fxr.watson.org: FREEBSD-12-STABLE sys/kern/kern

FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_shutdown.c

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1986, 1988, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_ddb.h" 43 #include "opt_ekcd.h" 44 #include "opt_kdb.h" 45 #include "opt_panic.h" 46 #include "opt_sched.h" 47 #include "opt_watchdog.h" 48 49 #include <sys/param.h> 50 #include <sys/systm.h> 51 #include <sys/bio.h> 52 #include <sys/buf.h> 53 #include <sys/conf.h> 54 #include <sys/compressor.h> 55 #include <sys/cons.h> 56 #include <sys/eventhandler.h> 57 #include <sys/filedesc.h> 58 #include <sys/jail.h> 59 #include <sys/kdb.h> 60 #include <sys/kernel.h> 61 #include <sys/kerneldump.h> 62 #include <sys/kthread.h> 63 #include <sys/ktr.h> 64 #include <sys/malloc.h> 65 #include <sys/mbuf.h> 66 #include <sys/mount.h> 67 #include <sys/priv.h> 68 #include <sys/proc.h> 69 #include <sys/reboot.h> 70 #include <sys/resourcevar.h> 71 #include <sys/rwlock.h> 72 #include <sys/sched.h> 73 #include <sys/smp.h> 74 #include <sys/sysctl.h> 75 #include <sys/sysproto.h> 76 #include <sys/taskqueue.h> 77 #include <sys/vnode.h> 78 #include <sys/watchdog.h> 79 80 #include <crypto/rijndael/rijndael-api-fst.h> 81 #include <crypto/sha2/sha256.h> 82 83 #include <ddb/ddb.h> 84 85 #include <machine/cpu.h> 86 #include <machine/dump.h> 87 #include <machine/pcb.h> 88 #include <machine/smp.h> 89 90 #include <security/mac/mac_framework.h> 91 92 #include <vm/vm.h> 93 #include <vm/vm_object.h> 94 #include <vm/vm_page.h> 95 #include <vm/vm_pager.h> 96 #include <vm/swap_pager.h> 97 98 #include <sys/signalvar.h> 99 100 static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); 101 102 #ifndef PANIC_REBOOT_WAIT_TIME 103 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 104 #endif 105 static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 106 SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 107 &panic_reboot_wait_time, 0, 108 "Seconds to wait before rebooting after a panic"); 109 110 /* 111 * Note that stdarg.h and the ANSI style va_start macro is used for both 112 * ANSI and traditional C compilers. 113 */ 114 #include <machine/stdarg.h> 115 116 #ifdef KDB 117 #ifdef KDB_UNATTENDED 118 int debugger_on_panic = 0; 119 #else 120 int debugger_on_panic = 1; 121 #endif 122 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 123 CTLFLAG_RWTUN | CTLFLAG_SECURE, 124 &debugger_on_panic, 0, "Run debugger on kernel panic"); 125 126 int debugger_on_trap = 0; 127 SYSCTL_INT(_debug, OID_AUTO, debugger_on_trap, 128 CTLFLAG_RWTUN | CTLFLAG_SECURE, 129 &debugger_on_trap, 0, "Run debugger on kernel trap before panic"); 130 131 #ifdef KDB_TRACE 132 static int trace_on_panic = 1; 133 static bool trace_all_panics = true; 134 #else 135 static int trace_on_panic = 0; 136 static bool trace_all_panics = false; 137 #endif 138 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 139 CTLFLAG_RWTUN | CTLFLAG_SECURE, 140 &trace_on_panic, 0, "Print stack trace on kernel panic"); 141 SYSCTL_BOOL(_debug, OID_AUTO, trace_all_panics, CTLFLAG_RWTUN, 142 &trace_all_panics, 0, "Print stack traces on secondary kernel panics"); 143 #endif /* KDB */ 144 145 static int sync_on_panic = 0; 146 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 147 &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 148 149 static bool poweroff_on_panic = 0; 150 SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN, 151 &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic"); 152 153 static bool powercycle_on_panic = 0; 154 SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN, 155 &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic"); 156 157 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 158 "Shutdown environment"); 159 160 #ifndef DIAGNOSTIC 161 static int show_busybufs; 162 #else 163 static int show_busybufs = 1; 164 #endif 165 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 166 &show_busybufs, 0, ""); 167 168 int suspend_blocked = 0; 169 SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 170 &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 171 172 #ifdef EKCD 173 FEATURE(ekcd, "Encrypted kernel crash dumps support"); 174 175 MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); 176 177 struct kerneldumpcrypto { 178 uint8_t kdc_encryption; 179 uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; 180 keyInstance kdc_ki; 181 cipherInstance kdc_ci; 182 uint32_t kdc_dumpkeysize; 183 struct kerneldumpkey kdc_dumpkey[]; 184 }; 185 #endif 186 187 struct kerneldumpcomp { 188 uint8_t kdc_format; 189 struct compressor *kdc_stream; 190 uint8_t *kdc_buf; 191 size_t kdc_resid; 192 }; 193 194 static struct kerneldumpcomp *kerneldumpcomp_create(struct dumperinfo *di, 195 uint8_t compression); 196 static void kerneldumpcomp_destroy(struct dumperinfo *di); 197 static int kerneldumpcomp_write_cb(void *base, size_t len, off_t off, void *arg); 198 199 static int kerneldump_gzlevel = 6; 200 SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN, 201 &kerneldump_gzlevel, 0, 202 "Kernel crash dump compression level"); 203 204 /* 205 * Variable panicstr contains argument to first call to panic; used as flag 206 * to indicate that the kernel has already called panic. 207 */ 208 const char __read_mostly *panicstr; 209 210 int __read_mostly dumping; /* system is dumping */ 211 int rebooting; /* system is rebooting */ 212 static struct dumperinfo dumper; /* our selected dumper */ 213 214 /* Context information for dump-debuggers. */ 215 static struct pcb dumppcb; /* Registers. */ 216 lwpid_t dumptid; /* Thread ID. */ 217 218 static struct cdevsw reroot_cdevsw = { 219 .d_version = D_VERSION, 220 .d_name = "reroot", 221 }; 222 223 static void poweroff_wait(void *, int); 224 static void shutdown_halt(void *junk, int howto); 225 static void shutdown_panic(void *junk, int howto); 226 static void shutdown_reset(void *junk, int howto); 227 static int kern_reroot(void); 228 229 /* register various local shutdown events */ 230 static void 231 shutdown_conf(void *unused) 232 { 233 234 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 235 SHUTDOWN_PRI_FIRST); 236 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 237 SHUTDOWN_PRI_LAST + 100); 238 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 239 SHUTDOWN_PRI_LAST + 100); 240 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 241 SHUTDOWN_PRI_LAST + 200); 242 } 243 244 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 245 246 /* 247 * The only reason this exists is to create the /dev/reroot/ directory, 248 * used by reroot code in init(8) as a mountpoint for tmpfs. 249 */ 250 static void 251 reroot_conf(void *unused) 252 { 253 int error; 254 struct cdev *cdev; 255 256 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 257 &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 258 if (error != 0) { 259 printf("%s: failed to create device node, error %d", 260 __func__, error); 261 } 262 } 263 264 SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 265 266 /* 267 * The system call that results in a reboot. 268 */ 269 /* ARGSUSED */ 270 int 271 sys_reboot(struct thread *td, struct reboot_args *uap) 272 { 273 int error; 274 275 error = 0; 276 #ifdef MAC 277 error = mac_system_check_reboot(td->td_ucred, uap->opt); 278 #endif 279 if (error == 0) 280 error = priv_check(td, PRIV_REBOOT); 281 if (error == 0) { 282 if (uap->opt & RB_REROOT) 283 error = kern_reroot(); 284 else 285 kern_reboot(uap->opt); 286 } 287 return (error); 288 } 289 290 static void 291 shutdown_nice_task_fn(void *arg, int pending __unused) 292 { 293 int howto; 294 295 howto = (uintptr_t)arg; 296 /* Send a signal to init(8) and have it shutdown the world. */ 297 PROC_LOCK(initproc); 298 if (howto & RB_POWEROFF) 299 kern_psignal(initproc, SIGUSR2); 300 else if (howto & RB_POWERCYCLE) 301 kern_psignal(initproc, SIGWINCH); 302 else if (howto & RB_HALT) 303 kern_psignal(initproc, SIGUSR1); 304 else 305 kern_psignal(initproc, SIGINT); 306 PROC_UNLOCK(initproc); 307 } 308 309 static struct task shutdown_nice_task = TASK_INITIALIZER(0, 310 &shutdown_nice_task_fn, NULL); 311 312 /* 313 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 314 */ 315 void 316 shutdown_nice(int howto) 317 { 318 319 if (initproc != NULL && !SCHEDULER_STOPPED()) { 320 shutdown_nice_task.ta_context = (void *)(uintptr_t)howto; 321 taskqueue_enqueue(taskqueue_fast, &shutdown_nice_task); 322 } else { 323 /* 324 * No init(8) running, or scheduler would not allow it 325 * to run, so simply reboot. 326 */ 327 kern_reboot(howto | RB_NOSYNC); 328 } 329 } 330 331 static void 332 print_uptime(void) 333 { 334 int f; 335 struct timespec ts; 336 337 getnanouptime(&ts); 338 printf("Uptime: "); 339 f = 0; 340 if (ts.tv_sec >= 86400) { 341 printf("%ldd", (long)ts.tv_sec / 86400); 342 ts.tv_sec %= 86400; 343 f = 1; 344 } 345 if (f || ts.tv_sec >= 3600) { 346 printf("%ldh", (long)ts.tv_sec / 3600); 347 ts.tv_sec %= 3600; 348 f = 1; 349 } 350 if (f || ts.tv_sec >= 60) { 351 printf("%ldm", (long)ts.tv_sec / 60); 352 ts.tv_sec %= 60; 353 f = 1; 354 } 355 printf("%lds\n", (long)ts.tv_sec); 356 } 357 358 int 359 doadump(boolean_t textdump) 360 { 361 boolean_t coredump; 362 int error; 363 364 error = 0; 365 if (dumping) 366 return (EBUSY); 367 if (dumper.dumper == NULL) 368 return (ENXIO); 369 370 savectx(&dumppcb); 371 dumptid = curthread->td_tid; 372 dumping++; 373 374 coredump = TRUE; 375 #ifdef DDB 376 if (textdump && textdump_pending) { 377 coredump = FALSE; 378 textdump_dumpsys(&dumper); 379 } 380 #endif 381 if (coredump) 382 error = dumpsys(&dumper); 383 384 dumping--; 385 return (error); 386 } 387 388 /* 389 * kern_reboot(9): Shut down the system cleanly to prepare for reboot, halt, or 390 * power off. 391 */ 392 void 393 kern_reboot(int howto) 394 { 395 static int once = 0; 396 397 /* 398 * Normal paths here don't hold Giant, but we can wind up here 399 * unexpectedly with it held. Drop it now so we don't have to 400 * drop and pick it up elsewhere. The paths it is locking will 401 * never be returned to, and it is preferable to preclude 402 * deadlock than to lock against code that won't ever 403 * continue. 404 */ 405 while (mtx_owned(&Giant)) 406 mtx_unlock(&Giant); 407 408 #if defined(SMP) 409 /* 410 * Bind us to the first CPU so that all shutdown code runs there. Some 411 * systems don't shutdown properly (i.e., ACPI power off) if we 412 * run on another processor. 413 */ 414 if (!SCHEDULER_STOPPED()) { 415 thread_lock(curthread); 416 sched_bind(curthread, CPU_FIRST()); 417 thread_unlock(curthread); 418 KASSERT(PCPU_GET(cpuid) == CPU_FIRST(), 419 ("%s: not running on cpu 0", __func__)); 420 } 421 #endif 422 /* We're in the process of rebooting. */ 423 rebooting = 1; 424 425 /* We are out of the debugger now. */ 426 kdb_active = 0; 427 428 /* 429 * Do any callouts that should be done BEFORE syncing the filesystems. 430 */ 431 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 432 433 /* 434 * Now sync filesystems 435 */ 436 if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 437 once = 1; 438 bufshutdown(show_busybufs); 439 } 440 441 print_uptime(); 442 443 cngrab(); 444 445 /* 446 * Ok, now do things that assume all filesystem activity has 447 * been completed. 448 */ 449 EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 450 451 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 452 doadump(TRUE); 453 454 /* Now that we're going to really halt the system... */ 455 EVENTHANDLER_INVOKE(shutdown_final, howto); 456 457 for(;;) ; /* safety against shutdown_reset not working */ 458 /* NOTREACHED */ 459 } 460 461 /* 462 * The system call that results in changing the rootfs. 463 */ 464 static int 465 kern_reroot(void) 466 { 467 struct vnode *oldrootvnode, *vp; 468 struct mount *mp, *devmp; 469 int error; 470 471 if (curproc != initproc) 472 return (EPERM); 473 474 /* 475 * Mark the filesystem containing currently-running executable 476 * (the temporary copy of init(8)) busy. 477 */ 478 vp = curproc->p_textvp; 479 error = vn_lock(vp, LK_SHARED); 480 if (error != 0) 481 return (error); 482 mp = vp->v_mount; 483 error = vfs_busy(mp, MBF_NOWAIT); 484 if (error != 0) { 485 vfs_ref(mp); 486 VOP_UNLOCK(vp, 0); 487 error = vfs_busy(mp, 0); 488 vn_lock(vp, LK_SHARED | LK_RETRY); 489 vfs_rel(mp); 490 if (error != 0) { 491 VOP_UNLOCK(vp, 0); 492 return (ENOENT); 493 } 494 if (vp->v_iflag & VI_DOOMED) { 495 VOP_UNLOCK(vp, 0); 496 vfs_unbusy(mp); 497 return (ENOENT); 498 } 499 } 500 VOP_UNLOCK(vp, 0); 501 502 /* 503 * Remove the filesystem containing currently-running executable 504 * from the mount list, to prevent it from being unmounted 505 * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 506 * 507 * Also preserve /dev - forcibly unmounting it could cause driver 508 * reinitialization. 509 */ 510 511 vfs_ref(rootdevmp); 512 devmp = rootdevmp; 513 rootdevmp = NULL; 514 515 mtx_lock(&mountlist_mtx); 516 TAILQ_REMOVE(&mountlist, mp, mnt_list); 517 TAILQ_REMOVE(&mountlist, devmp, mnt_list); 518 mtx_unlock(&mountlist_mtx); 519 520 oldrootvnode = rootvnode; 521 522 /* 523 * Unmount everything except for the two filesystems preserved above. 524 */ 525 vfs_unmountall(); 526 527 /* 528 * Add /dev back; vfs_mountroot() will move it into its new place. 529 */ 530 mtx_lock(&mountlist_mtx); 531 TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 532 mtx_unlock(&mountlist_mtx); 533 rootdevmp = devmp; 534 vfs_rel(rootdevmp); 535 536 /* 537 * Mount the new rootfs. 538 */ 539 vfs_mountroot(); 540 541 /* 542 * Update all references to the old rootvnode. 543 */ 544 mountcheckdirs(oldrootvnode, rootvnode); 545 546 /* 547 * Add the temporary filesystem back and unbusy it. 548 */ 549 mtx_lock(&mountlist_mtx); 550 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 551 mtx_unlock(&mountlist_mtx); 552 vfs_unbusy(mp); 553 554 return (0); 555 } 556 557 /* 558 * If the shutdown was a clean halt, behave accordingly. 559 */ 560 static void 561 shutdown_halt(void *junk, int howto) 562 { 563 564 if (howto & RB_HALT) { 565 printf("\n"); 566 printf("The operating system has halted.\n"); 567 printf("Please press any key to reboot.\n\n"); 568 569 wdog_kern_pat(WD_TO_NEVER); 570 571 switch (cngetc()) { 572 case -1: /* No console, just die */ 573 cpu_halt(); 574 /* NOTREACHED */ 575 default: 576 break; 577 } 578 } 579 } 580 581 /* 582 * Check to see if the system panicked, pause and then reboot 583 * according to the specified delay. 584 */ 585 static void 586 shutdown_panic(void *junk, int howto) 587 { 588 int loop; 589 590 if (howto & RB_DUMP) { 591 if (panic_reboot_wait_time != 0) { 592 if (panic_reboot_wait_time != -1) { 593 printf("Automatic reboot in %d seconds - " 594 "press a key on the console to abort\n", 595 panic_reboot_wait_time); 596 for (loop = panic_reboot_wait_time * 10; 597 loop > 0; --loop) { 598 DELAY(1000 * 100); /* 1/10th second */ 599 /* Did user type a key? */ 600 if (cncheckc() != -1) 601 break; 602 } 603 if (!loop) 604 return; 605 } 606 } else { /* zero time specified - reboot NOW */ 607 return; 608 } 609 printf("--> Press a key on the console to reboot,\n"); 610 printf("--> or switch off the system now.\n"); 611 cngetc(); 612 } 613 } 614 615 /* 616 * Everything done, now reset 617 */ 618 static void 619 shutdown_reset(void *junk, int howto) 620 { 621 622 printf("Rebooting...\n"); 623 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 624 625 /* 626 * Acquiring smp_ipi_mtx here has a double effect: 627 * - it disables interrupts avoiding CPU0 preemption 628 * by fast handlers (thus deadlocking against other CPUs) 629 * - it avoids deadlocks against smp_rendezvous() or, more 630 * generally, threads busy-waiting, with this spinlock held, 631 * and waiting for responses by threads on other CPUs 632 * (ie. smp_tlb_shootdown()). 633 * 634 * For the !SMP case it just needs to handle the former problem. 635 */ 636 #ifdef SMP 637 mtx_lock_spin(&smp_ipi_mtx); 638 #else 639 spinlock_enter(); 640 #endif 641 642 /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 643 cpu_reset(); 644 /* NOTREACHED */ /* assuming reset worked */ 645 } 646 647 #if defined(WITNESS) || defined(INVARIANT_SUPPORT) 648 static int kassert_warn_only = 0; 649 #ifdef KDB 650 static int kassert_do_kdb = 0; 651 #endif 652 #ifdef KTR 653 static int kassert_do_ktr = 0; 654 #endif 655 static int kassert_do_log = 1; 656 static int kassert_log_pps_limit = 4; 657 static int kassert_log_mute_at = 0; 658 static int kassert_log_panic_at = 0; 659 static int kassert_suppress_in_panic = 0; 660 static int kassert_warnings = 0; 661 662 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 663 664 #ifdef KASSERT_PANIC_OPTIONAL 665 #define KASSERT_RWTUN CTLFLAG_RWTUN 666 #else 667 #define KASSERT_RWTUN CTLFLAG_RDTUN 668 #endif 669 670 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, KASSERT_RWTUN, 671 &kassert_warn_only, 0, 672 "KASSERT triggers a panic (0) or just a warning (1)"); 673 674 #ifdef KDB 675 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, KASSERT_RWTUN, 676 &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 677 #endif 678 679 #ifdef KTR 680 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, KASSERT_RWTUN, 681 &kassert_do_ktr, 0, 682 "KASSERT does a KTR, set this to the KTRMASK you want"); 683 #endif 684 685 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, KASSERT_RWTUN, 686 &kassert_do_log, 0, 687 "If warn_only is enabled, log (1) or do not log (0) assertion violations"); 688 689 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RD | CTLFLAG_STATS, 690 &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 691 692 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, KASSERT_RWTUN, 693 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 694 695 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, KASSERT_RWTUN, 696 &kassert_log_pps_limit, 0, "limit number of log messages per second"); 697 698 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, KASSERT_RWTUN, 699 &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 700 701 SYSCTL_INT(_debug_kassert, OID_AUTO, suppress_in_panic, KASSERT_RWTUN, 702 &kassert_suppress_in_panic, 0, 703 "KASSERTs will be suppressed while handling a panic"); 704 #undef KASSERT_RWTUN 705 706 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 707 708 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 709 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 710 kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 711 712 static int 713 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 714 { 715 int error, i; 716 717 error = sysctl_wire_old_buffer(req, sizeof(int)); 718 if (error == 0) { 719 i = 0; 720 error = sysctl_handle_int(oidp, &i, 0, req); 721 } 722 if (error != 0 || req->newptr == NULL) 723 return (error); 724 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 725 return (0); 726 } 727 728 #ifdef KASSERT_PANIC_OPTIONAL 729 /* 730 * Called by KASSERT, this decides if we will panic 731 * or if we will log via printf and/or ktr. 732 */ 733 void 734 kassert_panic(const char *fmt, ...) 735 { 736 static char buf[256]; 737 va_list ap; 738 739 va_start(ap, fmt); 740 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 741 va_end(ap); 742 743 /* 744 * If we are suppressing secondary panics, log the warning but do not 745 * re-enter panic/kdb. 746 */ 747 if (panicstr != NULL && kassert_suppress_in_panic) { 748 if (kassert_do_log) { 749 printf("KASSERT failed: %s\n", buf); 750 #ifdef KDB 751 if (trace_all_panics && trace_on_panic) 752 kdb_backtrace(); 753 #endif 754 } 755 return; 756 } 757 758 /* 759 * panic if we're not just warning, or if we've exceeded 760 * kassert_log_panic_at warnings. 761 */ 762 if (!kassert_warn_only || 763 (kassert_log_panic_at > 0 && 764 kassert_warnings >= kassert_log_panic_at)) { 765 va_start(ap, fmt); 766 vpanic(fmt, ap); 767 /* NORETURN */ 768 } 769 #ifdef KTR 770 if (kassert_do_ktr) 771 CTR0(ktr_mask, buf); 772 #endif /* KTR */ 773 /* 774 * log if we've not yet met the mute limit. 775 */ 776 if (kassert_do_log && 777 (kassert_log_mute_at == 0 || 778 kassert_warnings < kassert_log_mute_at)) { 779 static struct timeval lasterr; 780 static int curerr; 781 782 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 783 printf("KASSERT failed: %s\n", buf); 784 kdb_backtrace(); 785 } 786 } 787 #ifdef KDB 788 if (kassert_do_kdb) { 789 kdb_enter(KDB_WHY_KASSERT, buf); 790 } 791 #endif 792 atomic_add_int(&kassert_warnings, 1); 793 } 794 #endif /* KASSERT_PANIC_OPTIONAL */ 795 #endif 796 797 /* 798 * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 799 * and then reboots. If we are called twice, then we avoid trying to sync 800 * the disks as this often leads to recursive panics. 801 */ 802 void 803 panic(const char *fmt, ...) 804 { 805 va_list ap; 806 807 va_start(ap, fmt); 808 vpanic(fmt, ap); 809 } 810 811 void 812 vpanic(const char *fmt, va_list ap) 813 { 814 #ifdef SMP 815 cpuset_t other_cpus; 816 #endif 817 struct thread *td = curthread; 818 int bootopt, newpanic; 819 static char buf[256]; 820 821 spinlock_enter(); 822 823 #ifdef SMP 824 /* 825 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 826 * concurrently entering panic. Only the winner will proceed 827 * further. 828 */ 829 if (panicstr == NULL && !kdb_active) { 830 other_cpus = all_cpus; 831 CPU_CLR(PCPU_GET(cpuid), &other_cpus); 832 stop_cpus_hard(other_cpus); 833 } 834 #endif 835 836 /* 837 * Ensure that the scheduler is stopped while panicking, even if panic 838 * has been entered from kdb. 839 */ 840 td->td_stopsched = 1; 841 842 bootopt = RB_AUTOBOOT; 843 newpanic = 0; 844 if (panicstr) 845 bootopt |= RB_NOSYNC; 846 else { 847 bootopt |= RB_DUMP; 848 panicstr = fmt; 849 newpanic = 1; 850 } 851 852 if (newpanic) { 853 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 854 panicstr = buf; 855 cngrab(); 856 printf("panic: %s\n", buf); 857 } else { 858 printf("panic: "); 859 vprintf(fmt, ap); 860 printf("\n"); 861 } 862 #ifdef SMP 863 printf("cpuid = %d\n", PCPU_GET(cpuid)); 864 #endif 865 printf("time = %jd\n", (intmax_t )time_second); 866 #ifdef KDB 867 if ((newpanic || trace_all_panics) && trace_on_panic) 868 kdb_backtrace(); 869 if (debugger_on_panic) 870 kdb_enter(KDB_WHY_PANIC, "panic"); 871 #endif 872 /*thread_lock(td); */ 873 td->td_flags |= TDF_INPANIC; 874 /* thread_unlock(td); */ 875 if (!sync_on_panic) 876 bootopt |= RB_NOSYNC; 877 if (poweroff_on_panic) 878 bootopt |= RB_POWEROFF; 879 if (powercycle_on_panic) 880 bootopt |= RB_POWERCYCLE; 881 kern_reboot(bootopt); 882 } 883 884 /* 885 * Support for poweroff delay. 886 * 887 * Please note that setting this delay too short might power off your machine 888 * before the write cache on your hard disk has been flushed, leading to 889 * soft-updates inconsistencies. 890 */ 891 #ifndef POWEROFF_DELAY 892 # define POWEROFF_DELAY 5000 893 #endif 894 static int poweroff_delay = POWEROFF_DELAY; 895 896 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 897 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 898 899 static void 900 poweroff_wait(void *junk, int howto) 901 { 902 903 if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0) 904 return; 905 DELAY(poweroff_delay * 1000); 906 } 907 908 /* 909 * Some system processes (e.g. syncer) need to be stopped at appropriate 910 * points in their main loops prior to a system shutdown, so that they 911 * won't interfere with the shutdown process (e.g. by holding a disk buf 912 * to cause sync to fail). For each of these system processes, register 913 * shutdown_kproc() as a handler for one of shutdown events. 914 */ 915 static int kproc_shutdown_wait = 60; 916 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 917 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 918 919 void 920 kproc_shutdown(void *arg, int howto) 921 { 922 struct proc *p; 923 int error; 924 925 if (panicstr) 926 return; 927 928 p = (struct proc *)arg; 929 printf("Waiting (max %d seconds) for system process `%s' to stop... ", 930 kproc_shutdown_wait, p->p_comm); 931 error = kproc_suspend(p, kproc_shutdown_wait * hz); 932 933 if (error == EWOULDBLOCK) 934 printf("timed out\n"); 935 else 936 printf("done\n"); 937 } 938 939 void 940 kthread_shutdown(void *arg, int howto) 941 { 942 struct thread *td; 943 int error; 944 945 if (panicstr) 946 return; 947 948 td = (struct thread *)arg; 949 printf("Waiting (max %d seconds) for system thread `%s' to stop... ", 950 kproc_shutdown_wait, td->td_name); 951 error = kthread_suspend(td, kproc_shutdown_wait * hz); 952 953 if (error == EWOULDBLOCK) 954 printf("timed out\n"); 955 else 956 printf("done\n"); 957 } 958 959 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 960 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 961 dumpdevname, 0, "Device for kernel dumps"); 962 963 static int _dump_append(struct dumperinfo *di, void *virtual, 964 vm_offset_t physical, size_t length); 965 966 #ifdef EKCD 967 static struct kerneldumpcrypto * 968 kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, 969 const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) 970 { 971 struct kerneldumpcrypto *kdc; 972 struct kerneldumpkey *kdk; 973 uint32_t dumpkeysize; 974 975 dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); 976 kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); 977 978 arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); 979 980 kdc->kdc_encryption = encryption; 981 switch (kdc->kdc_encryption) { 982 case KERNELDUMP_ENC_AES_256_CBC: 983 if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) 984 goto failed; 985 break; 986 default: 987 goto failed; 988 } 989 990 kdc->kdc_dumpkeysize = dumpkeysize; 991 kdk = kdc->kdc_dumpkey; 992 kdk->kdk_encryption = kdc->kdc_encryption; 993 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 994 kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); 995 memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); 996 997 return (kdc); 998 failed: 999 explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); 1000 free(kdc, M_EKCD); 1001 return (NULL); 1002 } 1003 1004 static int 1005 kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) 1006 { 1007 uint8_t hash[SHA256_DIGEST_LENGTH]; 1008 SHA256_CTX ctx; 1009 struct kerneldumpkey *kdk; 1010 int error; 1011 1012 error = 0; 1013 1014 if (kdc == NULL) 1015 return (0); 1016 1017 /* 1018 * When a user enters ddb it can write a crash dump multiple times. 1019 * Each time it should be encrypted using a different IV. 1020 */ 1021 SHA256_Init(&ctx); 1022 SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1023 SHA256_Final(hash, &ctx); 1024 bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1025 1026 switch (kdc->kdc_encryption) { 1027 case KERNELDUMP_ENC_AES_256_CBC: 1028 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1029 kdc->kdc_iv) <= 0) { 1030 error = EINVAL; 1031 goto out; 1032 } 1033 break; 1034 default: 1035 error = EINVAL; 1036 goto out; 1037 } 1038 1039 kdk = kdc->kdc_dumpkey; 1040 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 1041 out: 1042 explicit_bzero(hash, sizeof(hash)); 1043 return (error); 1044 } 1045 1046 static uint32_t 1047 kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) 1048 { 1049 1050 if (kdc == NULL) 1051 return (0); 1052 return (kdc->kdc_dumpkeysize); 1053 } 1054 #endif /* EKCD */ 1055 1056 static struct kerneldumpcomp * 1057 kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression) 1058 { 1059 struct kerneldumpcomp *kdcomp; 1060 int format; 1061 1062 switch (compression) { 1063 case KERNELDUMP_COMP_GZIP: 1064 format = COMPRESS_GZIP; 1065 break; 1066 case KERNELDUMP_COMP_ZSTD: 1067 format = COMPRESS_ZSTD; 1068 break; 1069 default: 1070 return (NULL); 1071 } 1072 1073 kdcomp = malloc(sizeof(*kdcomp), M_DUMPER, M_WAITOK | M_ZERO); 1074 kdcomp->kdc_format = compression; 1075 kdcomp->kdc_stream = compressor_init(kerneldumpcomp_write_cb, 1076 format, di->maxiosize, kerneldump_gzlevel, di); 1077 if (kdcomp->kdc_stream == NULL) { 1078 free(kdcomp, M_DUMPER); 1079 return (NULL); 1080 } 1081 kdcomp->kdc_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP); 1082 return (kdcomp); 1083 } 1084 1085 static void 1086 kerneldumpcomp_destroy(struct dumperinfo *di) 1087 { 1088 struct kerneldumpcomp *kdcomp; 1089 1090 kdcomp = di->kdcomp; 1091 if (kdcomp == NULL) 1092 return; 1093 compressor_fini(kdcomp->kdc_stream); 1094 explicit_bzero(kdcomp->kdc_buf, di->maxiosize); 1095 free(kdcomp->kdc_buf, M_DUMPER); 1096 free(kdcomp, M_DUMPER); 1097 } 1098 1099 /* Registration of dumpers */ 1100 int 1101 set_dumper(struct dumperinfo *di, const char *devname, struct thread *td, 1102 uint8_t compression, uint8_t encryption, const uint8_t *key, 1103 uint32_t encryptedkeysize, const uint8_t *encryptedkey) 1104 { 1105 size_t wantcopy; 1106 int error; 1107 1108 error = priv_check(td, PRIV_SETDUMPER); 1109 if (error != 0) 1110 return (error); 1111 1112 if (dumper.dumper != NULL) 1113 return (EBUSY); 1114 dumper = *di; 1115 dumper.blockbuf = NULL; 1116 dumper.kdcrypto = NULL; 1117 dumper.kdcomp = NULL; 1118 1119 if (encryption != KERNELDUMP_ENC_NONE) { 1120 #ifdef EKCD 1121 dumper.kdcrypto = kerneldumpcrypto_create(di->blocksize, 1122 encryption, key, encryptedkeysize, encryptedkey); 1123 if (dumper.kdcrypto == NULL) { 1124 error = EINVAL; 1125 goto cleanup; 1126 } 1127 #else 1128 error = EOPNOTSUPP; 1129 goto cleanup; 1130 #endif 1131 } 1132 1133 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 1134 if (wantcopy >= sizeof(dumpdevname)) { 1135 printf("set_dumper: device name truncated from '%s' -> '%s'\n", 1136 devname, dumpdevname); 1137 } 1138 1139 if (compression != KERNELDUMP_COMP_NONE) { 1140 /* 1141 * We currently can't support simultaneous encryption and 1142 * compression. 1143 */ 1144 if (encryption != KERNELDUMP_ENC_NONE) { 1145 error = EOPNOTSUPP; 1146 goto cleanup; 1147 } 1148 dumper.kdcomp = kerneldumpcomp_create(&dumper, compression); 1149 if (dumper.kdcomp == NULL) { 1150 error = EINVAL; 1151 goto cleanup; 1152 } 1153 } 1154 1155 dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO); 1156 return (0); 1157 1158 cleanup: 1159 (void)clear_dumper(td); 1160 return (error); 1161 } 1162 1163 int 1164 clear_dumper(struct thread *td) 1165 { 1166 int error; 1167 1168 error = priv_check(td, PRIV_SETDUMPER); 1169 if (error != 0) 1170 return (error); 1171 1172 #ifdef NETDUMP 1173 netdump_mbuf_drain(); 1174 #endif 1175 1176 #ifdef EKCD 1177 if (dumper.kdcrypto != NULL) { 1178 explicit_bzero(dumper.kdcrypto, sizeof(*dumper.kdcrypto) + 1179 dumper.kdcrypto->kdc_dumpkeysize); 1180 free(dumper.kdcrypto, M_EKCD); 1181 } 1182 #endif 1183 1184 kerneldumpcomp_destroy(&dumper); 1185 1186 if (dumper.blockbuf != NULL) { 1187 explicit_bzero(dumper.blockbuf, dumper.blocksize); 1188 free(dumper.blockbuf, M_DUMPER); 1189 } 1190 explicit_bzero(&dumper, sizeof(dumper)); 1191 dumpdevname[0] = '\0'; 1192 return (0); 1193 } 1194 1195 static int 1196 dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) 1197 { 1198 1199 if (di->mediasize > 0 && length != 0 && (offset < di->mediaoffset || 1200 offset - di->mediaoffset + length > di->mediasize)) { 1201 if (di->kdcomp != NULL && offset >= di->mediaoffset) { 1202 printf( 1203 "Compressed dump failed to fit in device boundaries.\n"); 1204 return (E2BIG); 1205 } 1206 1207 printf("Attempt to write outside dump device boundaries.\n" 1208 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 1209 (intmax_t)offset, (intmax_t)di->mediaoffset, 1210 (uintmax_t)length, (intmax_t)di->mediasize); 1211 return (ENOSPC); 1212 } 1213 if (length % di->blocksize != 0) { 1214 printf("Attempt to write partial block of length %ju.\n", 1215 (uintmax_t)length); 1216 return (EINVAL); 1217 } 1218 if (offset % di->blocksize != 0) { 1219 printf("Attempt to write at unaligned offset %jd.\n", 1220 (intmax_t)offset); 1221 return (EINVAL); 1222 } 1223 1224 return (0); 1225 } 1226 1227 #ifdef EKCD 1228 static int 1229 dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) 1230 { 1231 1232 switch (kdc->kdc_encryption) { 1233 case KERNELDUMP_ENC_AES_256_CBC: 1234 if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 1235 8 * size, buf) <= 0) { 1236 return (EIO); 1237 } 1238 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1239 buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { 1240 return (EIO); 1241 } 1242 break; 1243 default: 1244 return (EINVAL); 1245 } 1246 1247 return (0); 1248 } 1249 1250 /* Encrypt data and call dumper. */ 1251 static int 1252 dump_encrypted_write(struct dumperinfo *di, void *virtual, 1253 vm_offset_t physical, off_t offset, size_t length) 1254 { 1255 static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; 1256 struct kerneldumpcrypto *kdc; 1257 int error; 1258 size_t nbytes; 1259 1260 kdc = di->kdcrypto; 1261 1262 while (length > 0) { 1263 nbytes = MIN(length, sizeof(buf)); 1264 bcopy(virtual, buf, nbytes); 1265 1266 if (dump_encrypt(kdc, buf, nbytes) != 0) 1267 return (EIO); 1268 1269 error = dump_write(di, buf, physical, offset, nbytes); 1270 if (error != 0) 1271 return (error); 1272 1273 offset += nbytes; 1274 virtual = (void *)((uint8_t *)virtual + nbytes); 1275 length -= nbytes; 1276 } 1277 1278 return (0); 1279 } 1280 #endif /* EKCD */ 1281 1282 static int 1283 kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg) 1284 { 1285 struct dumperinfo *di; 1286 size_t resid, rlength; 1287 int error; 1288 1289 di = arg; 1290 1291 if (length % di->blocksize != 0) { 1292 /* 1293 * This must be the final write after flushing the compression 1294 * stream. Write as many full blocks as possible and stash the 1295 * residual data in the dumper's block buffer. It will be 1296 * padded and written in dump_finish(). 1297 */ 1298 rlength = rounddown(length, di->blocksize); 1299 if (rlength != 0) { 1300 error = _dump_append(di, base, 0, rlength); 1301 if (error != 0) 1302 return (error); 1303 } 1304 resid = length - rlength; 1305 memmove(di->blockbuf, (uint8_t *)base + rlength, resid); 1306 bzero((uint8_t *)di->blockbuf + resid, di->blocksize - resid); 1307 di->kdcomp->kdc_resid = resid; 1308 return (EAGAIN); 1309 } 1310 return (_dump_append(di, base, 0, length)); 1311 } 1312 1313 /* 1314 * Write kernel dump headers at the beginning and end of the dump extent. 1315 * Write the kernel dump encryption key after the leading header if we were 1316 * configured to do so. 1317 */ 1318 static int 1319 dump_write_headers(struct dumperinfo *di, struct kerneldumpheader *kdh) 1320 { 1321 #ifdef EKCD 1322 struct kerneldumpcrypto *kdc; 1323 #endif 1324 void *buf, *key; 1325 size_t hdrsz; 1326 uint64_t extent; 1327 uint32_t keysize; 1328 int error; 1329 1330 hdrsz = sizeof(*kdh); 1331 if (hdrsz > di->blocksize) 1332 return (ENOMEM); 1333 1334 #ifdef EKCD 1335 kdc = di->kdcrypto; 1336 key = kdc->kdc_dumpkey; 1337 keysize = kerneldumpcrypto_dumpkeysize(kdc); 1338 #else 1339 key = NULL; 1340 keysize = 0; 1341 #endif 1342 1343 /* 1344 * If the dump device has special handling for headers, let it take care 1345 * of writing them out. 1346 */ 1347 if (di->dumper_hdr != NULL) 1348 return (di->dumper_hdr(di, kdh, key, keysize)); 1349 1350 if (hdrsz == di->blocksize) 1351 buf = kdh; 1352 else { 1353 buf = di->blockbuf; 1354 memset(buf, 0, di->blocksize); 1355 memcpy(buf, kdh, hdrsz); 1356 } 1357 1358 extent = dtoh64(kdh->dumpextent); 1359 #ifdef EKCD 1360 if (kdc != NULL) { 1361 error = dump_write(di, kdc->kdc_dumpkey, 0, 1362 di->mediaoffset + di->mediasize - di->blocksize - extent - 1363 keysize, keysize); 1364 if (error != 0) 1365 return (error); 1366 } 1367 #endif 1368 1369 error = dump_write(di, buf, 0, 1370 di->mediaoffset + di->mediasize - 2 * di->blocksize - extent - 1371 keysize, di->blocksize); 1372 if (error == 0) 1373 error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize - 1374 di->blocksize, di->blocksize); 1375 return (error); 1376 } 1377 1378 /* 1379 * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to 1380 * protect us from metadata and metadata from us. 1381 */ 1382 #define SIZEOF_METADATA (64 * 1024) 1383 1384 /* 1385 * Do some preliminary setup for a kernel dump: initialize state for encryption, 1386 * if requested, and make sure that we have enough space on the dump device. 1387 * 1388 * We set things up so that the dump ends before the last sector of the dump 1389 * device, at which the trailing header is written. 1390 * 1391 * +-----------+------+-----+----------------------------+------+ 1392 * | | lhdr | key | ... kernel dump ... | thdr | 1393 * +-----------+------+-----+----------------------------+------+ 1394 * 1 blk opt <------- dump extent --------> 1 blk 1395 * 1396 * Dumps written using dump_append() start at the beginning of the extent. 1397 * Uncompressed dumps will use the entire extent, but compressed dumps typically 1398 * will not. The true length of the dump is recorded in the leading and trailing 1399 * headers once the dump has been completed. 1400 * 1401 * The dump device may provide a callback, in which case it will initialize 1402 * dumpoff and take care of laying out the headers. 1403 */ 1404 int 1405 dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh) 1406 { 1407 uint64_t dumpextent, span; 1408 uint32_t keysize; 1409 int error; 1410 1411 #ifdef EKCD 1412 error = kerneldumpcrypto_init(di->kdcrypto); 1413 if (error != 0) 1414 return (error); 1415 keysize = kerneldumpcrypto_dumpkeysize(di->kdcrypto); 1416 #else 1417 error = 0; 1418 keysize = 0; 1419 #endif 1420 1421 if (di->dumper_start != NULL) { 1422 error = di->dumper_start(di); 1423 } else { 1424 dumpextent = dtoh64(kdh->dumpextent); 1425 span = SIZEOF_METADATA + dumpextent + 2 * di->blocksize + 1426 keysize; 1427 if (di->mediasize < span) { 1428 if (di->kdcomp == NULL) 1429 return (E2BIG); 1430 1431 /* 1432 * We don't yet know how much space the compressed dump 1433 * will occupy, so try to use the whole swap partition 1434 * (minus the first 64KB) in the hope that the 1435 * compressed dump will fit. If that doesn't turn out to 1436 * be enough, the bounds checking in dump_write() 1437 * will catch us and cause the dump to fail. 1438 */ 1439 dumpextent = di->mediasize - span + dumpextent; 1440 kdh->dumpextent = htod64(dumpextent); 1441 } 1442 1443 /* 1444 * The offset at which to begin writing the dump. 1445 */ 1446 di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize - 1447 dumpextent; 1448 } 1449 di->origdumpoff = di->dumpoff; 1450 return (error); 1451 } 1452 1453 static int 1454 _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1455 size_t length) 1456 { 1457 int error; 1458 1459 #ifdef EKCD 1460 if (di->kdcrypto != NULL) 1461 error = dump_encrypted_write(di, virtual, physical, di->dumpoff, 1462 length); 1463 else 1464 #endif 1465 error = dump_write(di, virtual, physical, di->dumpoff, length); 1466 if (error == 0) 1467 di->dumpoff += length; 1468 return (error); 1469 } 1470 1471 /* 1472 * Write to the dump device starting at dumpoff. When compression is enabled, 1473 * writes to the device will be performed using a callback that gets invoked 1474 * when the compression stream's output buffer is full. 1475 */ 1476 int 1477 dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1478 size_t length) 1479 { 1480 void *buf; 1481 1482 if (di->kdcomp != NULL) { 1483 /* Bounce through a buffer to avoid CRC errors. */ 1484 if (length > di->maxiosize) 1485 return (EINVAL); 1486 buf = di->kdcomp->kdc_buf; 1487 memmove(buf, virtual, length); 1488 return (compressor_write(di->kdcomp->kdc_stream, buf, length)); 1489 } 1490 return (_dump_append(di, virtual, physical, length)); 1491 } 1492 1493 /* 1494 * Write to the dump device at the specified offset. 1495 */ 1496 int 1497 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1498 off_t offset, size_t length) 1499 { 1500 int error; 1501 1502 error = dump_check_bounds(di, offset, length); 1503 if (error != 0) 1504 return (error); 1505 return (di->dumper(di->priv, virtual, physical, offset, length)); 1506 } 1507 1508 /* 1509 * Perform kernel dump finalization: flush the compression stream, if necessary, 1510 * write the leading and trailing kernel dump headers now that we know the true 1511 * length of the dump, and optionally write the encryption key following the 1512 * leading header. 1513 */ 1514 int 1515 dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) 1516 { 1517 int error; 1518 1519 if (di->kdcomp != NULL) { 1520 error = compressor_flush(di->kdcomp->kdc_stream); 1521 if (error == EAGAIN) { 1522 /* We have residual data in di->blockbuf. */ 1523 error = _dump_append(di, di->blockbuf, 0, di->blocksize); 1524 if (error == 0) 1525 /* Compensate for _dump_append()'s adjustment. */ 1526 di->dumpoff -= di->blocksize - di->kdcomp->kdc_resid; 1527 di->kdcomp->kdc_resid = 0; 1528 } 1529 if (error != 0) 1530 return (error); 1531 1532 /* 1533 * We now know the size of the compressed dump, so update the 1534 * header accordingly and recompute parity. 1535 */ 1536 kdh->dumplength = htod64(di->dumpoff - di->origdumpoff); 1537 kdh->parity = 0; 1538 kdh->parity = kerneldump_parity(kdh); 1539 1540 compressor_reset(di->kdcomp->kdc_stream); 1541 } 1542 1543 error = dump_write_headers(di, kdh); 1544 if (error != 0) 1545 return (error); 1546 1547 (void)dump_write(di, NULL, 0, 0, 0); 1548 return (0); 1549 } 1550 1551 void 1552 dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh, 1553 char *magic, uint32_t archver, uint64_t dumplen) 1554 { 1555 size_t dstsize; 1556 1557 bzero(kdh, sizeof(*kdh)); 1558 strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 1559 strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 1560 kdh->version = htod32(KERNELDUMPVERSION); 1561 kdh->architectureversion = htod32(archver); 1562 kdh->dumplength = htod64(dumplen); 1563 kdh->dumpextent = kdh->dumplength; 1564 kdh->dumptime = htod64(time_second); 1565 #ifdef EKCD 1566 kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdcrypto)); 1567 #else 1568 kdh->dumpkeysize = 0; 1569 #endif 1570 kdh->blocksize = htod32(di->blocksize); 1571 strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 1572 dstsize = sizeof(kdh->versionstring); 1573 if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) 1574 kdh->versionstring[dstsize - 2] = '\n'; 1575 if (panicstr != NULL) 1576 strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 1577 if (di->kdcomp != NULL) 1578 kdh->compression = di->kdcomp->kdc_format; 1579 kdh->parity = kerneldump_parity(kdh); 1580 } 1581 1582 #ifdef DDB 1583 DB_SHOW_COMMAND(panic, db_show_panic) 1584 { 1585 1586 if (panicstr == NULL) 1587 db_printf("panicstr not set\n"); 1588 else 1589 db_printf("panic: %s\n", panicstr); 1590 } 1591 #endif

Cache object: c26897611bb84ff779f7ab7b2686ea7b

FreeBSD/Linux Kernel Cross Reference sys/kern/kern_shutdown.c

FreeBSD/Linux Kernel Cross Reference
sys/kern/kern_shutdown.c