lx_thunk_server.c revision 9acbbeaf2a1ffe5c14b244867d427714fab43c5c
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* The BrandZ Linux thunking server.
*
* The interfaces defined in this file form the server side of a bridge
* to allow native solaris process to access Linux services. Currently
* the Linux services that is made accessible by these interfaces here
* are:
* - Linux host <-> address naming services
* - Linux service <-> port naming services
* - Linux syslog
*
* Access to all these services is provided through a doors server.
* Currently the only client of these interfaces and the process that
* initially starts up the doors server is lx_thunk.so.
*
* lx_thunk.so is a native solaris library that is loaded into native
* solaris process that need to run inside a Linux zone and have access
* to Linux services. When lx_thunk.so receives a request that requires
* accessing Linux services it creates a "thunk server" process by
* forking and executing the following shell script (which runs as
*
* The first and only thing this shell script attempts to do is re-exec
* itself. The brand library will detect when this script attempts to
* re-exec itself and take control of the process. The exec() system
* call made by the Linux shell will never return.
*
* At this point the process becomes a "thunk server" process.
* The first thing it does is a bunch of initialization:
*
* - Sanity check that a file descriptor based communication mechanism
* needed talk to the parent process is correctly initialized.
*
* - Verify that two predetermined file descriptors are FIFOs.
* These FIFOs will be used to establish communications with
* the client program that spawned us and which will be sending
* us requests.
*
* - Use existing debugging libraries (libproc.so, librtld_db.so,
* and the BrandZ lx plug-in to librtld_db.so) and /native/proc to
* walk the Linux link maps in our own address space to determine
* the address of the Linux dlsym() function.
*
* - Use the native Linux dlsym() function to look up other symbols
* (for both functions and variables) that we will need access
* to service thunking requests.
*
* - Create a doors server and notify the parent process that we
* are ready to service requests.
*
* - Enter a service loop and wait for requests.
*
* At this point the lx_thunk process is ready to service door
* based requests. When door service request is received the
* following happens inside the lx_thunk process:
*
* - The doors server function is is invoked on a new solaris thread
* that the kernel injects into the lx_thunk process. We sanity
* check the incoming request, place it on a service queue, and
* wait for notification that the request has been completed.
*
* - A Linux thread takes this request off the service queue
* and dispatches it to a service function that will:
* - Decode the request.
* - Handle the request by invoking native Linux interfaces.
* - Encode the results for the request.
*
* - The Linux thread then notifies the requesting doors server
* thread that the request has been completed and goes to sleep
* until it receives another request.
*
* - the solaris door server thread returns the results of the
* operation to the caller.
*
* Notes:
*
* - The service request hand off operation from the solaris doors thread to
* the "Linux thread" is required because only "Linux threads" can call
* into Linux code. In this context a "Linux thread" is a thread that
* is either the initial thread of a Linux process or a thread that was
* created by calling the Linux version of thread_create(). The reason
* for this restriction is that any thread that invokes Linux code needs
* to have been initialized in the Linux threading libraries and have
* things like Linux thread local storage properly setup.
*
* But under solaris all door server threads are created and destroyed
* dynamically. This means that when a doors server function is invoked,
* it is invoked via a thread that hasn't been initialized in the Linux
* environment and there for can't call directly into Linux code.
*
* - Currently when a thunk server process is starting up, it communicated
* with it's parent via two FIFOs. These FIFOs are setup by the
* lx_thunk.so library. After creating the FIFOs and starting the lx_thunk
* server, lx_thunk.so writes the name of the file that the door should
* be attached to to the first pipe. The lx_thunk server reads in this
* value, initialized the server, fattach()s it to the file request by
* lx_thunk.so and does a write to the second FIFO to let lx_thunk.so
* know that the server is ready to take requests.
*
* This negotiation could be simplified to use only use one FIFO.
* lx_thunk.so would attempt to read from the FIFO and the lx_thunk
* server process could send the new door server file descriptor
* to this process via an I_SENDFD ioctl (see streamio.7I).
*
* - The lx_thunk server process will exit when the client process
* that it's handling requests for exists. (ie, when there are no
* more open file handles to the doors server.)
*/
#include <assert.h>
#include <door.h>
#include <errno.h>
#include <libproc.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <sys/lx_debug.h>
#include <sys/lx_thread.h>
#include <sys/lx_thunk_server.h>
#include <thread.h>
#include <unistd.h>
/*
* Generic interfaces used for looking up and calling Linux functions.
*/
typedef struct __lx_handle_dlsym *lx_handle_dlsym_t;
typedef struct __lx_handle_sym *lx_handle_sym_t;
/*
* Flag indicating if this process is destined to become a thunking
* server process.
*/
static int lxt_server_processes = 0;
/*
* Linux function call defines and handles.
*/
#define LXTH_GETHOSTBYNAME_R 0
#define LXTH_GETHOSTBYADDR_R 1
#define LXTH_GETSERVBYNAME_R 2
#define LXTH_GETSERVBYPORT_R 3
#define LXTH_OPENLOG 4
#define LXTH_SYSLOG 5
#define LXTH_CLOSELOG 6
#define LXTH_PROGNAME 7
static struct lxt_handles {
int lxth_index;
char *lxth_name;
} lxt_handles[] = {
};
/*
* Door server operations dispatch functions and table.
*
* When the doors server get's a request for a particlar operation
* this dispatch table controls what function will be invoked to
* service the request. The function is invoked via Linux thread
* so that it can call into native Linux code if necessary.
*/
static struct lxt_operations {
int lxto_index;
} lxt_operations[] = {
{ LXT_SERVER_OP_PING, NULL },
};
/*
* Structures for passing off requests from doors threads (which are
* solaris threads) to a Linux thread that that can handle them.
*/
typedef struct lxt_req {
char *lxtr_result;
int lxtr_complete;
} lxt_req_t;
/*
* Interfaces used to call from lx_brand.so into Linux code.
*/
typedef struct lookup_cb_arg {
struct ps_prochandle *lca_ph;
static int
/*ARGSUSED*/
{
return (0);
return (0);
/*
* XXX: we should be more paranoid and verify that the symbol
* we just looked up is libdl.so.2`dlsym
*/
return (1);
}
lx_call_init(void)
{
struct ps_prochandle *ph;
extern int __libc_threaded;
int err;
lx_debug("lx_call_init(): looking up Linux dlsym");
/*
* The handle is really the address of the Linux "dlsym" function.
* Once we have this address we can call into the Linux "dlsym"
* function to lookup other functions. It's the initial lookup
* of "dlsym" that's difficult. To do this we'll leverage the
* brand support that we added to librtld_db. We're going
* to fire up a seperate native solaris process that will
* attach to us via libproc/librtld_db and lookup the symbol
* for us.
*/
/* Make sure we're single threaded. */
if (__libc_threaded) {
lx_debug("lx_call_init() fail: "
"process must be single threaded");
return (NULL);
}
/* Tell libproc.so where the real procfs is mounted. */
Pset_procfs_path("/native/proc");
/* Tell librtld_db.so where the real /native is */
/* Grab ourselves but don't stop ourselves. */
lx_debug("lx_call_init() fail: Pgrab failed: %s",
Pgrab_error(err));
return (NULL);
}
lx_debug("lx_call_init() fail: couldn't find Linux dlsym");
return (NULL);
}
}
#define LX_RTLD_DEFAULT ((void *)0)
#define LX_RTLD_NEXT ((void *) -1l)
{
return (result);
}
static uintptr_t
/*ARGSUSED*/
{
long cur_gs;
rp = lx_syscall_regs();
lx_debug("lx_call: loading Linux gs, rp = 0x%p, gs = 0x%p",
return (ret);
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
{
}
/*
* Linux Thunking Interfaces - Server Side
*/
static int
{
return (-1);
if ((x->lxt_gh_token_len < 0) || (x->lxt_gh_buf_len < 0))
return (-1);
/* Token and buf should use up all the storage. */
return (-1);
return (0);
}
static void
{
int h_errnop;
/*LINTED*/
lx_debug("lxt_server_gethost: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
/* Unpack the arguments. */
} else {
}
/* the lookup failed */
request->lxt_sa_success = 0;
*door_result = (char *)request;
return;
}
request->lxt_sa_errno = 0;
data->lxt_gh_h_errno = 0;
/*
* The result structure that we would normally return contains a
* bunch of pointers, but those pointers are useless to our caller
* since they are in a different address space. So before returning
* we'll convert all the result pointers into offsets. The caller
* can then map the offsets back into pointers.
*/
}
result->h_addr_list[i] =
}
*door_result = (char *)request;
}
static int
{
return (-1);
if ((x->lxt_gs_token_len < 0) || (x->lxt_gs_buf_len < 0))
return (-1);
/* Token and buf should use up all the storage. */
return (-1);
return (0);
}
static void
{
/*LINTED*/
lx_debug("lxt_server_getserv: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
/* Unpack the arguments. */
/* Do more sanity checks */
(token_len != sizeof (int))) {
lx_debug("lxt_server_getserv: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
} else {
}
/* the lookup failed */
request->lxt_sa_success = 0;
*door_result = (char *)request;
return;
}
request->lxt_sa_errno = 0;
/*
* The result structure that we would normally return contains a
* bunch of pointers, but those pointers are useless to our caller
* since they are in a different address space. So before returning
* we'll convert all the result pointers into offsets. The caller
* can then map the offsets back into pointers.
*/
}
*door_result = (char *)request;
}
static void
/*ARGSUSED*/
{
int data_size;
static char ident[128];
/*LINTED*/
lx_debug("lxt_server_openlog: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
/*
* Linux expects that the ident pointer passed to openlog()
* points to a static string that won't go away. Linux
* saves the pointer and references with syslog() is called.
* Hence we'll make a local copy of the ident string here.
*/
(void) mutex_lock(&lxt_pid_lock);
(void) mutex_unlock(&lxt_pid_lock);
/* Call Linx openlog(). */
request->lxt_sa_errno = 0;
*door_result = (char *)request;
}
static void
/*ARGSUSED*/
{
int data_size;
char *progname_ptr_new;
char *progname_ptr_old;
/*LINTED*/
lx_debug("lxt_server_openlog: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
(void) mutex_lock(&lxt_pid_lock);
/*
* Ensure the message has the correct pid.
* We do this by telling our getpid() system call to return a
* different value.
*/
/*
* Ensure the message has the correct program name.
* Normally instead of a program name an "ident" string is
* used, this is the string passed to openlog(). But if
* openlog() wasn't called before syslog() then Linux
* syslog() will attempt to use the program name as
* the ident string, and the program name is determined
* by looking at the __progname variable. So we'll just
* update the Linux __progname variable while we do the
* call.
*/
&progname_ptr_old, sizeof (char *));
(void) uucopy(&progname_ptr_new,
/* Call Linux syslog(). */
/* Restore pid and program name. */
(void) uucopy(&progname_ptr_old,
(void) mutex_unlock(&lxt_pid_lock);
request->lxt_sa_errno = 0;
*door_result = (char *)request;
}
static void
/*ARGSUSED*/
{
int data_size;
if (data_size != 0) {
lx_debug("lxt_server_closelog: invalid request");
*door_result = NULL;
*door_result_size = 0;
return;
}
/* Call Linux closelog(). */
request->lxt_sa_errno = 0;
*door_result = (char *)request;
}
static void
/*ARGSUSED*/
{
/*LINTED*/
/* Check if there's no callers left */
if (argp == DOOR_UNREF_DATA) {
lx_debug("lxt_thunk_server: no clients, exiting");
exit(0);
}
/* Sanity check the incomming request. */
if (request_size < sizeof (*request)) {
/* the lookup failed */
lx_debug("lxt_thunk_server: invalid request size");
return;
}
lx_debug("lxt_thunk_server: invalid request op");
return;
}
/* Handle ping requests immediatly, return here. */
lx_debug("lxt_thunk_server: handling ping request");
return;
}
lx_debug("lxt_thunk_server: hand off request to Linux thread, "
"request = 0x%p", request);
/* Pack the request up so we can pass it to a Linux thread. */
lxt_req.lxtr_result_size = 0;
lxt_req.lxtr_complete = 0;
/* Pass the request onto a Linux thread. */
(void) mutex_lock(&lxt_req_lock);
while (lxt_req_ptr != NULL)
lxt_req_ptr = &lxt_req;
(void) cond_broadcast(&lxt_req_cv);
/* Wait for the request to be completed. */
while (lxt_req.lxtr_complete == 0)
(void) mutex_unlock(&lxt_req_lock);
lx_debug("lxt_thunk_server: hand off request completed, "
"request = 0x%p", request);
/*
* If door_return() is successfull it never returns, so if we made
* it here there was some kind of error, but there's nothing we can
* really do about it.
*/
(void) door_return(
}
static void
lxt_server_loop(void)
{
char *door_result;
for (;;) {
/* Wait for a request from a doors server thread. */
(void) mutex_lock(&lxt_req_lock);
while (lxt_req_ptr == NULL)
/* We got a request, get a local pointer to it. */
lxt_req_ptr = NULL;
(void) cond_broadcast(&lxt_req_cv);
(void) mutex_unlock(&lxt_req_lock);
/* Get a pointer to the request. */
lx_debug("lxt_server_loop: Linux thread request recieved, "
"request = %p", request);
/* Dispatch the request. */
lx_debug("lxt_server_loop: Linux thread request completed, "
"request = %p", request);
(void) mutex_lock(&lxt_req_lock);
/* Set the result pointers for the calling door thread. */
/* Let the door thread know we're done. */
(void) mutex_unlock(&lxt_req_lock);
}
/*NOTREACHED*/
}
static void
{
char door_path[MAXPATHLEN];
/*
* Do some sanity checks. Make sure we've got the fifos
* we need passed to us on the correct file descriptors.
*/
lx_err("lx_thunk server aborting, can't contact parent");
exit(-1);
}
/*
* Get the initial Linux call handle so we can invoke other
* Linux calls.
*/
lxh_init = lx_call_init();
lx_err("lx_thunk server aborting, failed Linux call init");
exit(-1);
}
/* Now lookup other Linux symbols we'll need access to. */
lx_err("lx_thunk server aborting, "
"failed Linux symbol lookup: %s",
lxt_handles[i].lxth_name);
exit(-1);
}
}
/* get the path to the door server */
lx_err("lxt_server_enter: failed to get door path");
exit(-1);
}
/* Create the door server. */
lx_err("lxt_server_enter: door_create() failed");
exit(-1);
}
/* Attach the door to a file system path. */
lx_err("lxt_server_enter: fattach() failed");
exit(-1);
}
/* The door server is ready, signal this via a fifo write */
lx_debug("lxt_server_enter: doors server initialized");
/*NOTREACHED*/
}
void
lxt_server_exec_check(void)
{
if (lxt_server_processes == 0)
return;
/*
* We're a thunk server process, so we take over control of
* the current Linux process here.
*/
lx_debug("lx_thunk server initalization starting");
/*NOTREACHED*/
}
void
{
/*
* The thunk server process is a shell script named LXT_SERVER_BINARY.
* It is executed without any parameters. Since it's a shell script
* the arguments passed to the shell's main entry point are:
* 1) the name of the shell
* 2) the name of the script to execute
*
* So to check if we're the thunk server process we first check
* for the expected number of arduments and then we'll look at
* the second parameter to see if it's LXT_SERVER_BINARY.
*/
if ((argc != 2) ||
return;
lxt_server_processes = 1;
lx_debug("lx_thunk server detected, delaying initalization");
}
int
lxt_server_pid(int *pid)
{
if (lxt_server_processes == 0)
return (0);
return (1);
}