]>
Commit | Line | Data |
---|---|---|
d093b62c LP |
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
2 | ||
3 | #include <sys/wait.h> | |
4 | ||
5 | #include "sd-daemon.h" | |
6 | ||
7 | #include "fd-util.h" | |
8 | #include "fs-util.h" | |
9 | #include "mkdir.h" | |
10 | #include "process-util.h" | |
11 | #include "set.h" | |
12 | #include "signal-util.h" | |
13 | #include "socket-util.h" | |
14 | #include "stdio-util.h" | |
15 | #include "umask-util.h" | |
16 | #include "userdbd-manager.h" | |
17 | ||
18 | #define LISTEN_TIMEOUT_USEC (25 * USEC_PER_SEC) | |
19 | ||
20 | static int start_workers(Manager *m, bool explicit_request); | |
21 | ||
22 | static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { | |
23 | Manager *m = userdata; | |
24 | ||
25 | assert(s); | |
26 | assert(m); | |
27 | ||
28 | for (;;) { | |
29 | siginfo_t siginfo = {}; | |
30 | bool removed = false; | |
31 | ||
32 | if (waitid(P_ALL, 0, &siginfo, WNOHANG|WEXITED) < 0) { | |
33 | if (errno == ECHILD) | |
34 | break; | |
35 | ||
36 | log_warning_errno(errno, "Failed to invoke waitid(): %m"); | |
37 | break; | |
38 | } | |
39 | if (siginfo.si_pid == 0) | |
40 | break; | |
41 | ||
42 | if (set_remove(m->workers_dynamic, PID_TO_PTR(siginfo.si_pid))) | |
43 | removed = true; | |
44 | if (set_remove(m->workers_fixed, PID_TO_PTR(siginfo.si_pid))) | |
45 | removed = true; | |
46 | ||
47 | if (!removed) { | |
48 | log_warning("Weird, got SIGCHLD for unknown child " PID_FMT ", ignoring.", siginfo.si_pid); | |
49 | continue; | |
50 | } | |
51 | ||
52 | if (siginfo.si_code == CLD_EXITED) { | |
53 | if (siginfo.si_status == EXIT_SUCCESS) | |
54 | log_debug("Worker " PID_FMT " exited successfully.", siginfo.si_pid); | |
55 | else | |
56 | log_warning("Worker " PID_FMT " died with a failure exit status %i, ignoring.", siginfo.si_pid, siginfo.si_status); | |
57 | } else if (siginfo.si_code == CLD_KILLED) | |
58 | log_warning("Worker " PID_FMT " was killed by signal %s, ignoring.", siginfo.si_pid, signal_to_string(siginfo.si_status)); | |
59 | else if (siginfo.si_code == CLD_DUMPED) | |
60 | log_warning("Worker " PID_FMT " dumped core by signal %s, ignoring.", siginfo.si_pid, signal_to_string(siginfo.si_status)); | |
61 | else | |
62 | log_warning("Can't handle SIGCHLD of this type"); | |
63 | } | |
64 | ||
65 | (void) start_workers(m, false); /* Fill up workers again if we fell below the low watermark */ | |
66 | return 0; | |
67 | } | |
68 | ||
69 | static int on_sigusr2(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { | |
70 | Manager *m = userdata; | |
71 | ||
72 | assert(s); | |
73 | assert(m); | |
74 | ||
75 | (void) start_workers(m, true); /* Workers told us there's more work, let's add one more worker as long as we are below the high watermark */ | |
76 | return 0; | |
77 | } | |
78 | ||
79 | int manager_new(Manager **ret) { | |
b44b735a | 80 | _cleanup_(manager_freep) Manager *m = NULL; |
d093b62c LP |
81 | int r; |
82 | ||
83 | m = new(Manager, 1); | |
84 | if (!m) | |
85 | return -ENOMEM; | |
86 | ||
87 | *m = (Manager) { | |
88 | .listen_fd = -1, | |
89 | .worker_ratelimit = { | |
90 | .interval = 5 * USEC_PER_SEC, | |
91 | .burst = 50, | |
92 | }, | |
93 | }; | |
94 | ||
95 | r = sd_event_new(&m->event); | |
96 | if (r < 0) | |
97 | return r; | |
98 | ||
99 | r = sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL); | |
100 | if (r < 0) | |
101 | return r; | |
102 | ||
103 | r = sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL); | |
104 | if (r < 0) | |
105 | return r; | |
106 | ||
107 | (void) sd_event_set_watchdog(m->event, true); | |
108 | ||
109 | m->workers_fixed = set_new(NULL); | |
110 | m->workers_dynamic = set_new(NULL); | |
111 | ||
112 | if (!m->workers_fixed || !m->workers_dynamic) | |
113 | return -ENOMEM; | |
114 | ||
115 | r = sd_event_add_signal(m->event, &m->sigusr2_event_source, SIGUSR2, on_sigusr2, m); | |
116 | if (r < 0) | |
117 | return r; | |
118 | ||
119 | r = sd_event_add_signal(m->event, &m->sigchld_event_source, SIGCHLD, on_sigchld, m); | |
120 | if (r < 0) | |
121 | return r; | |
122 | ||
123 | *ret = TAKE_PTR(m); | |
124 | return 0; | |
125 | } | |
126 | ||
127 | Manager* manager_free(Manager *m) { | |
128 | if (!m) | |
129 | return NULL; | |
130 | ||
131 | set_free(m->workers_fixed); | |
132 | set_free(m->workers_dynamic); | |
133 | ||
134 | sd_event_source_disable_unref(m->sigusr2_event_source); | |
135 | sd_event_source_disable_unref(m->sigchld_event_source); | |
136 | ||
137 | sd_event_unref(m->event); | |
138 | ||
139 | return mfree(m); | |
140 | } | |
141 | ||
142 | static size_t manager_current_workers(Manager *m) { | |
143 | assert(m); | |
144 | ||
145 | return set_size(m->workers_fixed) + set_size(m->workers_dynamic); | |
146 | } | |
147 | ||
148 | static int start_one_worker(Manager *m) { | |
149 | bool fixed; | |
150 | pid_t pid; | |
151 | int r; | |
152 | ||
153 | assert(m); | |
154 | ||
155 | fixed = set_size(m->workers_fixed) < USERDB_WORKERS_MIN; | |
156 | ||
157 | r = safe_fork("(sd-worker)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); | |
158 | if (r < 0) | |
159 | return log_error_errno(r, "Failed to fork new worker child: %m"); | |
160 | if (r == 0) { | |
161 | char pids[DECIMAL_STR_MAX(pid_t)]; | |
162 | /* Child */ | |
163 | ||
164 | log_close(); | |
165 | ||
166 | r = close_all_fds(&m->listen_fd, 1); | |
167 | if (r < 0) { | |
168 | log_error_errno(r, "Failed to close fds in child: %m"); | |
169 | _exit(EXIT_FAILURE); | |
170 | } | |
171 | ||
172 | log_open(); | |
173 | ||
174 | if (m->listen_fd == 3) { | |
175 | r = fd_cloexec(3, false); | |
176 | if (r < 0) { | |
177 | log_error_errno(r, "Failed to turn off O_CLOEXEC for fd 3: %m"); | |
178 | _exit(EXIT_FAILURE); | |
179 | } | |
180 | } else { | |
181 | if (dup2(m->listen_fd, 3) < 0) { /* dup2() creates with O_CLOEXEC off */ | |
182 | log_error_errno(errno, "Failed to move listen fd to 3: %m"); | |
183 | _exit(EXIT_FAILURE); | |
184 | } | |
185 | ||
186 | safe_close(m->listen_fd); | |
187 | } | |
188 | ||
189 | xsprintf(pids, PID_FMT, pid); | |
190 | if (setenv("LISTEN_PID", pids, 1) < 0) { | |
191 | log_error_errno(errno, "Failed to set $LISTEN_PID: %m"); | |
192 | _exit(EXIT_FAILURE); | |
193 | } | |
194 | ||
195 | if (setenv("LISTEN_FDS", "1", 1) < 0) { | |
196 | log_error_errno(errno, "Failed to set $LISTEN_FDS: %m"); | |
197 | _exit(EXIT_FAILURE); | |
198 | } | |
199 | ||
200 | ||
201 | if (setenv("USERDB_FIXED_WORKER", one_zero(fixed), 1) < 0) { | |
202 | log_error_errno(errno, "Failed to set $USERDB_FIXED_WORKER: %m"); | |
203 | _exit(EXIT_FAILURE); | |
204 | } | |
205 | ||
206 | /* execl("/home/lennart/projects/systemd/build/systemd-userwork", "systemd-userwork", "xxxxxxxxxxxxxxxx", NULL); /\* With some extra space rename_process() can make use of *\/ */ | |
207 | /* execl("/usr/bin/valgrind", "valgrind", "/home/lennart/projects/systemd/build/systemd-userwork", "systemd-userwork", "xxxxxxxxxxxxxxxx", NULL); /\* With some extra space rename_process() can make use of *\/ */ | |
208 | ||
209 | execl(SYSTEMD_USERWORK_PATH, "systemd-userwork", "xxxxxxxxxxxxxxxx", NULL); /* With some extra space rename_process() can make use of */ | |
210 | log_error_errno(errno, "Failed start worker process: %m"); | |
211 | _exit(EXIT_FAILURE); | |
212 | } | |
213 | ||
214 | if (fixed) | |
215 | r = set_put(m->workers_fixed, PID_TO_PTR(pid)); | |
216 | else | |
217 | r = set_put(m->workers_dynamic, PID_TO_PTR(pid)); | |
218 | if (r < 0) | |
219 | return log_error_errno(r, "Failed to add child process to set: %m"); | |
220 | ||
221 | return 0; | |
222 | } | |
223 | ||
224 | static int start_workers(Manager *m, bool explicit_request) { | |
225 | int r; | |
226 | ||
227 | assert(m); | |
228 | ||
229 | for (;;) { | |
230 | size_t n; | |
231 | ||
232 | n = manager_current_workers(m); | |
233 | if (n >= USERDB_WORKERS_MIN && (!explicit_request || n >= USERDB_WORKERS_MAX)) | |
234 | break; | |
235 | ||
236 | if (!ratelimit_below(&m->worker_ratelimit)) { | |
237 | /* If we keep starting workers too often, let's fail the whole daemon, something is wrong */ | |
238 | sd_event_exit(m->event, EXIT_FAILURE); | |
239 | ||
240 | return log_error_errno(SYNTHETIC_ERRNO(EUCLEAN), "Worker threads requested too frequently, something is wrong."); | |
241 | } | |
242 | ||
243 | r = start_one_worker(m); | |
244 | if (r < 0) | |
245 | return r; | |
246 | ||
247 | explicit_request = false; | |
248 | } | |
249 | ||
250 | return 0; | |
251 | } | |
252 | ||
253 | int manager_startup(Manager *m) { | |
254 | struct timeval ts; | |
255 | int n, r; | |
256 | ||
257 | assert(m); | |
258 | assert(m->listen_fd < 0); | |
259 | ||
260 | n = sd_listen_fds(false); | |
261 | if (n < 0) | |
262 | return log_error_errno(n, "Failed to determine number of passed file descriptors: %m"); | |
263 | if (n > 1) | |
264 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Expected one listening fd, got %i.", n); | |
265 | if (n == 1) | |
266 | m->listen_fd = SD_LISTEN_FDS_START; | |
267 | else { | |
425d925f ZJS |
268 | union sockaddr_union sockaddr = { |
269 | .un.sun_family = AF_UNIX, | |
270 | .un.sun_path = "/run/systemd/userdb/io.systemd.NameServiceSwitch", | |
271 | }; | |
d093b62c LP |
272 | |
273 | r = mkdir_p("/run/systemd/userdb", 0755); | |
274 | if (r < 0) | |
275 | return log_error_errno(r, "Failed to create /run/systemd/userdb: %m"); | |
276 | ||
277 | m->listen_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); | |
278 | if (m->listen_fd < 0) | |
279 | return log_error_errno(errno, "Failed to bind on socket: %m"); | |
280 | ||
281 | (void) sockaddr_un_unlink(&sockaddr.un); | |
282 | ||
283 | RUN_WITH_UMASK(0000) | |
284 | if (bind(m->listen_fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) | |
285 | return log_error_errno(errno, "Failed to bind socket: %m"); | |
286 | ||
287 | r = symlink_idempotent("io.systemd.NameServiceSwitch", "/run/systemd/userdb/io.systemd.Multiplexer", false); | |
288 | if (r < 0) | |
289 | return log_error_errno(r, "Failed to bind io.systemd.Multiplexer: %m"); | |
290 | ||
291 | if (listen(m->listen_fd, SOMAXCONN) < 0) | |
292 | return log_error_errno(errno, "Failed to listen on socket: %m"); | |
293 | } | |
294 | ||
295 | /* Let's make sure every accept() call on this socket times out after 25s. This allows workers to be | |
296 | * GC'ed on idle */ | |
297 | if (setsockopt(m->listen_fd, SOL_SOCKET, SO_RCVTIMEO, timeval_store(&ts, LISTEN_TIMEOUT_USEC), sizeof(ts)) < 0) | |
298 | return log_error_errno(errno, "Failed to se SO_RCVTIMEO: %m"); | |
299 | ||
300 | return start_workers(m, false); | |
301 | } |