Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_shutdown.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1986, 1988, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD: releng/12.0/sys/kern/kern_shutdown.c 338214 2018-08-22 22:19:42Z cem $"); 41 42 #include "opt_ddb.h" 43 #include "opt_ekcd.h" 44 #include "opt_kdb.h" 45 #include "opt_panic.h" 46 #include "opt_sched.h" 47 #include "opt_watchdog.h" 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/bio.h> 52 #include <sys/buf.h> 53 #include <sys/conf.h> 54 #include <sys/compressor.h> 55 #include <sys/cons.h> 56 #include <sys/eventhandler.h> 57 #include <sys/filedesc.h> 58 #include <sys/jail.h> 59 #include <sys/kdb.h> 60 #include <sys/kernel.h> 61 #include <sys/kerneldump.h> 62 #include <sys/kthread.h> 63 #include <sys/ktr.h> 64 #include <sys/malloc.h> 65 #include <sys/mbuf.h> 66 #include <sys/mount.h> 67 #include <sys/priv.h> 68 #include <sys/proc.h> 69 #include <sys/reboot.h> 70 #include <sys/resourcevar.h> 71 #include <sys/rwlock.h> 72 #include <sys/sched.h> 73 #include <sys/smp.h> 74 #include <sys/sysctl.h> 75 #include <sys/sysproto.h> 76 #include <sys/taskqueue.h> 77 #include <sys/vnode.h> 78 #include <sys/watchdog.h> 79 80 #include <crypto/rijndael/rijndael-api-fst.h> 81 #include <crypto/sha2/sha256.h> 82 83 #include <ddb/ddb.h> 84 85 #include <machine/cpu.h> 86 #include <machine/dump.h> 87 #include <machine/pcb.h> 88 #include <machine/smp.h> 89 90 #include <security/mac/mac_framework.h> 91 92 #include <vm/vm.h> 93 #include <vm/vm_object.h> 94 #include <vm/vm_page.h> 95 #include <vm/vm_pager.h> 96 #include <vm/swap_pager.h> 97 98 #include <sys/signalvar.h> 99 100 static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); 101 102 #ifndef PANIC_REBOOT_WAIT_TIME 103 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 104 #endif 105 static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 106 SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 107 &panic_reboot_wait_time, 0, 108 "Seconds to wait before rebooting after a panic"); 109 110 /* 111 * Note that stdarg.h and the ANSI style va_start macro is used for both 112 * ANSI and traditional C compilers. 113 */ 114 #include <machine/stdarg.h> 115 116 #ifdef KDB 117 #ifdef KDB_UNATTENDED 118 int debugger_on_panic = 0; 119 #else 120 int debugger_on_panic = 1; 121 #endif 122 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 123 CTLFLAG_RWTUN | CTLFLAG_SECURE, 124 &debugger_on_panic, 0, "Run debugger on kernel panic"); 125 126 #ifdef KDB_TRACE 127 static int trace_on_panic = 1; 128 static bool trace_all_panics = true; 129 #else 130 static int trace_on_panic = 0; 131 static bool trace_all_panics = false; 132 #endif 133 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 134 CTLFLAG_RWTUN | CTLFLAG_SECURE, 135 &trace_on_panic, 0, "Print stack trace on kernel panic"); 136 SYSCTL_BOOL(_debug, OID_AUTO, trace_all_panics, CTLFLAG_RWTUN, 137 &trace_all_panics, 0, "Print stack traces on secondary kernel panics"); 138 #endif /* KDB */ 139 140 static int sync_on_panic = 0; 141 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 142 &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 143 144 static bool poweroff_on_panic = 0; 145 SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN, 146 &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic"); 147 148 static bool powercycle_on_panic = 0; 149 SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN, 150 &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic"); 151 152 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 153 "Shutdown environment"); 154 155 #ifndef DIAGNOSTIC 156 static int show_busybufs; 157 #else 158 static int show_busybufs = 1; 159 #endif 160 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 161 &show_busybufs, 0, ""); 162 163 int suspend_blocked = 0; 164 SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 165 &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 166 167 #ifdef EKCD 168 FEATURE(ekcd, "Encrypted kernel crash dumps support"); 169 170 MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); 171 172 struct kerneldumpcrypto { 173 uint8_t kdc_encryption; 174 uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; 175 keyInstance kdc_ki; 176 cipherInstance kdc_ci; 177 uint32_t kdc_dumpkeysize; 178 struct kerneldumpkey kdc_dumpkey[]; 179 }; 180 #endif 181 182 struct kerneldumpcomp { 183 uint8_t kdc_format; 184 struct compressor *kdc_stream; 185 uint8_t *kdc_buf; 186 size_t kdc_resid; 187 }; 188 189 static struct kerneldumpcomp *kerneldumpcomp_create(struct dumperinfo *di, 190 uint8_t compression); 191 static void kerneldumpcomp_destroy(struct dumperinfo *di); 192 static int kerneldumpcomp_write_cb(void *base, size_t len, off_t off, void *arg); 193 194 static int kerneldump_gzlevel = 6; 195 SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN, 196 &kerneldump_gzlevel, 0, 197 "Kernel crash dump compression level"); 198 199 /* 200 * Variable panicstr contains argument to first call to panic; used as flag 201 * to indicate that the kernel has already called panic. 202 */ 203 const char *panicstr; 204 205 int dumping; /* system is dumping */ 206 int rebooting; /* system is rebooting */ 207 static struct dumperinfo dumper; /* our selected dumper */ 208 209 /* Context information for dump-debuggers. */ 210 static struct pcb dumppcb; /* Registers. */ 211 lwpid_t dumptid; /* Thread ID. */ 212 213 static struct cdevsw reroot_cdevsw = { 214 .d_version = D_VERSION, 215 .d_name = "reroot", 216 }; 217 218 static void poweroff_wait(void *, int); 219 static void shutdown_halt(void *junk, int howto); 220 static void shutdown_panic(void *junk, int howto); 221 static void shutdown_reset(void *junk, int howto); 222 static int kern_reroot(void); 223 224 /* register various local shutdown events */ 225 static void 226 shutdown_conf(void *unused) 227 { 228 229 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 230 SHUTDOWN_PRI_FIRST); 231 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 232 SHUTDOWN_PRI_LAST + 100); 233 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 234 SHUTDOWN_PRI_LAST + 100); 235 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 236 SHUTDOWN_PRI_LAST + 200); 237 } 238 239 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 240 241 /* 242 * The only reason this exists is to create the /dev/reroot/ directory, 243 * used by reroot code in init(8) as a mountpoint for tmpfs. 244 */ 245 static void 246 reroot_conf(void *unused) 247 { 248 int error; 249 struct cdev *cdev; 250 251 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 252 &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 253 if (error != 0) { 254 printf("%s: failed to create device node, error %d", 255 __func__, error); 256 } 257 } 258 259 SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 260 261 /* 262 * The system call that results in a reboot. 263 */ 264 /* ARGSUSED */ 265 int 266 sys_reboot(struct thread *td, struct reboot_args *uap) 267 { 268 int error; 269 270 error = 0; 271 #ifdef MAC 272 error = mac_system_check_reboot(td->td_ucred, uap->opt); 273 #endif 274 if (error == 0) 275 error = priv_check(td, PRIV_REBOOT); 276 if (error == 0) { 277 if (uap->opt & RB_REROOT) 278 error = kern_reroot(); 279 else 280 kern_reboot(uap->opt); 281 } 282 return (error); 283 } 284 285 static void 286 shutdown_nice_task_fn(void *arg, int pending __unused) 287 { 288 int howto; 289 290 howto = (uintptr_t)arg; 291 /* Send a signal to init(8) and have it shutdown the world. */ 292 PROC_LOCK(initproc); 293 if (howto & RB_POWEROFF) 294 kern_psignal(initproc, SIGUSR2); 295 else if (howto & RB_POWERCYCLE) 296 kern_psignal(initproc, SIGWINCH); 297 else if (howto & RB_HALT) 298 kern_psignal(initproc, SIGUSR1); 299 else 300 kern_psignal(initproc, SIGINT); 301 PROC_UNLOCK(initproc); 302 } 303 304 static struct task shutdown_nice_task = TASK_INITIALIZER(0, 305 &shutdown_nice_task_fn, NULL); 306 307 /* 308 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 309 */ 310 void 311 shutdown_nice(int howto) 312 { 313 314 if (initproc != NULL && !SCHEDULER_STOPPED()) { 315 shutdown_nice_task.ta_context = (void *)(uintptr_t)howto; 316 taskqueue_enqueue(taskqueue_fast, &shutdown_nice_task); 317 } else { 318 /* 319 * No init(8) running, or scheduler would not allow it 320 * to run, so simply reboot. 321 */ 322 kern_reboot(howto | RB_NOSYNC); 323 } 324 } 325 326 static void 327 print_uptime(void) 328 { 329 int f; 330 struct timespec ts; 331 332 getnanouptime(&ts); 333 printf("Uptime: "); 334 f = 0; 335 if (ts.tv_sec >= 86400) { 336 printf("%ldd", (long)ts.tv_sec / 86400); 337 ts.tv_sec %= 86400; 338 f = 1; 339 } 340 if (f || ts.tv_sec >= 3600) { 341 printf("%ldh", (long)ts.tv_sec / 3600); 342 ts.tv_sec %= 3600; 343 f = 1; 344 } 345 if (f || ts.tv_sec >= 60) { 346 printf("%ldm", (long)ts.tv_sec / 60); 347 ts.tv_sec %= 60; 348 f = 1; 349 } 350 printf("%lds\n", (long)ts.tv_sec); 351 } 352 353 int 354 doadump(boolean_t textdump) 355 { 356 boolean_t coredump; 357 int error; 358 359 error = 0; 360 if (dumping) 361 return (EBUSY); 362 if (dumper.dumper == NULL) 363 return (ENXIO); 364 365 savectx(&dumppcb); 366 dumptid = curthread->td_tid; 367 dumping++; 368 369 coredump = TRUE; 370 #ifdef DDB 371 if (textdump && textdump_pending) { 372 coredump = FALSE; 373 textdump_dumpsys(&dumper); 374 } 375 #endif 376 if (coredump) 377 error = dumpsys(&dumper); 378 379 dumping--; 380 return (error); 381 } 382 383 /* 384 * Shutdown the system cleanly to prepare for reboot, halt, or power off. 385 */ 386 void 387 kern_reboot(int howto) 388 { 389 static int once = 0; 390 391 /* 392 * Normal paths here don't hold Giant, but we can wind up here 393 * unexpectedly with it held. Drop it now so we don't have to 394 * drop and pick it up elsewhere. The paths it is locking will 395 * never be returned to, and it is preferable to preclude 396 * deadlock than to lock against code that won't ever 397 * continue. 398 */ 399 while (mtx_owned(&Giant)) 400 mtx_unlock(&Giant); 401 402 #if defined(SMP) 403 /* 404 * Bind us to the first CPU so that all shutdown code runs there. Some 405 * systems don't shutdown properly (i.e., ACPI power off) if we 406 * run on another processor. 407 */ 408 if (!SCHEDULER_STOPPED()) { 409 thread_lock(curthread); 410 sched_bind(curthread, CPU_FIRST()); 411 thread_unlock(curthread); 412 KASSERT(PCPU_GET(cpuid) == CPU_FIRST(), 413 ("boot: not running on cpu 0")); 414 } 415 #endif 416 /* We're in the process of rebooting. */ 417 rebooting = 1; 418 419 /* We are out of the debugger now. */ 420 kdb_active = 0; 421 422 /* 423 * Do any callouts that should be done BEFORE syncing the filesystems. 424 */ 425 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 426 427 /* 428 * Now sync filesystems 429 */ 430 if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 431 once = 1; 432 bufshutdown(show_busybufs); 433 } 434 435 print_uptime(); 436 437 cngrab(); 438 439 /* 440 * Ok, now do things that assume all filesystem activity has 441 * been completed. 442 */ 443 EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 444 445 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 446 doadump(TRUE); 447 448 /* Now that we're going to really halt the system... */ 449 EVENTHANDLER_INVOKE(shutdown_final, howto); 450 451 for(;;) ; /* safety against shutdown_reset not working */ 452 /* NOTREACHED */ 453 } 454 455 /* 456 * The system call that results in changing the rootfs. 457 */ 458 static int 459 kern_reroot(void) 460 { 461 struct vnode *oldrootvnode, *vp; 462 struct mount *mp, *devmp; 463 int error; 464 465 if (curproc != initproc) 466 return (EPERM); 467 468 /* 469 * Mark the filesystem containing currently-running executable 470 * (the temporary copy of init(8)) busy. 471 */ 472 vp = curproc->p_textvp; 473 error = vn_lock(vp, LK_SHARED); 474 if (error != 0) 475 return (error); 476 mp = vp->v_mount; 477 error = vfs_busy(mp, MBF_NOWAIT); 478 if (error != 0) { 479 vfs_ref(mp); 480 VOP_UNLOCK(vp, 0); 481 error = vfs_busy(mp, 0); 482 vn_lock(vp, LK_SHARED | LK_RETRY); 483 vfs_rel(mp); 484 if (error != 0) { 485 VOP_UNLOCK(vp, 0); 486 return (ENOENT); 487 } 488 if (vp->v_iflag & VI_DOOMED) { 489 VOP_UNLOCK(vp, 0); 490 vfs_unbusy(mp); 491 return (ENOENT); 492 } 493 } 494 VOP_UNLOCK(vp, 0); 495 496 /* 497 * Remove the filesystem containing currently-running executable 498 * from the mount list, to prevent it from being unmounted 499 * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 500 * 501 * Also preserve /dev - forcibly unmounting it could cause driver 502 * reinitialization. 503 */ 504 505 vfs_ref(rootdevmp); 506 devmp = rootdevmp; 507 rootdevmp = NULL; 508 509 mtx_lock(&mountlist_mtx); 510 TAILQ_REMOVE(&mountlist, mp, mnt_list); 511 TAILQ_REMOVE(&mountlist, devmp, mnt_list); 512 mtx_unlock(&mountlist_mtx); 513 514 oldrootvnode = rootvnode; 515 516 /* 517 * Unmount everything except for the two filesystems preserved above. 518 */ 519 vfs_unmountall(); 520 521 /* 522 * Add /dev back; vfs_mountroot() will move it into its new place. 523 */ 524 mtx_lock(&mountlist_mtx); 525 TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 526 mtx_unlock(&mountlist_mtx); 527 rootdevmp = devmp; 528 vfs_rel(rootdevmp); 529 530 /* 531 * Mount the new rootfs. 532 */ 533 vfs_mountroot(); 534 535 /* 536 * Update all references to the old rootvnode. 537 */ 538 mountcheckdirs(oldrootvnode, rootvnode); 539 540 /* 541 * Add the temporary filesystem back and unbusy it. 542 */ 543 mtx_lock(&mountlist_mtx); 544 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 545 mtx_unlock(&mountlist_mtx); 546 vfs_unbusy(mp); 547 548 return (0); 549 } 550 551 /* 552 * If the shutdown was a clean halt, behave accordingly. 553 */ 554 static void 555 shutdown_halt(void *junk, int howto) 556 { 557 558 if (howto & RB_HALT) { 559 printf("\n"); 560 printf("The operating system has halted.\n"); 561 printf("Please press any key to reboot.\n\n"); 562 switch (cngetc()) { 563 case -1: /* No console, just die */ 564 cpu_halt(); 565 /* NOTREACHED */ 566 default: 567 break; 568 } 569 } 570 } 571 572 /* 573 * Check to see if the system paniced, pause and then reboot 574 * according to the specified delay. 575 */ 576 static void 577 shutdown_panic(void *junk, int howto) 578 { 579 int loop; 580 581 if (howto & RB_DUMP) { 582 if (panic_reboot_wait_time != 0) { 583 if (panic_reboot_wait_time != -1) { 584 printf("Automatic reboot in %d seconds - " 585 "press a key on the console to abort\n", 586 panic_reboot_wait_time); 587 for (loop = panic_reboot_wait_time * 10; 588 loop > 0; --loop) { 589 DELAY(1000 * 100); /* 1/10th second */ 590 /* Did user type a key? */ 591 if (cncheckc() != -1) 592 break; 593 } 594 if (!loop) 595 return; 596 } 597 } else { /* zero time specified - reboot NOW */ 598 return; 599 } 600 printf("--> Press a key on the console to reboot,\n"); 601 printf("--> or switch off the system now.\n"); 602 cngetc(); 603 } 604 } 605 606 /* 607 * Everything done, now reset 608 */ 609 static void 610 shutdown_reset(void *junk, int howto) 611 { 612 613 printf("Rebooting...\n"); 614 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 615 616 /* 617 * Acquiring smp_ipi_mtx here has a double effect: 618 * - it disables interrupts avoiding CPU0 preemption 619 * by fast handlers (thus deadlocking against other CPUs) 620 * - it avoids deadlocks against smp_rendezvous() or, more 621 * generally, threads busy-waiting, with this spinlock held, 622 * and waiting for responses by threads on other CPUs 623 * (ie. smp_tlb_shootdown()). 624 * 625 * For the !SMP case it just needs to handle the former problem. 626 */ 627 #ifdef SMP 628 mtx_lock_spin(&smp_ipi_mtx); 629 #else 630 spinlock_enter(); 631 #endif 632 633 /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 634 cpu_reset(); 635 /* NOTREACHED */ /* assuming reset worked */ 636 } 637 638 #if defined(WITNESS) || defined(INVARIANT_SUPPORT) 639 static int kassert_warn_only = 0; 640 #ifdef KDB 641 static int kassert_do_kdb = 0; 642 #endif 643 #ifdef KTR 644 static int kassert_do_ktr = 0; 645 #endif 646 static int kassert_do_log = 1; 647 static int kassert_log_pps_limit = 4; 648 static int kassert_log_mute_at = 0; 649 static int kassert_log_panic_at = 0; 650 static int kassert_suppress_in_panic = 0; 651 static int kassert_warnings = 0; 652 653 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 654 655 #ifdef KASSERT_PANIC_OPTIONAL 656 #define KASSERT_RWTUN CTLFLAG_RWTUN 657 #else 658 #define KASSERT_RWTUN CTLFLAG_RDTUN 659 #endif 660 661 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, KASSERT_RWTUN, 662 &kassert_warn_only, 0, 663 "KASSERT triggers a panic (0) or just a warning (1)"); 664 665 #ifdef KDB 666 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, KASSERT_RWTUN, 667 &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 668 #endif 669 670 #ifdef KTR 671 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, KASSERT_RWTUN, 672 &kassert_do_ktr, 0, 673 "KASSERT does a KTR, set this to the KTRMASK you want"); 674 #endif 675 676 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, KASSERT_RWTUN, 677 &kassert_do_log, 0, 678 "If warn_only is enabled, log (1) or do not log (0) assertion violations"); 679 680 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, KASSERT_RWTUN, 681 &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 682 683 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, KASSERT_RWTUN, 684 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 685 686 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, KASSERT_RWTUN, 687 &kassert_log_pps_limit, 0, "limit number of log messages per second"); 688 689 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, KASSERT_RWTUN, 690 &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 691 692 SYSCTL_INT(_debug_kassert, OID_AUTO, suppress_in_panic, KASSERT_RWTUN, 693 &kassert_suppress_in_panic, 0, 694 "KASSERTs will be suppressed while handling a panic"); 695 #undef KASSERT_RWTUN 696 697 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 698 699 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 700 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 701 kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 702 703 static int 704 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 705 { 706 int error, i; 707 708 error = sysctl_wire_old_buffer(req, sizeof(int)); 709 if (error == 0) { 710 i = 0; 711 error = sysctl_handle_int(oidp, &i, 0, req); 712 } 713 if (error != 0 || req->newptr == NULL) 714 return (error); 715 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 716 return (0); 717 } 718 719 #ifdef KASSERT_PANIC_OPTIONAL 720 /* 721 * Called by KASSERT, this decides if we will panic 722 * or if we will log via printf and/or ktr. 723 */ 724 void 725 kassert_panic(const char *fmt, ...) 726 { 727 static char buf[256]; 728 va_list ap; 729 730 va_start(ap, fmt); 731 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 732 va_end(ap); 733 734 /* 735 * If we are suppressing secondary panics, log the warning but do not 736 * re-enter panic/kdb. 737 */ 738 if (panicstr != NULL && kassert_suppress_in_panic) { 739 if (kassert_do_log) { 740 printf("KASSERT failed: %s\n", buf); 741 #ifdef KDB 742 if (trace_all_panics && trace_on_panic) 743 kdb_backtrace(); 744 #endif 745 } 746 return; 747 } 748 749 /* 750 * panic if we're not just warning, or if we've exceeded 751 * kassert_log_panic_at warnings. 752 */ 753 if (!kassert_warn_only || 754 (kassert_log_panic_at > 0 && 755 kassert_warnings >= kassert_log_panic_at)) { 756 va_start(ap, fmt); 757 vpanic(fmt, ap); 758 /* NORETURN */ 759 } 760 #ifdef KTR 761 if (kassert_do_ktr) 762 CTR0(ktr_mask, buf); 763 #endif /* KTR */ 764 /* 765 * log if we've not yet met the mute limit. 766 */ 767 if (kassert_do_log && 768 (kassert_log_mute_at == 0 || 769 kassert_warnings < kassert_log_mute_at)) { 770 static struct timeval lasterr; 771 static int curerr; 772 773 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 774 printf("KASSERT failed: %s\n", buf); 775 kdb_backtrace(); 776 } 777 } 778 #ifdef KDB 779 if (kassert_do_kdb) { 780 kdb_enter(KDB_WHY_KASSERT, buf); 781 } 782 #endif 783 atomic_add_int(&kassert_warnings, 1); 784 } 785 #endif /* KASSERT_PANIC_OPTIONAL */ 786 #endif 787 788 /* 789 * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 790 * and then reboots. If we are called twice, then we avoid trying to sync 791 * the disks as this often leads to recursive panics. 792 */ 793 void 794 panic(const char *fmt, ...) 795 { 796 va_list ap; 797 798 va_start(ap, fmt); 799 vpanic(fmt, ap); 800 } 801 802 void 803 vpanic(const char *fmt, va_list ap) 804 { 805 #ifdef SMP 806 cpuset_t other_cpus; 807 #endif 808 struct thread *td = curthread; 809 int bootopt, newpanic; 810 static char buf[256]; 811 812 spinlock_enter(); 813 814 #ifdef SMP 815 /* 816 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 817 * concurrently entering panic. Only the winner will proceed 818 * further. 819 */ 820 if (panicstr == NULL && !kdb_active) { 821 other_cpus = all_cpus; 822 CPU_CLR(PCPU_GET(cpuid), &other_cpus); 823 stop_cpus_hard(other_cpus); 824 } 825 #endif 826 827 /* 828 * Ensure that the scheduler is stopped while panicking, even if panic 829 * has been entered from kdb. 830 */ 831 td->td_stopsched = 1; 832 833 bootopt = RB_AUTOBOOT; 834 newpanic = 0; 835 if (panicstr) 836 bootopt |= RB_NOSYNC; 837 else { 838 bootopt |= RB_DUMP; 839 panicstr = fmt; 840 newpanic = 1; 841 } 842 843 if (newpanic) { 844 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 845 panicstr = buf; 846 cngrab(); 847 printf("panic: %s\n", buf); 848 } else { 849 printf("panic: "); 850 vprintf(fmt, ap); 851 printf("\n"); 852 } 853 #ifdef SMP 854 printf("cpuid = %d\n", PCPU_GET(cpuid)); 855 #endif 856 printf("time = %jd\n", (intmax_t )time_second); 857 #ifdef KDB 858 if ((newpanic || trace_all_panics) && trace_on_panic) 859 kdb_backtrace(); 860 if (debugger_on_panic) 861 kdb_enter(KDB_WHY_PANIC, "panic"); 862 #endif 863 /*thread_lock(td); */ 864 td->td_flags |= TDF_INPANIC; 865 /* thread_unlock(td); */ 866 if (!sync_on_panic) 867 bootopt |= RB_NOSYNC; 868 if (poweroff_on_panic) 869 bootopt |= RB_POWEROFF; 870 if (powercycle_on_panic) 871 bootopt |= RB_POWERCYCLE; 872 kern_reboot(bootopt); 873 } 874 875 /* 876 * Support for poweroff delay. 877 * 878 * Please note that setting this delay too short might power off your machine 879 * before the write cache on your hard disk has been flushed, leading to 880 * soft-updates inconsistencies. 881 */ 882 #ifndef POWEROFF_DELAY 883 # define POWEROFF_DELAY 5000 884 #endif 885 static int poweroff_delay = POWEROFF_DELAY; 886 887 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 888 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 889 890 static void 891 poweroff_wait(void *junk, int howto) 892 { 893 894 if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0) 895 return; 896 DELAY(poweroff_delay * 1000); 897 } 898 899 /* 900 * Some system processes (e.g. syncer) need to be stopped at appropriate 901 * points in their main loops prior to a system shutdown, so that they 902 * won't interfere with the shutdown process (e.g. by holding a disk buf 903 * to cause sync to fail). For each of these system processes, register 904 * shutdown_kproc() as a handler for one of shutdown events. 905 */ 906 static int kproc_shutdown_wait = 60; 907 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 908 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 909 910 void 911 kproc_shutdown(void *arg, int howto) 912 { 913 struct proc *p; 914 int error; 915 916 if (panicstr) 917 return; 918 919 p = (struct proc *)arg; 920 printf("Waiting (max %d seconds) for system process `%s' to stop... ", 921 kproc_shutdown_wait, p->p_comm); 922 error = kproc_suspend(p, kproc_shutdown_wait * hz); 923 924 if (error == EWOULDBLOCK) 925 printf("timed out\n"); 926 else 927 printf("done\n"); 928 } 929 930 void 931 kthread_shutdown(void *arg, int howto) 932 { 933 struct thread *td; 934 int error; 935 936 if (panicstr) 937 return; 938 939 td = (struct thread *)arg; 940 printf("Waiting (max %d seconds) for system thread `%s' to stop... ", 941 kproc_shutdown_wait, td->td_name); 942 error = kthread_suspend(td, kproc_shutdown_wait * hz); 943 944 if (error == EWOULDBLOCK) 945 printf("timed out\n"); 946 else 947 printf("done\n"); 948 } 949 950 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 951 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 952 dumpdevname, 0, "Device for kernel dumps"); 953 954 static int _dump_append(struct dumperinfo *di, void *virtual, 955 vm_offset_t physical, size_t length); 956 957 #ifdef EKCD 958 static struct kerneldumpcrypto * 959 kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, 960 const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) 961 { 962 struct kerneldumpcrypto *kdc; 963 struct kerneldumpkey *kdk; 964 uint32_t dumpkeysize; 965 966 dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); 967 kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); 968 969 arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); 970 971 kdc->kdc_encryption = encryption; 972 switch (kdc->kdc_encryption) { 973 case KERNELDUMP_ENC_AES_256_CBC: 974 if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) 975 goto failed; 976 break; 977 default: 978 goto failed; 979 } 980 981 kdc->kdc_dumpkeysize = dumpkeysize; 982 kdk = kdc->kdc_dumpkey; 983 kdk->kdk_encryption = kdc->kdc_encryption; 984 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 985 kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); 986 memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); 987 988 return (kdc); 989 failed: 990 explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); 991 free(kdc, M_EKCD); 992 return (NULL); 993 } 994 995 static int 996 kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) 997 { 998 uint8_t hash[SHA256_DIGEST_LENGTH]; 999 SHA256_CTX ctx; 1000 struct kerneldumpkey *kdk; 1001 int error; 1002 1003 error = 0; 1004 1005 if (kdc == NULL) 1006 return (0); 1007 1008 /* 1009 * When a user enters ddb it can write a crash dump multiple times. 1010 * Each time it should be encrypted using a different IV. 1011 */ 1012 SHA256_Init(&ctx); 1013 SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1014 SHA256_Final(hash, &ctx); 1015 bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1016 1017 switch (kdc->kdc_encryption) { 1018 case KERNELDUMP_ENC_AES_256_CBC: 1019 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1020 kdc->kdc_iv) <= 0) { 1021 error = EINVAL; 1022 goto out; 1023 } 1024 break; 1025 default: 1026 error = EINVAL; 1027 goto out; 1028 } 1029 1030 kdk = kdc->kdc_dumpkey; 1031 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 1032 out: 1033 explicit_bzero(hash, sizeof(hash)); 1034 return (error); 1035 } 1036 1037 static uint32_t 1038 kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) 1039 { 1040 1041 if (kdc == NULL) 1042 return (0); 1043 return (kdc->kdc_dumpkeysize); 1044 } 1045 #endif /* EKCD */ 1046 1047 static struct kerneldumpcomp * 1048 kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression) 1049 { 1050 struct kerneldumpcomp *kdcomp; 1051 int format; 1052 1053 switch (compression) { 1054 case KERNELDUMP_COMP_GZIP: 1055 format = COMPRESS_GZIP; 1056 break; 1057 case KERNELDUMP_COMP_ZSTD: 1058 format = COMPRESS_ZSTD; 1059 break; 1060 default: 1061 return (NULL); 1062 } 1063 1064 kdcomp = malloc(sizeof(*kdcomp), M_DUMPER, M_WAITOK | M_ZERO); 1065 kdcomp->kdc_format = compression; 1066 kdcomp->kdc_stream = compressor_init(kerneldumpcomp_write_cb, 1067 format, di->maxiosize, kerneldump_gzlevel, di); 1068 if (kdcomp->kdc_stream == NULL) { 1069 free(kdcomp, M_DUMPER); 1070 return (NULL); 1071 } 1072 kdcomp->kdc_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP); 1073 return (kdcomp); 1074 } 1075 1076 static void 1077 kerneldumpcomp_destroy(struct dumperinfo *di) 1078 { 1079 struct kerneldumpcomp *kdcomp; 1080 1081 kdcomp = di->kdcomp; 1082 if (kdcomp == NULL) 1083 return; 1084 compressor_fini(kdcomp->kdc_stream); 1085 explicit_bzero(kdcomp->kdc_buf, di->maxiosize); 1086 free(kdcomp->kdc_buf, M_DUMPER); 1087 free(kdcomp, M_DUMPER); 1088 } 1089 1090 /* Registration of dumpers */ 1091 int 1092 set_dumper(struct dumperinfo *di, const char *devname, struct thread *td, 1093 uint8_t compression, uint8_t encryption, const uint8_t *key, 1094 uint32_t encryptedkeysize, const uint8_t *encryptedkey) 1095 { 1096 size_t wantcopy; 1097 int error; 1098 1099 error = priv_check(td, PRIV_SETDUMPER); 1100 if (error != 0) 1101 return (error); 1102 1103 if (dumper.dumper != NULL) 1104 return (EBUSY); 1105 dumper = *di; 1106 dumper.blockbuf = NULL; 1107 dumper.kdcrypto = NULL; 1108 dumper.kdcomp = NULL; 1109 1110 if (encryption != KERNELDUMP_ENC_NONE) { 1111 #ifdef EKCD 1112 dumper.kdcrypto = kerneldumpcrypto_create(di->blocksize, 1113 encryption, key, encryptedkeysize, encryptedkey); 1114 if (dumper.kdcrypto == NULL) { 1115 error = EINVAL; 1116 goto cleanup; 1117 } 1118 #else 1119 error = EOPNOTSUPP; 1120 goto cleanup; 1121 #endif 1122 } 1123 1124 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 1125 if (wantcopy >= sizeof(dumpdevname)) { 1126 printf("set_dumper: device name truncated from '%s' -> '%s'\n", 1127 devname, dumpdevname); 1128 } 1129 1130 if (compression != KERNELDUMP_COMP_NONE) { 1131 /* 1132 * We currently can't support simultaneous encryption and 1133 * compression. 1134 */ 1135 if (encryption != KERNELDUMP_ENC_NONE) { 1136 error = EOPNOTSUPP; 1137 goto cleanup; 1138 } 1139 dumper.kdcomp = kerneldumpcomp_create(&dumper, compression); 1140 if (dumper.kdcomp == NULL) { 1141 error = EINVAL; 1142 goto cleanup; 1143 } 1144 } 1145 1146 dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO); 1147 return (0); 1148 1149 cleanup: 1150 (void)clear_dumper(td); 1151 return (error); 1152 } 1153 1154 int 1155 clear_dumper(struct thread *td) 1156 { 1157 int error; 1158 1159 error = priv_check(td, PRIV_SETDUMPER); 1160 if (error != 0) 1161 return (error); 1162 1163 #ifdef NETDUMP 1164 netdump_mbuf_drain(); 1165 #endif 1166 1167 #ifdef EKCD 1168 if (dumper.kdcrypto != NULL) { 1169 explicit_bzero(dumper.kdcrypto, sizeof(*dumper.kdcrypto) + 1170 dumper.kdcrypto->kdc_dumpkeysize); 1171 free(dumper.kdcrypto, M_EKCD); 1172 } 1173 #endif 1174 1175 kerneldumpcomp_destroy(&dumper); 1176 1177 if (dumper.blockbuf != NULL) { 1178 explicit_bzero(dumper.blockbuf, dumper.blocksize); 1179 free(dumper.blockbuf, M_DUMPER); 1180 } 1181 explicit_bzero(&dumper, sizeof(dumper)); 1182 dumpdevname[0] = '\0'; 1183 return (0); 1184 } 1185 1186 static int 1187 dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) 1188 { 1189 1190 if (di->mediasize > 0 && length != 0 && (offset < di->mediaoffset || 1191 offset - di->mediaoffset + length > di->mediasize)) { 1192 if (di->kdcomp != NULL && offset >= di->mediaoffset) { 1193 printf( 1194 "Compressed dump failed to fit in device boundaries.\n"); 1195 return (E2BIG); 1196 } 1197 1198 printf("Attempt to write outside dump device boundaries.\n" 1199 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 1200 (intmax_t)offset, (intmax_t)di->mediaoffset, 1201 (uintmax_t)length, (intmax_t)di->mediasize); 1202 return (ENOSPC); 1203 } 1204 if (length % di->blocksize != 0) { 1205 printf("Attempt to write partial block of length %ju.\n", 1206 (uintmax_t)length); 1207 return (EINVAL); 1208 } 1209 if (offset % di->blocksize != 0) { 1210 printf("Attempt to write at unaligned offset %jd.\n", 1211 (intmax_t)offset); 1212 return (EINVAL); 1213 } 1214 1215 return (0); 1216 } 1217 1218 #ifdef EKCD 1219 static int 1220 dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) 1221 { 1222 1223 switch (kdc->kdc_encryption) { 1224 case KERNELDUMP_ENC_AES_256_CBC: 1225 if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 1226 8 * size, buf) <= 0) { 1227 return (EIO); 1228 } 1229 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1230 buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { 1231 return (EIO); 1232 } 1233 break; 1234 default: 1235 return (EINVAL); 1236 } 1237 1238 return (0); 1239 } 1240 1241 /* Encrypt data and call dumper. */ 1242 static int 1243 dump_encrypted_write(struct dumperinfo *di, void *virtual, 1244 vm_offset_t physical, off_t offset, size_t length) 1245 { 1246 static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; 1247 struct kerneldumpcrypto *kdc; 1248 int error; 1249 size_t nbytes; 1250 1251 kdc = di->kdcrypto; 1252 1253 while (length > 0) { 1254 nbytes = MIN(length, sizeof(buf)); 1255 bcopy(virtual, buf, nbytes); 1256 1257 if (dump_encrypt(kdc, buf, nbytes) != 0) 1258 return (EIO); 1259 1260 error = dump_write(di, buf, physical, offset, nbytes); 1261 if (error != 0) 1262 return (error); 1263 1264 offset += nbytes; 1265 virtual = (void *)((uint8_t *)virtual + nbytes); 1266 length -= nbytes; 1267 } 1268 1269 return (0); 1270 } 1271 #endif /* EKCD */ 1272 1273 static int 1274 kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg) 1275 { 1276 struct dumperinfo *di; 1277 size_t resid, rlength; 1278 int error; 1279 1280 di = arg; 1281 1282 if (length % di->blocksize != 0) { 1283 /* 1284 * This must be the final write after flushing the compression 1285 * stream. Write as many full blocks as possible and stash the 1286 * residual data in the dumper's block buffer. It will be 1287 * padded and written in dump_finish(). 1288 */ 1289 rlength = rounddown(length, di->blocksize); 1290 if (rlength != 0) { 1291 error = _dump_append(di, base, 0, rlength); 1292 if (error != 0) 1293 return (error); 1294 } 1295 resid = length - rlength; 1296 memmove(di->blockbuf, (uint8_t *)base + rlength, resid); 1297 di->kdcomp->kdc_resid = resid; 1298 return (EAGAIN); 1299 } 1300 return (_dump_append(di, base, 0, length)); 1301 } 1302 1303 /* 1304 * Write kernel dump headers at the beginning and end of the dump extent. 1305 * Write the kernel dump encryption key after the leading header if we were 1306 * configured to do so. 1307 */ 1308 static int 1309 dump_write_headers(struct dumperinfo *di, struct kerneldumpheader *kdh) 1310 { 1311 #ifdef EKCD 1312 struct kerneldumpcrypto *kdc; 1313 #endif 1314 void *buf, *key; 1315 size_t hdrsz; 1316 uint64_t extent; 1317 uint32_t keysize; 1318 int error; 1319 1320 hdrsz = sizeof(*kdh); 1321 if (hdrsz > di->blocksize) 1322 return (ENOMEM); 1323 1324 #ifdef EKCD 1325 kdc = di->kdcrypto; 1326 key = kdc->kdc_dumpkey; 1327 keysize = kerneldumpcrypto_dumpkeysize(kdc); 1328 #else 1329 key = NULL; 1330 keysize = 0; 1331 #endif 1332 1333 /* 1334 * If the dump device has special handling for headers, let it take care 1335 * of writing them out. 1336 */ 1337 if (di->dumper_hdr != NULL) 1338 return (di->dumper_hdr(di, kdh, key, keysize)); 1339 1340 if (hdrsz == di->blocksize) 1341 buf = kdh; 1342 else { 1343 buf = di->blockbuf; 1344 memset(buf, 0, di->blocksize); 1345 memcpy(buf, kdh, hdrsz); 1346 } 1347 1348 extent = dtoh64(kdh->dumpextent); 1349 #ifdef EKCD 1350 if (kdc != NULL) { 1351 error = dump_write(di, kdc->kdc_dumpkey, 0, 1352 di->mediaoffset + di->mediasize - di->blocksize - extent - 1353 keysize, keysize); 1354 if (error != 0) 1355 return (error); 1356 } 1357 #endif 1358 1359 error = dump_write(di, buf, 0, 1360 di->mediaoffset + di->mediasize - 2 * di->blocksize - extent - 1361 keysize, di->blocksize); 1362 if (error == 0) 1363 error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize - 1364 di->blocksize, di->blocksize); 1365 return (error); 1366 } 1367 1368 /* 1369 * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to 1370 * protect us from metadata and metadata from us. 1371 */ 1372 #define SIZEOF_METADATA (64 * 1024) 1373 1374 /* 1375 * Do some preliminary setup for a kernel dump: initialize state for encryption, 1376 * if requested, and make sure that we have enough space on the dump device. 1377 * 1378 * We set things up so that the dump ends before the last sector of the dump 1379 * device, at which the trailing header is written. 1380 * 1381 * +-----------+------+-----+----------------------------+------+ 1382 * | | lhdr | key | ... kernel dump ... | thdr | 1383 * +-----------+------+-----+----------------------------+------+ 1384 * 1 blk opt <------- dump extent --------> 1 blk 1385 * 1386 * Dumps written using dump_append() start at the beginning of the extent. 1387 * Uncompressed dumps will use the entire extent, but compressed dumps typically 1388 * will not. The true length of the dump is recorded in the leading and trailing 1389 * headers once the dump has been completed. 1390 * 1391 * The dump device may provide a callback, in which case it will initialize 1392 * dumpoff and take care of laying out the headers. 1393 */ 1394 int 1395 dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh) 1396 { 1397 uint64_t dumpextent, span; 1398 uint32_t keysize; 1399 int error; 1400 1401 #ifdef EKCD 1402 error = kerneldumpcrypto_init(di->kdcrypto); 1403 if (error != 0) 1404 return (error); 1405 keysize = kerneldumpcrypto_dumpkeysize(di->kdcrypto); 1406 #else 1407 error = 0; 1408 keysize = 0; 1409 #endif 1410 1411 if (di->dumper_start != NULL) { 1412 error = di->dumper_start(di); 1413 } else { 1414 dumpextent = dtoh64(kdh->dumpextent); 1415 span = SIZEOF_METADATA + dumpextent + 2 * di->blocksize + 1416 keysize; 1417 if (di->mediasize < span) { 1418 if (di->kdcomp == NULL) 1419 return (E2BIG); 1420 1421 /* 1422 * We don't yet know how much space the compressed dump 1423 * will occupy, so try to use the whole swap partition 1424 * (minus the first 64KB) in the hope that the 1425 * compressed dump will fit. If that doesn't turn out to 1426 * be enough, the bounds checking in dump_write() 1427 * will catch us and cause the dump to fail. 1428 */ 1429 dumpextent = di->mediasize - span + dumpextent; 1430 kdh->dumpextent = htod64(dumpextent); 1431 } 1432 1433 /* 1434 * The offset at which to begin writing the dump. 1435 */ 1436 di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize - 1437 dumpextent; 1438 } 1439 di->origdumpoff = di->dumpoff; 1440 return (error); 1441 } 1442 1443 static int 1444 _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1445 size_t length) 1446 { 1447 int error; 1448 1449 #ifdef EKCD 1450 if (di->kdcrypto != NULL) 1451 error = dump_encrypted_write(di, virtual, physical, di->dumpoff, 1452 length); 1453 else 1454 #endif 1455 error = dump_write(di, virtual, physical, di->dumpoff, length); 1456 if (error == 0) 1457 di->dumpoff += length; 1458 return (error); 1459 } 1460 1461 /* 1462 * Write to the dump device starting at dumpoff. When compression is enabled, 1463 * writes to the device will be performed using a callback that gets invoked 1464 * when the compression stream's output buffer is full. 1465 */ 1466 int 1467 dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1468 size_t length) 1469 { 1470 void *buf; 1471 1472 if (di->kdcomp != NULL) { 1473 /* Bounce through a buffer to avoid CRC errors. */ 1474 if (length > di->maxiosize) 1475 return (EINVAL); 1476 buf = di->kdcomp->kdc_buf; 1477 memmove(buf, virtual, length); 1478 return (compressor_write(di->kdcomp->kdc_stream, buf, length)); 1479 } 1480 return (_dump_append(di, virtual, physical, length)); 1481 } 1482 1483 /* 1484 * Write to the dump device at the specified offset. 1485 */ 1486 int 1487 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1488 off_t offset, size_t length) 1489 { 1490 int error; 1491 1492 error = dump_check_bounds(di, offset, length); 1493 if (error != 0) 1494 return (error); 1495 return (di->dumper(di->priv, virtual, physical, offset, length)); 1496 } 1497 1498 /* 1499 * Perform kernel dump finalization: flush the compression stream, if necessary, 1500 * write the leading and trailing kernel dump headers now that we know the true 1501 * length of the dump, and optionally write the encryption key following the 1502 * leading header. 1503 */ 1504 int 1505 dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) 1506 { 1507 int error; 1508 1509 if (di->kdcomp != NULL) { 1510 error = compressor_flush(di->kdcomp->kdc_stream); 1511 if (error == EAGAIN) { 1512 /* We have residual data in di->blockbuf. */ 1513 error = dump_write(di, di->blockbuf, 0, di->dumpoff, 1514 di->blocksize); 1515 di->dumpoff += di->kdcomp->kdc_resid; 1516 di->kdcomp->kdc_resid = 0; 1517 } 1518 if (error != 0) 1519 return (error); 1520 1521 /* 1522 * We now know the size of the compressed dump, so update the 1523 * header accordingly and recompute parity. 1524 */ 1525 kdh->dumplength = htod64(di->dumpoff - di->origdumpoff); 1526 kdh->parity = 0; 1527 kdh->parity = kerneldump_parity(kdh); 1528 1529 compressor_reset(di->kdcomp->kdc_stream); 1530 } 1531 1532 error = dump_write_headers(di, kdh); 1533 if (error != 0) 1534 return (error); 1535 1536 (void)dump_write(di, NULL, 0, 0, 0); 1537 return (0); 1538 } 1539 1540 void 1541 dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh, 1542 char *magic, uint32_t archver, uint64_t dumplen) 1543 { 1544 size_t dstsize; 1545 1546 bzero(kdh, sizeof(*kdh)); 1547 strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 1548 strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 1549 kdh->version = htod32(KERNELDUMPVERSION); 1550 kdh->architectureversion = htod32(archver); 1551 kdh->dumplength = htod64(dumplen); 1552 kdh->dumpextent = kdh->dumplength; 1553 kdh->dumptime = htod64(time_second); 1554 #ifdef EKCD 1555 kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdcrypto)); 1556 #else 1557 kdh->dumpkeysize = 0; 1558 #endif 1559 kdh->blocksize = htod32(di->blocksize); 1560 strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 1561 dstsize = sizeof(kdh->versionstring); 1562 if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) 1563 kdh->versionstring[dstsize - 2] = '\n'; 1564 if (panicstr != NULL) 1565 strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 1566 if (di->kdcomp != NULL) 1567 kdh->compression = di->kdcomp->kdc_format; 1568 kdh->parity = kerneldump_parity(kdh); 1569 } 1570 1571 #ifdef DDB 1572 DB_SHOW_COMMAND(panic, db_show_panic) 1573 { 1574 1575 if (panicstr == NULL) 1576 db_printf("panicstr not set\n"); 1577 else 1578 db_printf("panic: %s\n", panicstr); 1579 } 1580 #endif
Cache object: 08f532abf4cfaae71b5c16b8025fc5b1
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]