557 557 /*
558 558 * contract_process_take
559 559 *
560 560 * Executes the process contract side of inheriting a contract.
561 561 */
562 562 void
563 563 contract_process_take(contract_t *parent, contract_t *child)
564 564 {
565 565 cont_process_t *ctp = parent->ct_data;
566 566
567 567 ASSERT(MUTEX_HELD(&parent->ct_lock));
568 568 ASSERT(MUTEX_HELD(&child->ct_lock));
569 569 ASSERT(parent->ct_type == process_type);
570 570 ASSERT(ctp->conp_params & CT_PR_REGENT);
571 571
572 572 list_insert_head(&ctp->conp_inherited, child);
573 573 ctp->conp_ninherited++;
574 574 }
575 575
576 576 /*
577 577 * contract_process_adopt
578 578 *
579 579 * Executes the process contract side of adopting a contract.
580 580 */
581 581 void
582 582 contract_process_adopt(contract_t *ct, proc_t *p)
583 583 {
584 584 cont_process_t *parent = p->p_ct_process;
585 585
586 586 ASSERT(MUTEX_HELD(&parent->conp_contract.ct_lock));
587 587 ASSERT(MUTEX_HELD(&ct->ct_lock));
588 588
589 589 list_remove(&parent->conp_inherited, ct);
590 590 parent->conp_ninherited--;
591 591
592 592 /*
593 593 * We drop the parent lock first because a) we are passing the
594 594 * contract reference to the child, and b) contract_adopt
595 595 * expects us to return with the contract lock held.
596 596 */
597 597 mutex_exit(&parent->conp_contract.ct_lock);
598 598 }
599 599
600 600 /*
601 601 * contract_process_abandon
602 602 *
603 603 * The process contract abandon entry point.
604 604 */
605 605 static void
606 606 contract_process_abandon(contract_t *ct)
607 607 {
608 608 cont_process_t *ctp = ct->ct_data;
609 609
610 610 ASSERT(MUTEX_HELD(&ct->ct_lock));
611 611
612 612 /*
613 613 * Shall we stay or shall we go?
614 614 */
615 615 if (list_head(&ctp->conp_members) == NULL) {
616 616 contract_destroy(ct);
617 617 } else {
618 618 /*
619 619 * Strictly speaking, we actually do orphan the contract.
620 620 * Assuming our credentials allow us to kill all
621 621 * processes in the contract, this is only temporary.
622 622 */
623 623 if (ctp->conp_params & CT_PR_NOORPHAN)
624 624 contract_process_kill(ct, NULL, B_TRUE);
625 625 contract_orphan(ct);
626 626 mutex_exit(&ct->ct_lock);
627 627 contract_rele(ct);
628 628 }
629 629 }
630 630
631 631 /*
632 632 * contract_process_destroy
633 633 *
634 634 * The process contract destroy entry point.
635 635 */
636 636 static void
637 637 contract_process_destroy(contract_t *ct)
638 638 {
639 639 cont_process_t *ctp = ct->ct_data;
640 640 contract_t *cct;
641 641
642 642 ASSERT(MUTEX_HELD(&ct->ct_lock));
643 643
644 644 /*
645 645 * contract_destroy all empty children, kill or orphan the rest
646 646 */
647 647 while (cct = list_head(&ctp->conp_inherited)) {
648 648 mutex_enter(&cct->ct_lock);
649 649
650 650 ASSERT(cct->ct_state == CTS_INHERITED);
651 651
652 652 list_remove(&ctp->conp_inherited, cct);
653 653 ctp->conp_ninherited--;
654 654 cct->ct_regent = NULL;
655 655 cct->ct_type->ct_type_ops->contop_abandon(cct);
656 656 }
657 657 }
658 658
659 659 /*
660 660 * contract_process_status
661 661 *
662 662 * The process contract status entry point.
663 663 */
664 664 static void
665 665 contract_process_status(contract_t *ct, zone_t *zone, int detail, nvlist_t *nvl,
666 666 void *status, model_t model)
667 667 {
668 668 cont_process_t *ctp = ct->ct_data;
669 669 uint32_t *pids, *ctids;
670 670 uint_t npids, nctids;
671 671 uint_t spids, sctids;
672 672 ctid_t local_svc_zone_enter;
673 673
674 674 if (detail == CTD_FIXED) {
675 675 mutex_enter(&ct->ct_lock);
676 676 contract_status_common(ct, zone, status, model);
677 677 local_svc_zone_enter = ctp->conp_svc_zone_enter;
678 678 mutex_exit(&ct->ct_lock);
679 679 } else {
680 680 contract_t *cnext;
681 681 proc_t *pnext;
682 682 uint_t loc;
683 683
684 684 ASSERT(detail == CTD_ALL);
685 685 mutex_enter(&ct->ct_lock);
686 686 for (;;) {
687 687 spids = ctp->conp_nmembers + 5;
688 688 sctids = ctp->conp_ninherited + 5;
689 689 mutex_exit(&ct->ct_lock);
690 690
691 691 pids = kmem_alloc(spids * sizeof (uint32_t), KM_SLEEP);
692 692 ctids = kmem_alloc(sctids * sizeof (uint32_t),
693 693 KM_SLEEP);
694 694
695 695 mutex_enter(&ct->ct_lock);
696 696 npids = ctp->conp_nmembers;
697 697 nctids = ctp->conp_ninherited;
698 698 if (spids >= npids && sctids >= nctids)
699 699 break;
700 700
701 701 kmem_free(pids, spids * sizeof (uint32_t));
702 702 kmem_free(ctids, sctids * sizeof (uint32_t));
703 703 }
704 704 contract_status_common(ct, zone, status, model);
705 705 for (loc = 0, cnext = list_head(&ctp->conp_inherited); cnext;
706 706 cnext = list_next(&ctp->conp_inherited, cnext))
707 707 ctids[loc++] = cnext->ct_id;
708 708 ASSERT(loc == nctids);
709 709 for (loc = 0, pnext = list_head(&ctp->conp_members); pnext;
710 710 pnext = list_next(&ctp->conp_members, pnext))
711 711 pids[loc++] = pnext->p_pid;
712 712 ASSERT(loc == npids);
713 713 local_svc_zone_enter = ctp->conp_svc_zone_enter;
714 714 mutex_exit(&ct->ct_lock);
715 715 }
716 716
717 717 /*
718 718 * Contract terms are static; there's no need to hold the
719 719 * contract lock while accessing them.
720 720 */
721 721 VERIFY(nvlist_add_uint32(nvl, CTPS_PARAMS, ctp->conp_params) == 0);
722 722 VERIFY(nvlist_add_uint32(nvl, CTPS_EV_FATAL, ctp->conp_ev_fatal) == 0);
723 723 if (detail == CTD_ALL) {
724 724 VERIFY(nvlist_add_uint32_array(nvl, CTPS_MEMBERS, pids,
725 725 npids) == 0);
726 726 VERIFY(nvlist_add_uint32_array(nvl, CTPS_CONTRACTS, ctids,
727 727 nctids) == 0);
728 728 VERIFY(nvlist_add_string(nvl, CTPS_CREATOR_AUX,
729 729 refstr_value(ctp->conp_svc_aux)) == 0);
730 730 VERIFY(nvlist_add_string(nvl, CTPS_SVC_CREATOR,
731 731 refstr_value(ctp->conp_svc_creator)) == 0);
732 732 kmem_free(pids, spids * sizeof (uint32_t));
733 733 kmem_free(ctids, sctids * sizeof (uint32_t));
734 734 }
735 735
736 736 /*
737 737 * if we are in a local zone and svc_fmri was inherited from
738 738 * the global zone, we provide fake svc_fmri and svc_ctid
739 739 */
740 740 if (local_svc_zone_enter == 0||
741 741 zone->zone_uniqid == GLOBAL_ZONEUNIQID) {
742 742 if (detail > CTD_COMMON) {
743 743 VERIFY(nvlist_add_int32(nvl, CTPS_SVC_CTID,
744 744 ctp->conp_svc_ctid) == 0);
745 745 }
746 746 if (detail == CTD_ALL) {
747 747 VERIFY(nvlist_add_string(nvl, CTPS_SVC_FMRI,
748 748 refstr_value(ctp->conp_svc_fmri)) == 0);
749 749 }
750 750 } else {
751 751 if (detail > CTD_COMMON) {
752 752 VERIFY(nvlist_add_int32(nvl, CTPS_SVC_CTID,
753 753 local_svc_zone_enter) == 0);
754 754 }
755 755 if (detail == CTD_ALL) {
756 756 VERIFY(nvlist_add_string(nvl, CTPS_SVC_FMRI,
757 757 CT_PR_SVC_FMRI_ZONE_ENTER) == 0);
758 758 }
759 759 }
760 760 }
761 761
762 762 /*ARGSUSED*/
763 763 static int
764 764 contract_process_newct(contract_t *ct)
765 765 {
766 766 return (0);
767 767 }
768 768
769 769 /* process contracts don't negotiate */
770 770 static contops_t contract_process_ops = {
771 771 contract_process_free, /* contop_free */
772 772 contract_process_abandon, /* contop_abandon */
773 773 contract_process_destroy, /* contop_destroy */
774 774 contract_process_status, /* contop_status */
775 775 contract_ack_inval, /* contop_ack */
776 776 contract_ack_inval, /* contop_nack */
777 777 contract_qack_inval, /* contop_qack */
778 778 contract_process_newct /* contop_newct */
779 779 };
780 780
781 781 /*
782 782 * contract_process_init
783 783 *
784 784 * Initializes the process contract type. Also creates a template for
785 785 * use by newproc() when it creates user processes.
786 786 */
787 787 void
788 788 contract_process_init(void)
789 789 {
790 790 process_type = contract_type_init(CTT_PROCESS, "process",
791 791 &contract_process_ops, contract_process_default);
792 792
793 793 /*
794 794 * Create a template for use with init(1M) and other
795 795 * kernel-started processes.
796 796 */
797 797 sys_process_tmpl = kmem_alloc(sizeof (ctmpl_process_t), KM_SLEEP);
798 798 ctmpl_init(&sys_process_tmpl->ctp_ctmpl, &ctmpl_process_ops,
799 799 process_type, sys_process_tmpl);
800 800 sys_process_tmpl->ctp_subsume = NULL;
801 801 sys_process_tmpl->ctp_params = CT_PR_NOORPHAN;
802 802 sys_process_tmpl->ctp_ev_fatal = CT_PR_EV_HWERR;
803 803 sys_process_tmpl->ctp_svc_fmri =
804 804 refstr_alloc("svc:/system/init:default");
805 805 sys_process_tmpl->ctp_svc_aux = refstr_alloc("");
806 806 conp_svc_aux_default = sys_process_tmpl->ctp_svc_aux;
807 807 refstr_hold(conp_svc_aux_default);
808 808 }
809 809
810 810 /*
811 811 * contract_process_create
812 812 *
813 813 * create a process contract given template "tmpl" and parent process
814 814 * "parent". May fail and return NULL if project.max-contracts would
815 815 * have been exceeded.
816 816 */
817 817 static cont_process_t *
818 818 contract_process_create(ctmpl_process_t *tmpl, proc_t *parent, int canfail)
819 819 {
820 820 cont_process_t *ctp;
821 821
822 822 ASSERT(tmpl != NULL);
823 823
824 824 (void) contract_type_pbundle(process_type, parent);
825 825
826 826 ctp = kmem_zalloc(sizeof (cont_process_t), KM_SLEEP);
827 827
828 828 list_create(&ctp->conp_members, sizeof (proc_t),
829 829 offsetof(proc_t, p_ct_member));
830 830 list_create(&ctp->conp_inherited, sizeof (contract_t),
831 831 offsetof(contract_t, ct_ctlist));
832 832 mutex_enter(&tmpl->ctp_ctmpl.ctmpl_lock);
833 833 ctp->conp_params = tmpl->ctp_params;
834 834 ctp->conp_ev_fatal = tmpl->ctp_ev_fatal;
835 835 crhold(ctp->conp_cred = CRED());
836 836
837 837 if (contract_ctor(&ctp->conp_contract, process_type, &tmpl->ctp_ctmpl,
838 838 ctp, (ctp->conp_params & CT_PR_INHERIT) ? CTF_INHERIT : 0,
839 839 parent, canfail)) {
840 840 mutex_exit(&tmpl->ctp_ctmpl.ctmpl_lock);
841 841 contract_process_free(&ctp->conp_contract);
842 842 return (NULL);
843 843 }
844 844
845 845 /*
846 846 * inherit svc_fmri if not defined by consumer. In this case, inherit
847 847 * also svc_ctid to keep track of the contract id where
848 848 * svc_fmri was set
849 849 */
850 850 if (tmpl->ctp_svc_fmri == NULL) {
851 851 ctp->conp_svc_fmri = parent->p_ct_process->conp_svc_fmri;
852 852 ctp->conp_svc_ctid = parent->p_ct_process->conp_svc_ctid;
853 853 ctp->conp_svc_zone_enter =
854 854 parent->p_ct_process->conp_svc_zone_enter;
855 855 } else {
856 856 ctp->conp_svc_fmri = tmpl->ctp_svc_fmri;
857 857 ctp->conp_svc_ctid = ctp->conp_contract.ct_id;
858 858 /* make svc_zone_enter flag false when svc_fmri is set */
859 859 ctp->conp_svc_zone_enter = 0;
860 860 }
861 861 refstr_hold(ctp->conp_svc_fmri);
862 862 /* set svc_aux to default value if not defined in template */
863 863 if (tmpl->ctp_svc_aux == NULL) {
864 864 ctp->conp_svc_aux = conp_svc_aux_default;
865 865 } else {
866 866 ctp->conp_svc_aux = tmpl->ctp_svc_aux;
867 867 }
868 868 refstr_hold(ctp->conp_svc_aux);
869 869 /*
870 870 * set svc_creator to execname
871 871 * We special case pid0 because when newproc() creates
872 872 * the init process, the p_user.u_comm field of sched's proc_t
873 873 * has not been populated yet.
874 874 */
875 875 if (parent->p_pidp == &pid0) /* if the kernel is the creator */
876 876 ctp->conp_svc_creator = refstr_alloc("sched");
877 877 else
878 878 ctp->conp_svc_creator = refstr_alloc(parent->p_user.u_comm);
879 879
880 880 /*
881 881 * Transfer subcontracts only after new contract is visible.
882 882 * Also, only transfer contracts if the parent matches -- we
883 883 * don't want to create a cycle in the tree of contracts.
884 884 */
885 885 if (tmpl->ctp_subsume && tmpl->ctp_subsume->ct_owner == parent) {
886 886 cont_process_t *sct = tmpl->ctp_subsume->ct_data;
887 887 contract_t *ct;
888 888
889 889 mutex_enter(&tmpl->ctp_subsume->ct_lock);
890 890 mutex_enter(&ctp->conp_contract.ct_lock);
891 891 while (ct = list_head(&sct->conp_inherited)) {
892 892 mutex_enter(&ct->ct_lock);
893 893 list_remove(&sct->conp_inherited, ct);
894 894 list_insert_tail(&ctp->conp_inherited, ct);
895 895 ct->ct_regent = &ctp->conp_contract;
896 896 mutex_exit(&ct->ct_lock);
897 897 }
898 898 ctp->conp_ninherited += sct->conp_ninherited;
899 899 sct->conp_ninherited = 0;
900 900 mutex_exit(&ctp->conp_contract.ct_lock);
901 901 mutex_exit(&tmpl->ctp_subsume->ct_lock);
902 902
903 903 /*
904 904 * Automatically abandon the contract.
905 905 */
906 906 (void) contract_abandon(tmpl->ctp_subsume, parent, 1);
907 907 }
908 908
909 909 mutex_exit(&tmpl->ctp_ctmpl.ctmpl_lock);
910 910
911 911 return (ctp);
912 912 }
913 913
914 914 /*
915 915 * contract_process_exit
916 916 *
917 917 * Called on process exit. Removes process p from process contract
918 918 * ctp. Generates an exit event, if requested. Generates an empty
919 919 * event, if p is the last member of the the process contract and empty
920 920 * events were requested.
921 921 */
922 922 void
923 923 contract_process_exit(cont_process_t *ctp, proc_t *p, int exitstatus)
924 924 {
925 925 contract_t *ct = &ctp->conp_contract;
926 926 ct_kevent_t *event;
927 927 int empty;
928 928
929 929 /*
930 930 * Remove self from process contract.
931 931 */
932 932 mutex_enter(&ct->ct_lock);
933 933 list_remove(&ctp->conp_members, p);
934 934 ctp->conp_nmembers--;
935 935 mutex_enter(&p->p_lock); /* in case /proc is watching */
936 936 p->p_ct_process = NULL;
937 937 mutex_exit(&p->p_lock);
938 938
939 939 /*
940 940 * We check for emptiness before dropping the contract lock to
941 941 * send the exit event, otherwise we could end up with two
942 942 * empty events.
943 943 */
944 944 empty = (list_head(&ctp->conp_members) == NULL);
945 945 if (EVSENDP(ctp, CT_PR_EV_EXIT)) {
946 946 nvlist_t *nvl;
947 947
948 948 mutex_exit(&ct->ct_lock);
949 949 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
950 950 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, p->p_pid) == 0);
951 951 VERIFY(nvlist_add_int32(nvl, CTPE_EXITSTATUS, exitstatus) == 0);
952 952
953 953 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
954 954 event->cte_flags = EVINFOP(ctp, CT_PR_EV_EXIT) ? CTE_INFO : 0;
955 955 event->cte_type = CT_PR_EV_EXIT;
956 956 (void) cte_publish_all(ct, event, nvl, NULL);
957 957 mutex_enter(&ct->ct_lock);
958 958 }
959 959
960 960 /*
961 961 * CT_PR_EV_EXIT is not part of the CT_PR_ALLFATAL definition since
962 962 * we never allow including this in the fatal set via a user-land
963 963 * application, but we do allow CT_PR_EV_EXIT in the contract's fatal
964 964 * set for a process setup for zone init. See zone_start_init().
965 965 */
966 966 if (EVFATALP(ctp, CT_PR_EV_EXIT)) {
967 967 ASSERT(MUTEX_HELD(&ct->ct_lock));
968 968 contract_process_kill(ct, p, B_TRUE);
969 969 }
970 970
971 971 if (empty) {
972 972 /*
973 973 * Send EMPTY message.
974 974 */
975 975 if (EVSENDP(ctp, CT_PR_EV_EMPTY)) {
976 976 nvlist_t *nvl;
977 977
978 978 mutex_exit(&ct->ct_lock);
979 979 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME,
980 980 KM_SLEEP) == 0);
981 981 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, p->p_pid) == 0);
982 982
983 983 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
984 984 event->cte_flags = EVINFOP(ctp, CT_PR_EV_EMPTY) ?
985 985 CTE_INFO : 0;
986 986 event->cte_type = CT_PR_EV_EMPTY;
987 987 (void) cte_publish_all(ct, event, nvl, NULL);
988 988 mutex_enter(&ct->ct_lock);
989 989 }
990 990
991 991 /*
992 992 * The last one to leave an orphaned contract turns out
993 993 * the lights.
994 994 */
995 995 if (ct->ct_state == CTS_ORPHAN) {
996 996 contract_destroy(ct);
997 997 return;
998 998 }
999 999 }
1000 1000 mutex_exit(&ct->ct_lock);
1001 1001 contract_rele(ct);
1002 1002 }
1003 1003
1004 1004 /*
1005 1005 * contract_process_fork
1006 1006 *
1007 1007 * Called on process fork. If the current lwp has a active process
1008 1008 * contract template, we attempt to create a new process contract.
1009 1009 * Failure to create a process contract when required is a failure in
1010 1010 * fork so, in such an event, we return NULL.
1011 1011 *
1012 1012 * Assuming we succeeded or skipped the previous step, we add the child
1013 1013 * process to the new contract (success) or to the parent's process
1014 1014 * contract (skip). If requested, we also send a fork event to that
1015 1015 * contract.
1016 1016 *
1017 1017 * Because contract_process_fork() may fail, and because we would
1018 1018 * prefer that process contracts not be created for processes which
1019 1019 * don't complete forking, this should be the last function called
1020 1020 * before the "all clear" point in cfork.
1021 1021 */
1022 1022 cont_process_t *
1023 1023 contract_process_fork(ctmpl_process_t *rtmpl, proc_t *cp, proc_t *pp,
1024 1024 int canfail)
1025 1025 {
1026 1026 contract_t *ct;
1027 1027 cont_process_t *ctp;
1028 1028 ct_kevent_t *event;
1029 1029 ct_template_t *tmpl;
1030 1030
1031 1031 if (rtmpl == NULL && (tmpl = ttolwp(curthread)->lwp_ct_active[
1032 1032 process_type->ct_type_index]) != NULL)
1033 1033 rtmpl = tmpl->ctmpl_data;
1034 1034
1035 1035 if (rtmpl == NULL)
1036 1036 ctp = curproc->p_ct_process;
1037 1037 else if ((ctp = contract_process_create(rtmpl, pp, canfail)) == NULL)
1038 1038 return (NULL);
1039 1039
1040 1040 ct = &ctp->conp_contract;
1041 1041 /*
1042 1042 * Prevent contract_process_kill() from missing forked children
1043 1043 * by failing forks by parents that have just been killed.
1044 1044 * It's not worth hoisting the ctp test since contract creation
1045 1045 * is by no means the common case.
1046 1046 */
1047 1047 mutex_enter(&ct->ct_lock);
1048 1048 mutex_enter(&pp->p_lock);
1049 1049 if (ctp == curproc->p_ct_process && (pp->p_flag & SKILLED) != 0 &&
1050 1050 canfail) {
1051 1051 mutex_exit(&pp->p_lock);
1052 1052 mutex_exit(&ct->ct_lock);
1053 1053 return (NULL);
1054 1054 }
1055 1055 cp->p_ct_process = ctp;
1056 1056 mutex_exit(&pp->p_lock);
1057 1057 contract_hold(ct);
1058 1058 list_insert_head(&ctp->conp_members, cp);
1059 1059 ctp->conp_nmembers++;
1060 1060 mutex_exit(&ct->ct_lock);
1061 1061 if (EVSENDP(ctp, CT_PR_EV_FORK)) {
1062 1062 nvlist_t *nvl;
1063 1063
1064 1064 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1065 1065 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, cp->p_pid) == 0);
1066 1066 VERIFY(nvlist_add_uint32(nvl, CTPE_PPID, pp->p_pid) == 0);
1067 1067
1068 1068 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
1069 1069 event->cte_flags = EVINFOP(ctp, CT_PR_EV_FORK) ? CTE_INFO : 0;
1070 1070 event->cte_type = CT_PR_EV_FORK;
|
↓ open down ↓ |
1070 lines elided |
↑ open up ↑ |
1071 1071 (void) cte_publish_all(ct, event, nvl, NULL);
1072 1072 }
1073 1073
1074 1074 /*
1075 1075 * Because the CT_PR_KEEP_EXEC flag is meant to be used by applications
1076 1076 * which are not contract aware, we can assume that these applications
1077 1077 * will never explicitly abandon the child's new contract. Thus, we
1078 1078 * abandon it now.
1079 1079 */
1080 1080 if (ctp->conp_params & CT_PR_KEEP_EXEC) {
1081 - contract_abandon(ct, pp, 1);
1081 + (void) contract_abandon(ct, pp, 1);
1082 1082 }
1083 1083
1084 1084 return (ctp);
1085 1085 }
1086 1086
1087 1087 /*
1088 1088 * contract_process_core
1089 1089 *
1090 1090 * Called on core file generation attempts. Generates a core event, if
1091 1091 * requested, containing the names of the process, global, and
1092 1092 * system-global ("zone") core files. If dumping core is in the fatal
1093 1093 * event set, calls contract_process_kill().
1094 1094 */
1095 1095 void
1096 1096 contract_process_core(cont_process_t *ctp, proc_t *p, int sig,
1097 1097 const char *process, const char *global, const char *zone)
1098 1098 {
1099 1099 contract_t *ct = &ctp->conp_contract;
1100 1100
1101 1101 if (EVSENDP(ctp, CT_PR_EV_CORE)) {
1102 1102 ct_kevent_t *event;
1103 1103 nvlist_t *nvl, *gnvl = NULL;
1104 1104
1105 1105 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1106 1106 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, p->p_pid) == 0);
1107 1107 VERIFY(nvlist_add_uint32(nvl, CTPE_SIGNAL, sig) == 0);
1108 1108 if (process)
1109 1109 VERIFY(nvlist_add_string(nvl, CTPE_PCOREFILE,
1110 1110 (char *)process) == 0);
1111 1111 if (global)
1112 1112 VERIFY(nvlist_add_string(nvl, CTPE_GCOREFILE,
1113 1113 (char *)global) == 0);
1114 1114
1115 1115 if (zone) {
1116 1116 /*
1117 1117 * Only the global zone is informed of the
1118 1118 * local-zone generated global-zone core.
1119 1119 */
1120 1120 VERIFY(nvlist_alloc(&gnvl, NV_UNIQUE_NAME,
1121 1121 KM_SLEEP) == 0);
1122 1122 VERIFY(nvlist_add_string(gnvl, CTPE_ZCOREFILE,
1123 1123 (char *)zone) == 0);
1124 1124 }
1125 1125
1126 1126 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
1127 1127 event->cte_flags = EVINFOP(ctp, CT_PR_EV_CORE) ? CTE_INFO : 0;
1128 1128 event->cte_type = CT_PR_EV_CORE;
1129 1129 (void) cte_publish_all(ct, event, nvl, gnvl);
1130 1130 }
1131 1131
1132 1132 if (EVFATALP(ctp, CT_PR_EV_CORE)) {
1133 1133 mutex_enter(&ct->ct_lock);
1134 1134 contract_process_kill(ct, p, B_TRUE);
1135 1135 mutex_exit(&ct->ct_lock);
1136 1136 }
1137 1137 }
1138 1138
1139 1139 /*
1140 1140 * contract_process_hwerr
1141 1141 *
1142 1142 * Called when a process is killed by an unrecoverable hardware error.
1143 1143 * Generates an hwerr event, if requested. If hardware errors are in
1144 1144 * the fatal event set, calls contract_process_kill().
1145 1145 */
1146 1146 void
1147 1147 contract_process_hwerr(cont_process_t *ctp, proc_t *p)
1148 1148 {
1149 1149 contract_t *ct = &ctp->conp_contract;
1150 1150
1151 1151 if (EVSENDP(ctp, CT_PR_EV_HWERR)) {
1152 1152 ct_kevent_t *event;
1153 1153 nvlist_t *nvl;
1154 1154
1155 1155 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1156 1156 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, p->p_pid) == 0);
1157 1157
1158 1158 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
1159 1159 event->cte_flags = EVINFOP(ctp, CT_PR_EV_HWERR) ? CTE_INFO : 0;
1160 1160 event->cte_type = CT_PR_EV_HWERR;
1161 1161 (void) cte_publish_all(ct, event, nvl, NULL);
1162 1162 }
1163 1163
1164 1164 if (EVFATALP(ctp, CT_PR_EV_HWERR)) {
1165 1165 mutex_enter(&ct->ct_lock);
1166 1166 contract_process_kill(ct, p, B_FALSE);
1167 1167 mutex_exit(&ct->ct_lock);
1168 1168 }
1169 1169 }
1170 1170
1171 1171 /*
1172 1172 * contract_process_sig
1173 1173 *
1174 1174 * Called when a process is killed by a signal originating from a
1175 1175 * process outside of its process contract or its process contract's
1176 1176 * holder. Generates an signal event, if requested, containing the
1177 1177 * signal number, and the sender's pid and contract id (if available).
1178 1178 * If signals are in the fatal event set, calls
1179 1179 * contract_process_kill().
1180 1180 */
1181 1181 void
1182 1182 contract_process_sig(cont_process_t *ctp, proc_t *p, int sig, pid_t pid,
1183 1183 ctid_t ctid, zoneid_t zoneid)
1184 1184 {
1185 1185 contract_t *ct = &ctp->conp_contract;
1186 1186
1187 1187 if (EVSENDP(ctp, CT_PR_EV_SIGNAL)) {
1188 1188 ct_kevent_t *event;
1189 1189 nvlist_t *dest, *nvl, *gnvl = NULL;
1190 1190
1191 1191 VERIFY(nvlist_alloc(&nvl, NV_UNIQUE_NAME, KM_SLEEP) == 0);
1192 1192 VERIFY(nvlist_add_uint32(nvl, CTPE_PID, p->p_pid) == 0);
1193 1193 VERIFY(nvlist_add_uint32(nvl, CTPE_SIGNAL, sig) == 0);
1194 1194
1195 1195 if (zoneid >= 0 && p->p_zone->zone_id != zoneid) {
1196 1196 VERIFY(nvlist_alloc(&gnvl, NV_UNIQUE_NAME,
1197 1197 KM_SLEEP) == 0);
1198 1198 dest = gnvl;
1199 1199 } else {
1200 1200 dest = nvl;
1201 1201 }
1202 1202
1203 1203 if (pid != -1)
1204 1204 VERIFY(nvlist_add_uint32(dest, CTPE_SENDER, pid) == 0);
1205 1205 if (ctid != 0)
1206 1206 VERIFY(nvlist_add_uint32(dest, CTPE_SENDCT, ctid) == 0);
1207 1207
1208 1208 event = kmem_zalloc(sizeof (ct_kevent_t), KM_SLEEP);
1209 1209 event->cte_flags = EVINFOP(ctp, CT_PR_EV_SIGNAL) ? CTE_INFO : 0;
1210 1210 event->cte_type = CT_PR_EV_SIGNAL;
1211 1211 (void) cte_publish_all(ct, event, nvl, gnvl);
1212 1212 }
1213 1213
1214 1214 if (EVFATALP(ctp, CT_PR_EV_SIGNAL)) {
1215 1215 mutex_enter(&ct->ct_lock);
1216 1216 contract_process_kill(ct, p, B_TRUE);
1217 1217 mutex_exit(&ct->ct_lock);
1218 1218 }
1219 1219 }
|
↓ open down ↓ |
128 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX