1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1986, 1988, 1991, 1993
5 * The Regents of the University of California. All rights reserved.
6 * (c) UNIX System Laboratories, Inc.
7 * All or some portions of this file are derived from material licensed
8 * to the University of California by American Telephone and Telegraph
9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
10 * the permission of UNIX System Laboratories, Inc.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. Neither the name of the University nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 *
36 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94
37 */
38
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD: releng/12.0/sys/kern/kern_shutdown.c 338214 2018-08-22 22:19:42Z cem $");
41
42 #include "opt_ddb.h"
43 #include "opt_ekcd.h"
44 #include "opt_kdb.h"
45 #include "opt_panic.h"
46 #include "opt_sched.h"
47 #include "opt_watchdog.h"
48
49 #include <sys/param.h>
50 #include <sys/systm.h>
51 #include <sys/bio.h>
52 #include <sys/buf.h>
53 #include <sys/conf.h>
54 #include <sys/compressor.h>
55 #include <sys/cons.h>
56 #include <sys/eventhandler.h>
57 #include <sys/filedesc.h>
58 #include <sys/jail.h>
59 #include <sys/kdb.h>
60 #include <sys/kernel.h>
61 #include <sys/kerneldump.h>
62 #include <sys/kthread.h>
63 #include <sys/ktr.h>
64 #include <sys/malloc.h>
65 #include <sys/mbuf.h>
66 #include <sys/mount.h>
67 #include <sys/priv.h>
68 #include <sys/proc.h>
69 #include <sys/reboot.h>
70 #include <sys/resourcevar.h>
71 #include <sys/rwlock.h>
72 #include <sys/sched.h>
73 #include <sys/smp.h>
74 #include <sys/sysctl.h>
75 #include <sys/sysproto.h>
76 #include <sys/taskqueue.h>
77 #include <sys/vnode.h>
78 #include <sys/watchdog.h>
79
80 #include <crypto/rijndael/rijndael-api-fst.h>
81 #include <crypto/sha2/sha256.h>
82
83 #include <ddb/ddb.h>
84
85 #include <machine/cpu.h>
86 #include <machine/dump.h>
87 #include <machine/pcb.h>
88 #include <machine/smp.h>
89
90 #include <security/mac/mac_framework.h>
91
92 #include <vm/vm.h>
93 #include <vm/vm_object.h>
94 #include <vm/vm_page.h>
95 #include <vm/vm_pager.h>
96 #include <vm/swap_pager.h>
97
98 #include <sys/signalvar.h>
99
100 static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer");
101
102 #ifndef PANIC_REBOOT_WAIT_TIME
103 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */
104 #endif
105 static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME;
106 SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN,
107 &panic_reboot_wait_time, 0,
108 "Seconds to wait before rebooting after a panic");
109
110 /*
111 * Note that stdarg.h and the ANSI style va_start macro is used for both
112 * ANSI and traditional C compilers.
113 */
114 #include <machine/stdarg.h>
115
116 #ifdef KDB
117 #ifdef KDB_UNATTENDED
118 int debugger_on_panic = 0;
119 #else
120 int debugger_on_panic = 1;
121 #endif
122 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic,
123 CTLFLAG_RWTUN | CTLFLAG_SECURE,
124 &debugger_on_panic, 0, "Run debugger on kernel panic");
125
126 #ifdef KDB_TRACE
127 static int trace_on_panic = 1;
128 static bool trace_all_panics = true;
129 #else
130 static int trace_on_panic = 0;
131 static bool trace_all_panics = false;
132 #endif
133 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic,
134 CTLFLAG_RWTUN | CTLFLAG_SECURE,
135 &trace_on_panic, 0, "Print stack trace on kernel panic");
136 SYSCTL_BOOL(_debug, OID_AUTO, trace_all_panics, CTLFLAG_RWTUN,
137 &trace_all_panics, 0, "Print stack traces on secondary kernel panics");
138 #endif /* KDB */
139
140 static int sync_on_panic = 0;
141 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN,
142 &sync_on_panic, 0, "Do a sync before rebooting from a panic");
143
144 static bool poweroff_on_panic = 0;
145 SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN,
146 &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic");
147
148 static bool powercycle_on_panic = 0;
149 SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN,
150 &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic");
151
152 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0,
153 "Shutdown environment");
154
155 #ifndef DIAGNOSTIC
156 static int show_busybufs;
157 #else
158 static int show_busybufs = 1;
159 #endif
160 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW,
161 &show_busybufs, 0, "");
162
163 int suspend_blocked = 0;
164 SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW,
165 &suspend_blocked, 0, "Block suspend due to a pending shutdown");
166
167 #ifdef EKCD
168 FEATURE(ekcd, "Encrypted kernel crash dumps support");
169
170 MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data");
171
172 struct kerneldumpcrypto {
173 uint8_t kdc_encryption;
174 uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE];
175 keyInstance kdc_ki;
176 cipherInstance kdc_ci;
177 uint32_t kdc_dumpkeysize;
178 struct kerneldumpkey kdc_dumpkey[];
179 };
180 #endif
181
182 struct kerneldumpcomp {
183 uint8_t kdc_format;
184 struct compressor *kdc_stream;
185 uint8_t *kdc_buf;
186 size_t kdc_resid;
187 };
188
189 static struct kerneldumpcomp *kerneldumpcomp_create(struct dumperinfo *di,
190 uint8_t compression);
191 static void kerneldumpcomp_destroy(struct dumperinfo *di);
192 static int kerneldumpcomp_write_cb(void *base, size_t len, off_t off, void *arg);
193
194 static int kerneldump_gzlevel = 6;
195 SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN,
196 &kerneldump_gzlevel, 0,
197 "Kernel crash dump compression level");
198
199 /*
200 * Variable panicstr contains argument to first call to panic; used as flag
201 * to indicate that the kernel has already called panic.
202 */
203 const char *panicstr;
204
205 int dumping; /* system is dumping */
206 int rebooting; /* system is rebooting */
207 static struct dumperinfo dumper; /* our selected dumper */
208
209 /* Context information for dump-debuggers. */
210 static struct pcb dumppcb; /* Registers. */
211 lwpid_t dumptid; /* Thread ID. */
212
213 static struct cdevsw reroot_cdevsw = {
214 .d_version = D_VERSION,
215 .d_name = "reroot",
216 };
217
218 static void poweroff_wait(void *, int);
219 static void shutdown_halt(void *junk, int howto);
220 static void shutdown_panic(void *junk, int howto);
221 static void shutdown_reset(void *junk, int howto);
222 static int kern_reroot(void);
223
224 /* register various local shutdown events */
225 static void
226 shutdown_conf(void *unused)
227 {
228
229 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL,
230 SHUTDOWN_PRI_FIRST);
231 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL,
232 SHUTDOWN_PRI_LAST + 100);
233 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL,
234 SHUTDOWN_PRI_LAST + 100);
235 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL,
236 SHUTDOWN_PRI_LAST + 200);
237 }
238
239 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL);
240
241 /*
242 * The only reason this exists is to create the /dev/reroot/ directory,
243 * used by reroot code in init(8) as a mountpoint for tmpfs.
244 */
245 static void
246 reroot_conf(void *unused)
247 {
248 int error;
249 struct cdev *cdev;
250
251 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev,
252 &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot");
253 if (error != 0) {
254 printf("%s: failed to create device node, error %d",
255 __func__, error);
256 }
257 }
258
259 SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL);
260
261 /*
262 * The system call that results in a reboot.
263 */
264 /* ARGSUSED */
265 int
266 sys_reboot(struct thread *td, struct reboot_args *uap)
267 {
268 int error;
269
270 error = 0;
271 #ifdef MAC
272 error = mac_system_check_reboot(td->td_ucred, uap->opt);
273 #endif
274 if (error == 0)
275 error = priv_check(td, PRIV_REBOOT);
276 if (error == 0) {
277 if (uap->opt & RB_REROOT)
278 error = kern_reroot();
279 else
280 kern_reboot(uap->opt);
281 }
282 return (error);
283 }
284
285 static void
286 shutdown_nice_task_fn(void *arg, int pending __unused)
287 {
288 int howto;
289
290 howto = (uintptr_t)arg;
291 /* Send a signal to init(8) and have it shutdown the world. */
292 PROC_LOCK(initproc);
293 if (howto & RB_POWEROFF)
294 kern_psignal(initproc, SIGUSR2);
295 else if (howto & RB_POWERCYCLE)
296 kern_psignal(initproc, SIGWINCH);
297 else if (howto & RB_HALT)
298 kern_psignal(initproc, SIGUSR1);
299 else
300 kern_psignal(initproc, SIGINT);
301 PROC_UNLOCK(initproc);
302 }
303
304 static struct task shutdown_nice_task = TASK_INITIALIZER(0,
305 &shutdown_nice_task_fn, NULL);
306
307 /*
308 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC
309 */
310 void
311 shutdown_nice(int howto)
312 {
313
314 if (initproc != NULL && !SCHEDULER_STOPPED()) {
315 shutdown_nice_task.ta_context = (void *)(uintptr_t)howto;
316 taskqueue_enqueue(taskqueue_fast, &shutdown_nice_task);
317 } else {
318 /*
319 * No init(8) running, or scheduler would not allow it
320 * to run, so simply reboot.
321 */
322 kern_reboot(howto | RB_NOSYNC);
323 }
324 }
325
326 static void
327 print_uptime(void)
328 {
329 int f;
330 struct timespec ts;
331
332 getnanouptime(&ts);
333 printf("Uptime: ");
334 f = 0;
335 if (ts.tv_sec >= 86400) {
336 printf("%ldd", (long)ts.tv_sec / 86400);
337 ts.tv_sec %= 86400;
338 f = 1;
339 }
340 if (f || ts.tv_sec >= 3600) {
341 printf("%ldh", (long)ts.tv_sec / 3600);
342 ts.tv_sec %= 3600;
343 f = 1;
344 }
345 if (f || ts.tv_sec >= 60) {
346 printf("%ldm", (long)ts.tv_sec / 60);
347 ts.tv_sec %= 60;
348 f = 1;
349 }
350 printf("%lds\n", (long)ts.tv_sec);
351 }
352
353 int
354 doadump(boolean_t textdump)
355 {
356 boolean_t coredump;
357 int error;
358
359 error = 0;
360 if (dumping)
361 return (EBUSY);
362 if (dumper.dumper == NULL)
363 return (ENXIO);
364
365 savectx(&dumppcb);
366 dumptid = curthread->td_tid;
367 dumping++;
368
369 coredump = TRUE;
370 #ifdef DDB
371 if (textdump && textdump_pending) {
372 coredump = FALSE;
373 textdump_dumpsys(&dumper);
374 }
375 #endif
376 if (coredump)
377 error = dumpsys(&dumper);
378
379 dumping--;
380 return (error);
381 }
382
383 /*
384 * Shutdown the system cleanly to prepare for reboot, halt, or power off.
385 */
386 void
387 kern_reboot(int howto)
388 {
389 static int once = 0;
390
391 /*
392 * Normal paths here don't hold Giant, but we can wind up here
393 * unexpectedly with it held. Drop it now so we don't have to
394 * drop and pick it up elsewhere. The paths it is locking will
395 * never be returned to, and it is preferable to preclude
396 * deadlock than to lock against code that won't ever
397 * continue.
398 */
399 while (mtx_owned(&Giant))
400 mtx_unlock(&Giant);
401
402 #if defined(SMP)
403 /*
404 * Bind us to the first CPU so that all shutdown code runs there. Some
405 * systems don't shutdown properly (i.e., ACPI power off) if we
406 * run on another processor.
407 */
408 if (!SCHEDULER_STOPPED()) {
409 thread_lock(curthread);
410 sched_bind(curthread, CPU_FIRST());
411 thread_unlock(curthread);
412 KASSERT(PCPU_GET(cpuid) == CPU_FIRST(),
413 ("boot: not running on cpu 0"));
414 }
415 #endif
416 /* We're in the process of rebooting. */
417 rebooting = 1;
418
419 /* We are out of the debugger now. */
420 kdb_active = 0;
421
422 /*
423 * Do any callouts that should be done BEFORE syncing the filesystems.
424 */
425 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto);
426
427 /*
428 * Now sync filesystems
429 */
430 if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) {
431 once = 1;
432 bufshutdown(show_busybufs);
433 }
434
435 print_uptime();
436
437 cngrab();
438
439 /*
440 * Ok, now do things that assume all filesystem activity has
441 * been completed.
442 */
443 EVENTHANDLER_INVOKE(shutdown_post_sync, howto);
444
445 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping)
446 doadump(TRUE);
447
448 /* Now that we're going to really halt the system... */
449 EVENTHANDLER_INVOKE(shutdown_final, howto);
450
451 for(;;) ; /* safety against shutdown_reset not working */
452 /* NOTREACHED */
453 }
454
455 /*
456 * The system call that results in changing the rootfs.
457 */
458 static int
459 kern_reroot(void)
460 {
461 struct vnode *oldrootvnode, *vp;
462 struct mount *mp, *devmp;
463 int error;
464
465 if (curproc != initproc)
466 return (EPERM);
467
468 /*
469 * Mark the filesystem containing currently-running executable
470 * (the temporary copy of init(8)) busy.
471 */
472 vp = curproc->p_textvp;
473 error = vn_lock(vp, LK_SHARED);
474 if (error != 0)
475 return (error);
476 mp = vp->v_mount;
477 error = vfs_busy(mp, MBF_NOWAIT);
478 if (error != 0) {
479 vfs_ref(mp);
480 VOP_UNLOCK(vp, 0);
481 error = vfs_busy(mp, 0);
482 vn_lock(vp, LK_SHARED | LK_RETRY);
483 vfs_rel(mp);
484 if (error != 0) {
485 VOP_UNLOCK(vp, 0);
486 return (ENOENT);
487 }
488 if (vp->v_iflag & VI_DOOMED) {
489 VOP_UNLOCK(vp, 0);
490 vfs_unbusy(mp);
491 return (ENOENT);
492 }
493 }
494 VOP_UNLOCK(vp, 0);
495
496 /*
497 * Remove the filesystem containing currently-running executable
498 * from the mount list, to prevent it from being unmounted
499 * by vfs_unmountall(), and to avoid confusing vfs_mountroot().
500 *
501 * Also preserve /dev - forcibly unmounting it could cause driver
502 * reinitialization.
503 */
504
505 vfs_ref(rootdevmp);
506 devmp = rootdevmp;
507 rootdevmp = NULL;
508
509 mtx_lock(&mountlist_mtx);
510 TAILQ_REMOVE(&mountlist, mp, mnt_list);
511 TAILQ_REMOVE(&mountlist, devmp, mnt_list);
512 mtx_unlock(&mountlist_mtx);
513
514 oldrootvnode = rootvnode;
515
516 /*
517 * Unmount everything except for the two filesystems preserved above.
518 */
519 vfs_unmountall();
520
521 /*
522 * Add /dev back; vfs_mountroot() will move it into its new place.
523 */
524 mtx_lock(&mountlist_mtx);
525 TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list);
526 mtx_unlock(&mountlist_mtx);
527 rootdevmp = devmp;
528 vfs_rel(rootdevmp);
529
530 /*
531 * Mount the new rootfs.
532 */
533 vfs_mountroot();
534
535 /*
536 * Update all references to the old rootvnode.
537 */
538 mountcheckdirs(oldrootvnode, rootvnode);
539
540 /*
541 * Add the temporary filesystem back and unbusy it.
542 */
543 mtx_lock(&mountlist_mtx);
544 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
545 mtx_unlock(&mountlist_mtx);
546 vfs_unbusy(mp);
547
548 return (0);
549 }
550
551 /*
552 * If the shutdown was a clean halt, behave accordingly.
553 */
554 static void
555 shutdown_halt(void *junk, int howto)
556 {
557
558 if (howto & RB_HALT) {
559 printf("\n");
560 printf("The operating system has halted.\n");
561 printf("Please press any key to reboot.\n\n");
562 switch (cngetc()) {
563 case -1: /* No console, just die */
564 cpu_halt();
565 /* NOTREACHED */
566 default:
567 break;
568 }
569 }
570 }
571
572 /*
573 * Check to see if the system paniced, pause and then reboot
574 * according to the specified delay.
575 */
576 static void
577 shutdown_panic(void *junk, int howto)
578 {
579 int loop;
580
581 if (howto & RB_DUMP) {
582 if (panic_reboot_wait_time != 0) {
583 if (panic_reboot_wait_time != -1) {
584 printf("Automatic reboot in %d seconds - "
585 "press a key on the console to abort\n",
586 panic_reboot_wait_time);
587 for (loop = panic_reboot_wait_time * 10;
588 loop > 0; --loop) {
589 DELAY(1000 * 100); /* 1/10th second */
590 /* Did user type a key? */
591 if (cncheckc() != -1)
592 break;
593 }
594 if (!loop)
595 return;
596 }
597 } else { /* zero time specified - reboot NOW */
598 return;
599 }
600 printf("--> Press a key on the console to reboot,\n");
601 printf("--> or switch off the system now.\n");
602 cngetc();
603 }
604 }
605
606 /*
607 * Everything done, now reset
608 */
609 static void
610 shutdown_reset(void *junk, int howto)
611 {
612
613 printf("Rebooting...\n");
614 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */
615
616 /*
617 * Acquiring smp_ipi_mtx here has a double effect:
618 * - it disables interrupts avoiding CPU0 preemption
619 * by fast handlers (thus deadlocking against other CPUs)
620 * - it avoids deadlocks against smp_rendezvous() or, more
621 * generally, threads busy-waiting, with this spinlock held,
622 * and waiting for responses by threads on other CPUs
623 * (ie. smp_tlb_shootdown()).
624 *
625 * For the !SMP case it just needs to handle the former problem.
626 */
627 #ifdef SMP
628 mtx_lock_spin(&smp_ipi_mtx);
629 #else
630 spinlock_enter();
631 #endif
632
633 /* cpu_boot(howto); */ /* doesn't do anything at the moment */
634 cpu_reset();
635 /* NOTREACHED */ /* assuming reset worked */
636 }
637
638 #if defined(WITNESS) || defined(INVARIANT_SUPPORT)
639 static int kassert_warn_only = 0;
640 #ifdef KDB
641 static int kassert_do_kdb = 0;
642 #endif
643 #ifdef KTR
644 static int kassert_do_ktr = 0;
645 #endif
646 static int kassert_do_log = 1;
647 static int kassert_log_pps_limit = 4;
648 static int kassert_log_mute_at = 0;
649 static int kassert_log_panic_at = 0;
650 static int kassert_suppress_in_panic = 0;
651 static int kassert_warnings = 0;
652
653 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options");
654
655 #ifdef KASSERT_PANIC_OPTIONAL
656 #define KASSERT_RWTUN CTLFLAG_RWTUN
657 #else
658 #define KASSERT_RWTUN CTLFLAG_RDTUN
659 #endif
660
661 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, KASSERT_RWTUN,
662 &kassert_warn_only, 0,
663 "KASSERT triggers a panic (0) or just a warning (1)");
664
665 #ifdef KDB
666 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, KASSERT_RWTUN,
667 &kassert_do_kdb, 0, "KASSERT will enter the debugger");
668 #endif
669
670 #ifdef KTR
671 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, KASSERT_RWTUN,
672 &kassert_do_ktr, 0,
673 "KASSERT does a KTR, set this to the KTRMASK you want");
674 #endif
675
676 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, KASSERT_RWTUN,
677 &kassert_do_log, 0,
678 "If warn_only is enabled, log (1) or do not log (0) assertion violations");
679
680 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, KASSERT_RWTUN,
681 &kassert_warnings, 0, "number of KASSERTs that have been triggered");
682
683 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, KASSERT_RWTUN,
684 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic");
685
686 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, KASSERT_RWTUN,
687 &kassert_log_pps_limit, 0, "limit number of log messages per second");
688
689 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, KASSERT_RWTUN,
690 &kassert_log_mute_at, 0, "max number of KASSERTS to log");
691
692 SYSCTL_INT(_debug_kassert, OID_AUTO, suppress_in_panic, KASSERT_RWTUN,
693 &kassert_suppress_in_panic, 0,
694 "KASSERTs will be suppressed while handling a panic");
695 #undef KASSERT_RWTUN
696
697 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS);
698
699 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert,
700 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
701 kassert_sysctl_kassert, "I", "set to trigger a test kassert");
702
703 static int
704 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS)
705 {
706 int error, i;
707
708 error = sysctl_wire_old_buffer(req, sizeof(int));
709 if (error == 0) {
710 i = 0;
711 error = sysctl_handle_int(oidp, &i, 0, req);
712 }
713 if (error != 0 || req->newptr == NULL)
714 return (error);
715 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i));
716 return (0);
717 }
718
719 #ifdef KASSERT_PANIC_OPTIONAL
720 /*
721 * Called by KASSERT, this decides if we will panic
722 * or if we will log via printf and/or ktr.
723 */
724 void
725 kassert_panic(const char *fmt, ...)
726 {
727 static char buf[256];
728 va_list ap;
729
730 va_start(ap, fmt);
731 (void)vsnprintf(buf, sizeof(buf), fmt, ap);
732 va_end(ap);
733
734 /*
735 * If we are suppressing secondary panics, log the warning but do not
736 * re-enter panic/kdb.
737 */
738 if (panicstr != NULL && kassert_suppress_in_panic) {
739 if (kassert_do_log) {
740 printf("KASSERT failed: %s\n", buf);
741 #ifdef KDB
742 if (trace_all_panics && trace_on_panic)
743 kdb_backtrace();
744 #endif
745 }
746 return;
747 }
748
749 /*
750 * panic if we're not just warning, or if we've exceeded
751 * kassert_log_panic_at warnings.
752 */
753 if (!kassert_warn_only ||
754 (kassert_log_panic_at > 0 &&
755 kassert_warnings >= kassert_log_panic_at)) {
756 va_start(ap, fmt);
757 vpanic(fmt, ap);
758 /* NORETURN */
759 }
760 #ifdef KTR
761 if (kassert_do_ktr)
762 CTR0(ktr_mask, buf);
763 #endif /* KTR */
764 /*
765 * log if we've not yet met the mute limit.
766 */
767 if (kassert_do_log &&
768 (kassert_log_mute_at == 0 ||
769 kassert_warnings < kassert_log_mute_at)) {
770 static struct timeval lasterr;
771 static int curerr;
772
773 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) {
774 printf("KASSERT failed: %s\n", buf);
775 kdb_backtrace();
776 }
777 }
778 #ifdef KDB
779 if (kassert_do_kdb) {
780 kdb_enter(KDB_WHY_KASSERT, buf);
781 }
782 #endif
783 atomic_add_int(&kassert_warnings, 1);
784 }
785 #endif /* KASSERT_PANIC_OPTIONAL */
786 #endif
787
788 /*
789 * Panic is called on unresolvable fatal errors. It prints "panic: mesg",
790 * and then reboots. If we are called twice, then we avoid trying to sync
791 * the disks as this often leads to recursive panics.
792 */
793 void
794 panic(const char *fmt, ...)
795 {
796 va_list ap;
797
798 va_start(ap, fmt);
799 vpanic(fmt, ap);
800 }
801
802 void
803 vpanic(const char *fmt, va_list ap)
804 {
805 #ifdef SMP
806 cpuset_t other_cpus;
807 #endif
808 struct thread *td = curthread;
809 int bootopt, newpanic;
810 static char buf[256];
811
812 spinlock_enter();
813
814 #ifdef SMP
815 /*
816 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from
817 * concurrently entering panic. Only the winner will proceed
818 * further.
819 */
820 if (panicstr == NULL && !kdb_active) {
821 other_cpus = all_cpus;
822 CPU_CLR(PCPU_GET(cpuid), &other_cpus);
823 stop_cpus_hard(other_cpus);
824 }
825 #endif
826
827 /*
828 * Ensure that the scheduler is stopped while panicking, even if panic
829 * has been entered from kdb.
830 */
831 td->td_stopsched = 1;
832
833 bootopt = RB_AUTOBOOT;
834 newpanic = 0;
835 if (panicstr)
836 bootopt |= RB_NOSYNC;
837 else {
838 bootopt |= RB_DUMP;
839 panicstr = fmt;
840 newpanic = 1;
841 }
842
843 if (newpanic) {
844 (void)vsnprintf(buf, sizeof(buf), fmt, ap);
845 panicstr = buf;
846 cngrab();
847 printf("panic: %s\n", buf);
848 } else {
849 printf("panic: ");
850 vprintf(fmt, ap);
851 printf("\n");
852 }
853 #ifdef SMP
854 printf("cpuid = %d\n", PCPU_GET(cpuid));
855 #endif
856 printf("time = %jd\n", (intmax_t )time_second);
857 #ifdef KDB
858 if ((newpanic || trace_all_panics) && trace_on_panic)
859 kdb_backtrace();
860 if (debugger_on_panic)
861 kdb_enter(KDB_WHY_PANIC, "panic");
862 #endif
863 /*thread_lock(td); */
864 td->td_flags |= TDF_INPANIC;
865 /* thread_unlock(td); */
866 if (!sync_on_panic)
867 bootopt |= RB_NOSYNC;
868 if (poweroff_on_panic)
869 bootopt |= RB_POWEROFF;
870 if (powercycle_on_panic)
871 bootopt |= RB_POWERCYCLE;
872 kern_reboot(bootopt);
873 }
874
875 /*
876 * Support for poweroff delay.
877 *
878 * Please note that setting this delay too short might power off your machine
879 * before the write cache on your hard disk has been flushed, leading to
880 * soft-updates inconsistencies.
881 */
882 #ifndef POWEROFF_DELAY
883 # define POWEROFF_DELAY 5000
884 #endif
885 static int poweroff_delay = POWEROFF_DELAY;
886
887 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW,
888 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)");
889
890 static void
891 poweroff_wait(void *junk, int howto)
892 {
893
894 if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0)
895 return;
896 DELAY(poweroff_delay * 1000);
897 }
898
899 /*
900 * Some system processes (e.g. syncer) need to be stopped at appropriate
901 * points in their main loops prior to a system shutdown, so that they
902 * won't interfere with the shutdown process (e.g. by holding a disk buf
903 * to cause sync to fail). For each of these system processes, register
904 * shutdown_kproc() as a handler for one of shutdown events.
905 */
906 static int kproc_shutdown_wait = 60;
907 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW,
908 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process");
909
910 void
911 kproc_shutdown(void *arg, int howto)
912 {
913 struct proc *p;
914 int error;
915
916 if (panicstr)
917 return;
918
919 p = (struct proc *)arg;
920 printf("Waiting (max %d seconds) for system process `%s' to stop... ",
921 kproc_shutdown_wait, p->p_comm);
922 error = kproc_suspend(p, kproc_shutdown_wait * hz);
923
924 if (error == EWOULDBLOCK)
925 printf("timed out\n");
926 else
927 printf("done\n");
928 }
929
930 void
931 kthread_shutdown(void *arg, int howto)
932 {
933 struct thread *td;
934 int error;
935
936 if (panicstr)
937 return;
938
939 td = (struct thread *)arg;
940 printf("Waiting (max %d seconds) for system thread `%s' to stop... ",
941 kproc_shutdown_wait, td->td_name);
942 error = kthread_suspend(td, kproc_shutdown_wait * hz);
943
944 if (error == EWOULDBLOCK)
945 printf("timed out\n");
946 else
947 printf("done\n");
948 }
949
950 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)];
951 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD,
952 dumpdevname, 0, "Device for kernel dumps");
953
954 static int _dump_append(struct dumperinfo *di, void *virtual,
955 vm_offset_t physical, size_t length);
956
957 #ifdef EKCD
958 static struct kerneldumpcrypto *
959 kerneldumpcrypto_create(size_t blocksize, uint8_t encryption,
960 const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey)
961 {
962 struct kerneldumpcrypto *kdc;
963 struct kerneldumpkey *kdk;
964 uint32_t dumpkeysize;
965
966 dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize);
967 kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO);
968
969 arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0);
970
971 kdc->kdc_encryption = encryption;
972 switch (kdc->kdc_encryption) {
973 case KERNELDUMP_ENC_AES_256_CBC:
974 if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0)
975 goto failed;
976 break;
977 default:
978 goto failed;
979 }
980
981 kdc->kdc_dumpkeysize = dumpkeysize;
982 kdk = kdc->kdc_dumpkey;
983 kdk->kdk_encryption = kdc->kdc_encryption;
984 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv));
985 kdk->kdk_encryptedkeysize = htod32(encryptedkeysize);
986 memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize);
987
988 return (kdc);
989 failed:
990 explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize);
991 free(kdc, M_EKCD);
992 return (NULL);
993 }
994
995 static int
996 kerneldumpcrypto_init(struct kerneldumpcrypto *kdc)
997 {
998 uint8_t hash[SHA256_DIGEST_LENGTH];
999 SHA256_CTX ctx;
1000 struct kerneldumpkey *kdk;
1001 int error;
1002
1003 error = 0;
1004
1005 if (kdc == NULL)
1006 return (0);
1007
1008 /*
1009 * When a user enters ddb it can write a crash dump multiple times.
1010 * Each time it should be encrypted using a different IV.
1011 */
1012 SHA256_Init(&ctx);
1013 SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv));
1014 SHA256_Final(hash, &ctx);
1015 bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv));
1016
1017 switch (kdc->kdc_encryption) {
1018 case KERNELDUMP_ENC_AES_256_CBC:
1019 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC,
1020 kdc->kdc_iv) <= 0) {
1021 error = EINVAL;
1022 goto out;
1023 }
1024 break;
1025 default:
1026 error = EINVAL;
1027 goto out;
1028 }
1029
1030 kdk = kdc->kdc_dumpkey;
1031 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv));
1032 out:
1033 explicit_bzero(hash, sizeof(hash));
1034 return (error);
1035 }
1036
1037 static uint32_t
1038 kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc)
1039 {
1040
1041 if (kdc == NULL)
1042 return (0);
1043 return (kdc->kdc_dumpkeysize);
1044 }
1045 #endif /* EKCD */
1046
1047 static struct kerneldumpcomp *
1048 kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression)
1049 {
1050 struct kerneldumpcomp *kdcomp;
1051 int format;
1052
1053 switch (compression) {
1054 case KERNELDUMP_COMP_GZIP:
1055 format = COMPRESS_GZIP;
1056 break;
1057 case KERNELDUMP_COMP_ZSTD:
1058 format = COMPRESS_ZSTD;
1059 break;
1060 default:
1061 return (NULL);
1062 }
1063
1064 kdcomp = malloc(sizeof(*kdcomp), M_DUMPER, M_WAITOK | M_ZERO);
1065 kdcomp->kdc_format = compression;
1066 kdcomp->kdc_stream = compressor_init(kerneldumpcomp_write_cb,
1067 format, di->maxiosize, kerneldump_gzlevel, di);
1068 if (kdcomp->kdc_stream == NULL) {
1069 free(kdcomp, M_DUMPER);
1070 return (NULL);
1071 }
1072 kdcomp->kdc_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP);
1073 return (kdcomp);
1074 }
1075
1076 static void
1077 kerneldumpcomp_destroy(struct dumperinfo *di)
1078 {
1079 struct kerneldumpcomp *kdcomp;
1080
1081 kdcomp = di->kdcomp;
1082 if (kdcomp == NULL)
1083 return;
1084 compressor_fini(kdcomp->kdc_stream);
1085 explicit_bzero(kdcomp->kdc_buf, di->maxiosize);
1086 free(kdcomp->kdc_buf, M_DUMPER);
1087 free(kdcomp, M_DUMPER);
1088 }
1089
1090 /* Registration of dumpers */
1091 int
1092 set_dumper(struct dumperinfo *di, const char *devname, struct thread *td,
1093 uint8_t compression, uint8_t encryption, const uint8_t *key,
1094 uint32_t encryptedkeysize, const uint8_t *encryptedkey)
1095 {
1096 size_t wantcopy;
1097 int error;
1098
1099 error = priv_check(td, PRIV_SETDUMPER);
1100 if (error != 0)
1101 return (error);
1102
1103 if (dumper.dumper != NULL)
1104 return (EBUSY);
1105 dumper = *di;
1106 dumper.blockbuf = NULL;
1107 dumper.kdcrypto = NULL;
1108 dumper.kdcomp = NULL;
1109
1110 if (encryption != KERNELDUMP_ENC_NONE) {
1111 #ifdef EKCD
1112 dumper.kdcrypto = kerneldumpcrypto_create(di->blocksize,
1113 encryption, key, encryptedkeysize, encryptedkey);
1114 if (dumper.kdcrypto == NULL) {
1115 error = EINVAL;
1116 goto cleanup;
1117 }
1118 #else
1119 error = EOPNOTSUPP;
1120 goto cleanup;
1121 #endif
1122 }
1123
1124 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname));
1125 if (wantcopy >= sizeof(dumpdevname)) {
1126 printf("set_dumper: device name truncated from '%s' -> '%s'\n",
1127 devname, dumpdevname);
1128 }
1129
1130 if (compression != KERNELDUMP_COMP_NONE) {
1131 /*
1132 * We currently can't support simultaneous encryption and
1133 * compression.
1134 */
1135 if (encryption != KERNELDUMP_ENC_NONE) {
1136 error = EOPNOTSUPP;
1137 goto cleanup;
1138 }
1139 dumper.kdcomp = kerneldumpcomp_create(&dumper, compression);
1140 if (dumper.kdcomp == NULL) {
1141 error = EINVAL;
1142 goto cleanup;
1143 }
1144 }
1145
1146 dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO);
1147 return (0);
1148
1149 cleanup:
1150 (void)clear_dumper(td);
1151 return (error);
1152 }
1153
1154 int
1155 clear_dumper(struct thread *td)
1156 {
1157 int error;
1158
1159 error = priv_check(td, PRIV_SETDUMPER);
1160 if (error != 0)
1161 return (error);
1162
1163 #ifdef NETDUMP
1164 netdump_mbuf_drain();
1165 #endif
1166
1167 #ifdef EKCD
1168 if (dumper.kdcrypto != NULL) {
1169 explicit_bzero(dumper.kdcrypto, sizeof(*dumper.kdcrypto) +
1170 dumper.kdcrypto->kdc_dumpkeysize);
1171 free(dumper.kdcrypto, M_EKCD);
1172 }
1173 #endif
1174
1175 kerneldumpcomp_destroy(&dumper);
1176
1177 if (dumper.blockbuf != NULL) {
1178 explicit_bzero(dumper.blockbuf, dumper.blocksize);
1179 free(dumper.blockbuf, M_DUMPER);
1180 }
1181 explicit_bzero(&dumper, sizeof(dumper));
1182 dumpdevname[0] = '\0';
1183 return (0);
1184 }
1185
1186 static int
1187 dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length)
1188 {
1189
1190 if (di->mediasize > 0 && length != 0 && (offset < di->mediaoffset ||
1191 offset - di->mediaoffset + length > di->mediasize)) {
1192 if (di->kdcomp != NULL && offset >= di->mediaoffset) {
1193 printf(
1194 "Compressed dump failed to fit in device boundaries.\n");
1195 return (E2BIG);
1196 }
1197
1198 printf("Attempt to write outside dump device boundaries.\n"
1199 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n",
1200 (intmax_t)offset, (intmax_t)di->mediaoffset,
1201 (uintmax_t)length, (intmax_t)di->mediasize);
1202 return (ENOSPC);
1203 }
1204 if (length % di->blocksize != 0) {
1205 printf("Attempt to write partial block of length %ju.\n",
1206 (uintmax_t)length);
1207 return (EINVAL);
1208 }
1209 if (offset % di->blocksize != 0) {
1210 printf("Attempt to write at unaligned offset %jd.\n",
1211 (intmax_t)offset);
1212 return (EINVAL);
1213 }
1214
1215 return (0);
1216 }
1217
1218 #ifdef EKCD
1219 static int
1220 dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size)
1221 {
1222
1223 switch (kdc->kdc_encryption) {
1224 case KERNELDUMP_ENC_AES_256_CBC:
1225 if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf,
1226 8 * size, buf) <= 0) {
1227 return (EIO);
1228 }
1229 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC,
1230 buf + size - 16 /* IV size for AES-256-CBC */) <= 0) {
1231 return (EIO);
1232 }
1233 break;
1234 default:
1235 return (EINVAL);
1236 }
1237
1238 return (0);
1239 }
1240
1241 /* Encrypt data and call dumper. */
1242 static int
1243 dump_encrypted_write(struct dumperinfo *di, void *virtual,
1244 vm_offset_t physical, off_t offset, size_t length)
1245 {
1246 static uint8_t buf[KERNELDUMP_BUFFER_SIZE];
1247 struct kerneldumpcrypto *kdc;
1248 int error;
1249 size_t nbytes;
1250
1251 kdc = di->kdcrypto;
1252
1253 while (length > 0) {
1254 nbytes = MIN(length, sizeof(buf));
1255 bcopy(virtual, buf, nbytes);
1256
1257 if (dump_encrypt(kdc, buf, nbytes) != 0)
1258 return (EIO);
1259
1260 error = dump_write(di, buf, physical, offset, nbytes);
1261 if (error != 0)
1262 return (error);
1263
1264 offset += nbytes;
1265 virtual = (void *)((uint8_t *)virtual + nbytes);
1266 length -= nbytes;
1267 }
1268
1269 return (0);
1270 }
1271 #endif /* EKCD */
1272
1273 static int
1274 kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg)
1275 {
1276 struct dumperinfo *di;
1277 size_t resid, rlength;
1278 int error;
1279
1280 di = arg;
1281
1282 if (length % di->blocksize != 0) {
1283 /*
1284 * This must be the final write after flushing the compression
1285 * stream. Write as many full blocks as possible and stash the
1286 * residual data in the dumper's block buffer. It will be
1287 * padded and written in dump_finish().
1288 */
1289 rlength = rounddown(length, di->blocksize);
1290 if (rlength != 0) {
1291 error = _dump_append(di, base, 0, rlength);
1292 if (error != 0)
1293 return (error);
1294 }
1295 resid = length - rlength;
1296 memmove(di->blockbuf, (uint8_t *)base + rlength, resid);
1297 di->kdcomp->kdc_resid = resid;
1298 return (EAGAIN);
1299 }
1300 return (_dump_append(di, base, 0, length));
1301 }
1302
1303 /*
1304 * Write kernel dump headers at the beginning and end of the dump extent.
1305 * Write the kernel dump encryption key after the leading header if we were
1306 * configured to do so.
1307 */
1308 static int
1309 dump_write_headers(struct dumperinfo *di, struct kerneldumpheader *kdh)
1310 {
1311 #ifdef EKCD
1312 struct kerneldumpcrypto *kdc;
1313 #endif
1314 void *buf, *key;
1315 size_t hdrsz;
1316 uint64_t extent;
1317 uint32_t keysize;
1318 int error;
1319
1320 hdrsz = sizeof(*kdh);
1321 if (hdrsz > di->blocksize)
1322 return (ENOMEM);
1323
1324 #ifdef EKCD
1325 kdc = di->kdcrypto;
1326 key = kdc->kdc_dumpkey;
1327 keysize = kerneldumpcrypto_dumpkeysize(kdc);
1328 #else
1329 key = NULL;
1330 keysize = 0;
1331 #endif
1332
1333 /*
1334 * If the dump device has special handling for headers, let it take care
1335 * of writing them out.
1336 */
1337 if (di->dumper_hdr != NULL)
1338 return (di->dumper_hdr(di, kdh, key, keysize));
1339
1340 if (hdrsz == di->blocksize)
1341 buf = kdh;
1342 else {
1343 buf = di->blockbuf;
1344 memset(buf, 0, di->blocksize);
1345 memcpy(buf, kdh, hdrsz);
1346 }
1347
1348 extent = dtoh64(kdh->dumpextent);
1349 #ifdef EKCD
1350 if (kdc != NULL) {
1351 error = dump_write(di, kdc->kdc_dumpkey, 0,
1352 di->mediaoffset + di->mediasize - di->blocksize - extent -
1353 keysize, keysize);
1354 if (error != 0)
1355 return (error);
1356 }
1357 #endif
1358
1359 error = dump_write(di, buf, 0,
1360 di->mediaoffset + di->mediasize - 2 * di->blocksize - extent -
1361 keysize, di->blocksize);
1362 if (error == 0)
1363 error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize -
1364 di->blocksize, di->blocksize);
1365 return (error);
1366 }
1367
1368 /*
1369 * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to
1370 * protect us from metadata and metadata from us.
1371 */
1372 #define SIZEOF_METADATA (64 * 1024)
1373
1374 /*
1375 * Do some preliminary setup for a kernel dump: initialize state for encryption,
1376 * if requested, and make sure that we have enough space on the dump device.
1377 *
1378 * We set things up so that the dump ends before the last sector of the dump
1379 * device, at which the trailing header is written.
1380 *
1381 * +-----------+------+-----+----------------------------+------+
1382 * | | lhdr | key | ... kernel dump ... | thdr |
1383 * +-----------+------+-----+----------------------------+------+
1384 * 1 blk opt <------- dump extent --------> 1 blk
1385 *
1386 * Dumps written using dump_append() start at the beginning of the extent.
1387 * Uncompressed dumps will use the entire extent, but compressed dumps typically
1388 * will not. The true length of the dump is recorded in the leading and trailing
1389 * headers once the dump has been completed.
1390 *
1391 * The dump device may provide a callback, in which case it will initialize
1392 * dumpoff and take care of laying out the headers.
1393 */
1394 int
1395 dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh)
1396 {
1397 uint64_t dumpextent, span;
1398 uint32_t keysize;
1399 int error;
1400
1401 #ifdef EKCD
1402 error = kerneldumpcrypto_init(di->kdcrypto);
1403 if (error != 0)
1404 return (error);
1405 keysize = kerneldumpcrypto_dumpkeysize(di->kdcrypto);
1406 #else
1407 error = 0;
1408 keysize = 0;
1409 #endif
1410
1411 if (di->dumper_start != NULL) {
1412 error = di->dumper_start(di);
1413 } else {
1414 dumpextent = dtoh64(kdh->dumpextent);
1415 span = SIZEOF_METADATA + dumpextent + 2 * di->blocksize +
1416 keysize;
1417 if (di->mediasize < span) {
1418 if (di->kdcomp == NULL)
1419 return (E2BIG);
1420
1421 /*
1422 * We don't yet know how much space the compressed dump
1423 * will occupy, so try to use the whole swap partition
1424 * (minus the first 64KB) in the hope that the
1425 * compressed dump will fit. If that doesn't turn out to
1426 * be enough, the bounds checking in dump_write()
1427 * will catch us and cause the dump to fail.
1428 */
1429 dumpextent = di->mediasize - span + dumpextent;
1430 kdh->dumpextent = htod64(dumpextent);
1431 }
1432
1433 /*
1434 * The offset at which to begin writing the dump.
1435 */
1436 di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize -
1437 dumpextent;
1438 }
1439 di->origdumpoff = di->dumpoff;
1440 return (error);
1441 }
1442
1443 static int
1444 _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical,
1445 size_t length)
1446 {
1447 int error;
1448
1449 #ifdef EKCD
1450 if (di->kdcrypto != NULL)
1451 error = dump_encrypted_write(di, virtual, physical, di->dumpoff,
1452 length);
1453 else
1454 #endif
1455 error = dump_write(di, virtual, physical, di->dumpoff, length);
1456 if (error == 0)
1457 di->dumpoff += length;
1458 return (error);
1459 }
1460
1461 /*
1462 * Write to the dump device starting at dumpoff. When compression is enabled,
1463 * writes to the device will be performed using a callback that gets invoked
1464 * when the compression stream's output buffer is full.
1465 */
1466 int
1467 dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical,
1468 size_t length)
1469 {
1470 void *buf;
1471
1472 if (di->kdcomp != NULL) {
1473 /* Bounce through a buffer to avoid CRC errors. */
1474 if (length > di->maxiosize)
1475 return (EINVAL);
1476 buf = di->kdcomp->kdc_buf;
1477 memmove(buf, virtual, length);
1478 return (compressor_write(di->kdcomp->kdc_stream, buf, length));
1479 }
1480 return (_dump_append(di, virtual, physical, length));
1481 }
1482
1483 /*
1484 * Write to the dump device at the specified offset.
1485 */
1486 int
1487 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical,
1488 off_t offset, size_t length)
1489 {
1490 int error;
1491
1492 error = dump_check_bounds(di, offset, length);
1493 if (error != 0)
1494 return (error);
1495 return (di->dumper(di->priv, virtual, physical, offset, length));
1496 }
1497
1498 /*
1499 * Perform kernel dump finalization: flush the compression stream, if necessary,
1500 * write the leading and trailing kernel dump headers now that we know the true
1501 * length of the dump, and optionally write the encryption key following the
1502 * leading header.
1503 */
1504 int
1505 dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh)
1506 {
1507 int error;
1508
1509 if (di->kdcomp != NULL) {
1510 error = compressor_flush(di->kdcomp->kdc_stream);
1511 if (error == EAGAIN) {
1512 /* We have residual data in di->blockbuf. */
1513 error = dump_write(di, di->blockbuf, 0, di->dumpoff,
1514 di->blocksize);
1515 di->dumpoff += di->kdcomp->kdc_resid;
1516 di->kdcomp->kdc_resid = 0;
1517 }
1518 if (error != 0)
1519 return (error);
1520
1521 /*
1522 * We now know the size of the compressed dump, so update the
1523 * header accordingly and recompute parity.
1524 */
1525 kdh->dumplength = htod64(di->dumpoff - di->origdumpoff);
1526 kdh->parity = 0;
1527 kdh->parity = kerneldump_parity(kdh);
1528
1529 compressor_reset(di->kdcomp->kdc_stream);
1530 }
1531
1532 error = dump_write_headers(di, kdh);
1533 if (error != 0)
1534 return (error);
1535
1536 (void)dump_write(di, NULL, 0, 0, 0);
1537 return (0);
1538 }
1539
1540 void
1541 dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh,
1542 char *magic, uint32_t archver, uint64_t dumplen)
1543 {
1544 size_t dstsize;
1545
1546 bzero(kdh, sizeof(*kdh));
1547 strlcpy(kdh->magic, magic, sizeof(kdh->magic));
1548 strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
1549 kdh->version = htod32(KERNELDUMPVERSION);
1550 kdh->architectureversion = htod32(archver);
1551 kdh->dumplength = htod64(dumplen);
1552 kdh->dumpextent = kdh->dumplength;
1553 kdh->dumptime = htod64(time_second);
1554 #ifdef EKCD
1555 kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdcrypto));
1556 #else
1557 kdh->dumpkeysize = 0;
1558 #endif
1559 kdh->blocksize = htod32(di->blocksize);
1560 strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
1561 dstsize = sizeof(kdh->versionstring);
1562 if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize)
1563 kdh->versionstring[dstsize - 2] = '\n';
1564 if (panicstr != NULL)
1565 strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
1566 if (di->kdcomp != NULL)
1567 kdh->compression = di->kdcomp->kdc_format;
1568 kdh->parity = kerneldump_parity(kdh);
1569 }
1570
1571 #ifdef DDB
1572 DB_SHOW_COMMAND(panic, db_show_panic)
1573 {
1574
1575 if (panicstr == NULL)
1576 db_printf("panicstr not set\n");
1577 else
1578 db_printf("panic: %s\n", panicstr);
1579 }
1580 #endif
Cache object: 08f532abf4cfaae71b5c16b8025fc5b1
|