zcons.c revision 6a1b30f3171ff1867501ed5f85f64f65448299a4
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Zone Console Driver.
*
* for system zones. Its implementation is straightforward. Each instance
* of the driver represents a global-zone/local-zone pair (this maps in a
* straightforward way to the commonly used terminal notion of "master side"
* and "slave side", and we use that terminology throughout).
*
* by zoneadmd in userland, using the devctl framework; thus the driver
* does not need to maintain any sort of "admin" node.
*
* The driver shuttles I/O from master side to slave side and back. In a break
* it will simply be discarded. This is so that if zoneadmd is not holding
* the master side console open (i.e. it has died somehow), processes in
* the zone do not experience any errors and I/O to the console does not
* hang.
*
* TODO: we may want to revisit the other direction; i.e. we may want
* zoneadmd to be able to detect whether no zone processes are holding the
* console open, an unusual situation.
*
*
*
* MASTER SIDE IOCTLS
*
* The ZC_HOLDSLAVE and ZC_RELEASESLAVE ioctls instruct the master side of the
* console to hold and release a reference to the slave side's vnode. They are
* meant to be issued by zoneadmd after the console device node is created and
* before it is destroyed so that the slave's STREAMS anchor, ptem, is
* preserved when ttymon starts popping STREAMS modules from within the
* associated zone. This guarantees that the zone console will always have
* terminal semantics while the zone is running.
*
* Here is the issue: the ptem module is anchored in the zone console
* (slave side) so that processes within the associated non-global zone will
* fail to pop it off, thus ensuring that the slave will retain terminal
* semantics. When a process attempts to pop the anchor off of a stream, the
* STREAMS subsystem checks whether the calling process' zone is the same as
* that of the process that pushed the anchor onto the stream and cancels the
* pop if they differ. zoneadmd used to hold an open file descriptor for the
* slave while the associated non-global zone ran, thus ensuring that the
* slave's STREAMS anchor would never be popped from within the non-global zone
* (because zoneadmd runs in the global zone). However, this file descriptor
* was removed to make zone console management more robust. sad(7D) is now
* used to automatically set up the slave's STREAMS modules when the zone
* console is freshly opened within the associated non-global zone. However,
* when a process within the non-global zone freshly opens the zone console, the
* anchor is pushed from within the non-global zone, making it possible for
* processes within the non-global zone (e.g., ttymon) to pop the anchor and
* destroy the zone console's terminal semantics.
*
* One solution is to make the zcons device hold the slave open while the
* associated non-global zone runs so that the STREAMS anchor will always be
* associated with the global zone. Unfortunately, the slave cannot be opened
* from within the zcons driver because the driver is not reentrant: it has
* an outer STREAMS perimeter. Therefore, the next best option is for zcons to
* provide an ioctl interface to zoneadmd to manage holding and releasing
* the slave side of the console. It is sufficient to hold the slave side's
* vnode and bump the associated snode's reference count to preserve the slave's
* STREAMS configuration while the associated zone runs, so that's what the
* ioctls do.
*
*
* ZC_HOLDSLAVE
*
* This ioctl takes a file descriptor as an argument. It effectively gets a
* reference to the slave side's minor node's vnode and bumps the associated
* snode's reference count. The vnode reference is stored in the zcons device
* node's soft state. This ioctl succeeds if the given file descriptor refers
* to the slave side's minor node or if there is already a reference to the
* slave side's minor node's vnode in the device's soft state.
*
*
* ZC_RELEASESLAVE
*
* This ioctl takes a file descriptor as an argument. It effectively releases
* the vnode reference stored in the zcons device node's soft state (which was
* previously acquired via ZC_HOLDSLAVE) and decrements the reference count of
* the snode associated with the vnode. This ioctl succeeds if the given file
* descriptor refers to the slave side's minor node or if no reference to the
* slave side's minor node's vnode is stored in the device's soft state.
*
*
* Note that the file descriptor arguments for both ioctls must be cast to
* integers of pointer width.
*
* Here's how the dance between zcons and zoneadmd works:
*
* Zone boot:
* 1. While booting the zone, zoneadmd creates an instance of zcons.
* 2. zoneadmd opens the master and slave sides of the new zone console
* and issues the ZC_HOLDSLAVE ioctl on the master side, passing its
* file descriptor for the slave side as the ioctl argument.
* 3. zcons holds the slave side's vnode, bumps the snode's reference
* count, and stores a pointer to the vnode in the device's soft
* state.
* 4. zoneadmd closes the master and slave sides and continues to boot
* the zone.
*
* Zone halt:
* 1. While halting the zone, zoneadmd opens the master and slave sides
* of the zone's console and issues the ZC_RELEASESLAVE ioctl on the
* master side, passing its file descriptor for the slave side as the
* ioctl argument.
* 2. zcons decrements the slave side's snode's reference count, releases
* the slave's vnode, and eliminates its reference to the vnode in the
* device's soft state.
* 3. zoneadmd closes the master and slave sides.
* 4. zoneadmd destroys the zcons device and continues to halt the zone.
*
* It is necessary for zoneadmd to hold the slave open while issuing
* ZC_RELEASESLAVE because zcons might otherwise release the last reference to
* the slave's vnode. If it does, then specfs will panic because it will expect
* that the STREAMS configuration for the vnode was destroyed, which VN_RELE
* doesn't do. Forcing zoneadmd to hold the slave open guarantees that zcons
* won't release the vnode's last reference. zoneadmd will properly destroy the
* vnode and the snode when it closes the file descriptor.
*
* Technically, any process that can access the master side can issue these
* ioctls, but they should be treated as private interfaces for zoneadmd.
*/
#include <sys/sysmacros.h>
/*
* The instance number is encoded in the dev_t in the minor number; the lowest
* bit of the minor number is used to track the master vs. slave side of the
* virtual console. The rest of the bits in the minor number are the instance.
*/
#define ZC_MASTER_MINOR 0
#define ZC_SLAVE_MINOR 1
/*
* This macro converts a zc_state_t pointer to the associated slave minor node's
* dev_t.
*/
int zcons_debug = 0;
/*
* Zone Console Pseudo Terminal Module: stream data structure definitions
*/
static struct module_info zc_info = {
31337, /* c0z we r hAx0rs */
"zcons",
0,
2048,
128
};
NULL,
(int (*)()) zc_rsrv,
NULL,
&zc_info,
};
(int (*)()) zc_wput,
(int (*)()) zc_wsrv,
NULL,
NULL,
NULL,
&zc_info,
};
static struct streamtab zc_tab_info = {
&zc_rinit,
&zc_winit,
NULL,
};
/*
* this will define (struct cb_ops cb_zc_ops) and (struct dev_ops zc_ops)
*/
/*
* Module linkage information for the kernel.
*/
&mod_driverops, /* Type of module (this is a pseudo driver) */
"Zone console driver", /* description of module */
&zc_ops /* driver ops */
};
static struct modlinkage modlinkage = {
&modldrv,
};
typedef struct zc_state {
int zc_state;
} zc_state_t;
#define ZC_STATE_MOPEN 0x01
#define ZC_STATE_SOPEN 0x02
static void *zc_soft_state;
/*
* List of STREAMS modules that should be pushed onto every slave instance.
*/
static char *zcons_mods[] = {
"ptem",
"ldterm",
"ttcompat",
};
int
_init(void)
{
int err;
sizeof (zc_state_t), 0)) != 0) {
return (err);
}
return (err);
}
int
_fini(void)
{
int err;
return (err);
}
return (0);
}
int
{
}
static int
{
int instance;
if (cmd != DDI_ATTACH)
return (DDI_FAILURE);
return (DDI_FAILURE);
/*
* Create the master and slave minor nodes.
*/
return (DDI_FAILURE);
}
return (DDI_SUCCESS);
}
static int
{
int instance;
if (cmd != DDI_DETACH)
return (DDI_FAILURE);
return (DDI_FAILURE);
return (DDI_FAILURE);
}
return (DDI_SUCCESS);
}
/*
* zc_getinfo()
* getinfo(9e) entrypoint.
*/
/*ARGSUSED*/
static int
{
switch (infocmd) {
case DDI_INFO_DEVT2DEVINFO:
return (DDI_FAILURE);
return (DDI_SUCCESS);
case DDI_INFO_DEVT2INSTANCE:
return (DDI_SUCCESS);
}
return (DDI_FAILURE);
}
/*
* Return the equivalent queue from the other side of the relationship.
* e.g.: given the slave's write queue, return the master's write queue.
*/
static queue_t *
{
return (zcs->zc_slave_rdq);
return (zcs->zc_master_rdq);
else
return (NULL);
}
/*
* For debugging and outputting messages. Returns the name of the side of
* the relationship associated with this queue.
*/
static const char *
{
return ("master");
}
return ("slave");
}
/*ARGSUSED*/
static int
int oflag, /* the user open(2) supplied flags */
int sflag, /* open state flag */
{
struct stroptions *sop;
/*
* Enforce exclusivity on the master side; the only consumer should
* be the zoneadmd for the zone.
*/
return (EBUSY);
DBG("zc_master_open(): mop allocation failed\n");
return (ENOMEM);
}
/*
* q_ptr stores driver private data; stash the soft state data on both
* read and write sides of the queue.
*/
/*
* Following qprocson(), the master side is fully plumbed into the
* will allow the slave to send messages to us (the master).
* This cannot occur before qprocson() because the master is not
* ready to process them until that point.
*/
/*
* controlling tty as needed.
*/
else
return (0);
}
/*ARGSUSED*/
static int
int oflag, /* the user open(2) supplied flags */
int sflag, /* open state flag */
{
struct stroptions *sop;
/*
* The slave side can be opened as many times as needed.
*/
return (0);
}
/*
* Set up sad(7D) so that the necessary STREAMS modules will be in
* place. A wrinkle is that 'ptem' must be anchored
* in place (see streamio(7i)) because we always want the console to
* have terminal semantics.
*/
lastminor = 0;
anchorindex = 1;
&anchorindex, zcons_mods) != 0) {
DBG("zc_slave_open(): kstr_autopush() failed\n");
return (EIO);
}
DBG("zc_slave_open(): mop allocation failed\n");
return (ENOMEM);
}
/*
* q_ptr stores driver private data; stash the soft state data on both
* read and write sides of the queue.
*/
/*
* Must follow qprocson(), since we aren't ready to process until then.
*/
/*
* controlling tty as needed.
*/
return (0);
}
/*
* open(9e) entrypoint; checks sflag, and rejects anything unordinary.
*/
static int
int oflag, /* the user open(2) supplied flags */
int sflag, /* open state flag */
{
int ret;
if (sflag != 0)
return (EINVAL);
return (ENXIO);
case ZC_MASTER_MINOR:
break;
case ZC_SLAVE_MINOR:
break;
default:
break;
}
return (ret);
}
/*
* close(9e) entrypoint.
*/
/*ARGSUSED1*/
static int
{
DBG("Closing master side");
/*
* qenable slave side write queue so that it can flush
* its messages as master's read queue is going away
*/
}
DBG("Closing slave side");
else
}
/*
* Qenable master side write queue so that it can flush its
* messages as slaves's read queue is going away.
*/
/*
* Clear the sad configuration so that reopening doesn't fail
* to set up sad configuration.
*/
NULL);
}
return (0);
}
static void
{
/*
* FLUSHW only. Change to FLUSHR and putnext other side,
* then we are done.
*/
return;
}
/*
* It is a FLUSHRW; we copy the mblk and send
* it to the other side, since we still need to use
* the mblk in FLUSHR processing, below.
*/
}
}
DBG("qreply(qp) turning FLUSHR around\n");
return;
}
}
/*
* wput(9E) is symmetric for master and slave sides, so this handles both
* without splitting the codepath. (The only exception to this is the
* processing of zcons ioctls, which is restricted to the master side.)
*
* zc_wput() looks at the other side; if there is no process holding that
* side open, it frees the message. This prevents processes from hanging
* if no one is holding open the console. Otherwise, it putnext's high
* priority messages, putnext's normal messages if possible, and otherwise
* enqueues the messages; in the case that something is enqueued, wsrv(9E)
* will take care of eventually shuttling I/O to the other side.
*/
static void
{
struct snode *slave_snodep;
int slave_fd;
/*
* Process zcons ioctl messages if qp is the master console's write
* queue.
*/
case ZC_HOLDSLAVE:
/*
* Hold the slave's vnode and increment the refcount
* of the snode. If the vnode is already held, then
* indicate success.
*/
return;
}
return;
}
/*
* The process that passed the ioctl must be running in
* the global zone.
*/
if (curzone != global_zone) {
return;
}
/*
* The calling process must pass a file descriptor for
* the slave device.
*/
slave_fd =
if (slave_filep == NULL) {
return;
}
if (ZC_STATE_TO_SLAVEDEV(zcs) !=
return;
}
/*
* Get a reference to the slave's vnode. Also bump the
* reference count on the associated snode.
*/
spec_getvnodeops()));
++slave_snodep->s_count;
return;
case ZC_RELEASESLAVE:
/*
* Release the master's handle on the slave's vnode.
* If there isn't a handle for the vnode, then indicate
* success.
*/
return;
}
return;
}
/*
* The process that passed the ioctl must be running in
* the global zone.
*/
if (curzone != global_zone) {
return;
}
/*
* The process that passed the ioctl must have provided
* a file descriptor for the slave device. Make sure
* this is correct.
*/
slave_fd =
if (slave_filep == NULL) {
return;
}
return;
}
/*
* Decrement the snode's reference count and release the
* vnode.
*/
spec_getvnodeops()));
--slave_snodep->s_count;
return;
default:
break;
}
}
switch (type) {
case M_FLUSH:
break;
case M_IOCTL:
break;
default:
break;
}
return;
}
switch (type) {
case M_READ: /* supposedly from ldterm? */
DBG("zc_wput: tossing M_READ\n");
break;
case M_FLUSH:
break;
default:
/*
* Put this to the other side.
*/
break;
}
return;
}
/*
* Only putnext if there isn't already something in the queue.
* otherwise things would wind up out of order.
*/
DBG("wput: putting message to other side\n");
} else {
DBG("wput: putting msg onto queue\n");
}
}
/*
* rsrv(9E) is symmetric for master and slave, so zc_rsrv() handles both
* without splitting up the codepath.
*
* Enable the write side of the partner. This triggers the partner to send
* messages queued on its write side to this queue's read side.
*/
static void
{
/*
* Care must be taken here, as either of the master or slave side
* qptr could be NULL.
*/
DBG("zc_rsrv: other side isn't listening\n");
return;
}
}
/*
* This routine is symmetric for master and slave, so it handles both without
* splitting up the codepath.
*
* If there are messages on this queue that can be sent to the other, send
* them via putnext(). Else, if queued messages cannot be sent, leave them
* on this queue.
*/
static void
{
/*
* Partner has no read queue, so take the data, and throw it away.
*/
DBG("zc_wsrv: other side isn't listening");
else
}
return;
}
/*
* while there are messages on this write queue...
*/
/*
* Due to the way zc_wput is implemented, we should never
* see a control message here.
*/
DBG("wsrv: send message to other side\n");
} else {
DBG("wsrv: putting msg back on queue\n");
break;
}
}
}