xref: /freebsd/sbin/savecore/savecore.c (revision c7bdc25d415af40cefbb0442b75318ae7028ea7f)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 2002 Poul-Henning Kamp
5  * Copyright (c) 2002 Networks Associates Technology, Inc.
6  * All rights reserved.
7  *
8  * This software was developed for the FreeBSD Project by Poul-Henning Kamp
9  * and NAI Labs, the Security Research Division of Network Associates, Inc.
10  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
11  * DARPA CHATS research program.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. The names of the authors may not be used to endorse or promote
22  *    products derived from this software without specific prior written
23  *    permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  *
37  * Copyright (c) 1986, 1992, 1993
38  *	The Regents of the University of California.  All rights reserved.
39  *
40  * Redistribution and use in source and binary forms, with or without
41  * modification, are permitted provided that the following conditions
42  * are met:
43  * 1. Redistributions of source code must retain the above copyright
44  *    notice, this list of conditions and the following disclaimer.
45  * 2. Redistributions in binary form must reproduce the above copyright
46  *    notice, this list of conditions and the following disclaimer in the
47  *    documentation and/or other materials provided with the distribution.
48  * 3. Neither the name of the University nor the names of its contributors
49  *    may be used to endorse or promote products derived from this software
50  *    without specific prior written permission.
51  *
52  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
53  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
55  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
56  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
57  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
58  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
59  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
60  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
61  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
62  * SUCH DAMAGE.
63  */
64 
65 #include <sys/param.h>
66 #include <sys/disk.h>
67 #include <sys/kerneldump.h>
68 #include <sys/memrange.h>
69 #include <sys/mount.h>
70 #include <sys/stat.h>
71 
72 #include <capsicum_helpers.h>
73 #include <ctype.h>
74 #include <errno.h>
75 #include <fcntl.h>
76 #include <fstab.h>
77 #include <paths.h>
78 #include <signal.h>
79 #include <stdarg.h>
80 #include <stdbool.h>
81 #include <stdio.h>
82 #include <stdlib.h>
83 #include <string.h>
84 #include <syslog.h>
85 #include <time.h>
86 #include <unistd.h>
87 #define	Z_SOLO
88 #include <zlib.h>
89 #include <zstd.h>
90 
91 #include <libcasper.h>
92 #include <casper/cap_fileargs.h>
93 #include <casper/cap_syslog.h>
94 
95 #include <libxo/xo.h>
96 
97 /* The size of the buffer used for I/O. */
98 #define	BUFFERSIZE	(1024*1024)
99 
100 #define	STATUS_BAD	0
101 #define	STATUS_GOOD	1
102 #define	STATUS_UNKNOWN	2
103 
104 static cap_channel_t *capsyslog;
105 static fileargs_t *capfa;
106 static bool checkfor, compress, uncompress, clear, force, keep;	/* flags */
107 static bool livecore;	/* flags cont. */
108 static int verbose;
109 static int nfound, nsaved, nerr;			/* statistics */
110 static int maxdumps;
111 static uint8_t comp_desired;
112 
113 extern FILE *zdopen(int, const char *);
114 
115 static sig_atomic_t got_siginfo;
116 static void infohandler(int);
117 
118 static void
logmsg(int pri,const char * fmt,...)119 logmsg(int pri, const char *fmt, ...)
120 {
121 	va_list ap;
122 
123 	va_start(ap, fmt);
124 	if (capsyslog != NULL)
125 		cap_vsyslog(capsyslog, pri, fmt, ap);
126 	else
127 		vsyslog(pri, fmt, ap);
128 	va_end(ap);
129 }
130 
131 static FILE *
xfopenat(int dirfd,const char * path,int flags,const char * modestr,...)132 xfopenat(int dirfd, const char *path, int flags, const char *modestr, ...)
133 {
134 	va_list ap;
135 	FILE *fp;
136 	mode_t mode;
137 	int error, fd;
138 
139 	if ((flags & O_CREAT) == O_CREAT) {
140 		va_start(ap, modestr);
141 		mode = (mode_t)va_arg(ap, int);
142 		va_end(ap);
143 	} else
144 		mode = 0;
145 
146 	fd = openat(dirfd, path, flags, mode);
147 	if (fd < 0)
148 		return (NULL);
149 	fp = fdopen(fd, modestr);
150 	if (fp == NULL) {
151 		error = errno;
152 		(void)close(fd);
153 		errno = error;
154 	}
155 	return (fp);
156 }
157 
158 static void
printheader(xo_handle_t * xo,const struct kerneldumpheader * h,const char * device,int bounds,const int status)159 printheader(xo_handle_t *xo, const struct kerneldumpheader *h,
160     const char *device, int bounds, const int status)
161 {
162 	uint64_t dumplen;
163 	time_t t;
164 	struct tm tm;
165 	char time_str[64];
166 	const char *stat_str;
167 	const char *comp_str;
168 
169 	xo_flush_h(xo);
170 	xo_emit_h(xo, "{Lwc:Dump header from device}{:dump_device/%s}\n",
171 	    device);
172 	xo_emit_h(xo, "{P:  }{Lwc:Architecture}{:architecture/%s}\n",
173 	    h->architecture);
174 	xo_emit_h(xo,
175 	    "{P:  }{Lwc:Architecture Version}{:architecture_version/%u}\n",
176 	    dtoh32(h->architectureversion));
177 	dumplen = dtoh64(h->dumplength);
178 	xo_emit_h(xo, "{P:  }{Lwc:Dump Length}{:dump_length_bytes/%lld}\n",
179 	    (long long)dumplen);
180 	xo_emit_h(xo, "{P:  }{Lwc:Blocksize}{:blocksize/%d}\n",
181 	    dtoh32(h->blocksize));
182 	switch (h->compression) {
183 	case KERNELDUMP_COMP_NONE:
184 		comp_str = "none";
185 		break;
186 	case KERNELDUMP_COMP_GZIP:
187 		comp_str = "gzip";
188 		break;
189 	case KERNELDUMP_COMP_ZSTD:
190 		comp_str = "zstd";
191 		break;
192 	default:
193 		comp_str = "???";
194 		break;
195 	}
196 	xo_emit_h(xo, "{P:  }{Lwc:Compression}{:compression/%s}\n", comp_str);
197 	t = dtoh64(h->dumptime);
198 	localtime_r(&t, &tm);
199 	if (strftime(time_str, sizeof(time_str), "%F %T %z", &tm) == 0)
200 		time_str[0] = '\0';
201 	xo_emit_h(xo, "{P:  }{Lwc:Dumptime}{:dumptime/%s}\n", time_str);
202 	xo_emit_h(xo, "{P:  }{Lwc:Hostname}{:hostname/%s}\n", h->hostname);
203 	xo_emit_h(xo, "{P:  }{Lwc:Magic}{:magic/%s}\n", h->magic);
204 	xo_emit_h(xo, "{P:  }{Lwc:Version String}{:version_string/%s}",
205 	    h->versionstring);
206 	xo_emit_h(xo, "{P:  }{Lwc:Panic String}{:panic_string/%s}\n",
207 	    h->panicstring);
208 	xo_emit_h(xo, "{P:  }{Lwc:Dump Parity}{:dump_parity/%u}\n", h->parity);
209 	xo_emit_h(xo, "{P:  }{Lwc:Bounds}{:bounds/%d}\n", bounds);
210 
211 	switch (status) {
212 	case STATUS_BAD:
213 		stat_str = "bad";
214 		break;
215 	case STATUS_GOOD:
216 		stat_str = "good";
217 		break;
218 	default:
219 		stat_str = "unknown";
220 		break;
221 	}
222 	xo_emit_h(xo, "{P:  }{Lwc:Dump Status}{:dump_status/%s}\n", stat_str);
223 	xo_flush_h(xo);
224 }
225 
226 static int
getbounds(int savedirfd)227 getbounds(int savedirfd)
228 {
229 	FILE *fp;
230 	char buf[6];
231 	int ret;
232 
233 	/*
234 	 * If we are just checking, then we haven't done a chdir to the dump
235 	 * directory and we should not try to read a bounds file.
236 	 */
237 	if (checkfor)
238 		return (0);
239 
240 	ret = 0;
241 
242 	if ((fp = xfopenat(savedirfd, "bounds", O_RDONLY, "r")) == NULL) {
243 		if (verbose)
244 			printf("unable to open bounds file, using 0\n");
245 		return (ret);
246 	}
247 	if (fgets(buf, sizeof(buf), fp) == NULL) {
248 		if (feof(fp))
249 			logmsg(LOG_WARNING, "bounds file is empty, using 0");
250 		else
251 			logmsg(LOG_WARNING, "bounds file: %s", strerror(errno));
252 		fclose(fp);
253 		return (ret);
254 	}
255 
256 	errno = 0;
257 	ret = (int)strtol(buf, NULL, 10);
258 	if (ret == 0 && (errno == EINVAL || errno == ERANGE))
259 		logmsg(LOG_WARNING, "invalid value found in bounds, using 0");
260 	if (maxdumps > 0 && ret == maxdumps)
261 		ret = 0;
262 	fclose(fp);
263 	return (ret);
264 }
265 
266 static void
writebounds(int savedirfd,int bounds)267 writebounds(int savedirfd, int bounds)
268 {
269 	FILE *fp;
270 
271 	if ((fp = xfopenat(savedirfd, "bounds", O_WRONLY | O_CREAT | O_TRUNC,
272 	    "w", 0644)) == NULL) {
273 		logmsg(LOG_WARNING, "unable to write to bounds file: %m");
274 		return;
275 	}
276 
277 	if (verbose)
278 		printf("bounds number: %d\n", bounds);
279 
280 	fprintf(fp, "%d\n", bounds);
281 	fclose(fp);
282 }
283 
284 static bool
writekey(int savedirfd,const char * keyname,uint8_t * dumpkey,uint32_t dumpkeysize)285 writekey(int savedirfd, const char *keyname, uint8_t *dumpkey,
286     uint32_t dumpkeysize)
287 {
288 	int fd;
289 
290 	fd = openat(savedirfd, keyname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
291 	if (fd == -1) {
292 		logmsg(LOG_ERR, "Unable to open %s to write the key: %m.",
293 		    keyname);
294 		return (false);
295 	}
296 
297 	if (write(fd, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
298 		logmsg(LOG_ERR, "Unable to write the key to %s: %m.", keyname);
299 		close(fd);
300 		return (false);
301 	}
302 
303 	close(fd);
304 	return (true);
305 }
306 
307 static int
write_header_info(xo_handle_t * xostdout,const struct kerneldumpheader * kdh,int savedirfd,const char * infoname,const char * device,int bounds,int status)308 write_header_info(xo_handle_t *xostdout, const struct kerneldumpheader *kdh,
309     int savedirfd, const char *infoname, const char *device, int bounds,
310     int status)
311 {
312 	xo_handle_t *xoinfo;
313 	FILE *info;
314 
315 	/*
316 	 * Create or overwrite any existing dump header files.
317 	 */
318 	if ((info = xfopenat(savedirfd, infoname,
319 	    O_WRONLY | O_CREAT | O_TRUNC, "w", 0600)) == NULL) {
320 		logmsg(LOG_ERR, "open(%s): %m", infoname);
321 		return (-1);
322 	}
323 
324 	xoinfo = xo_create_to_file(info, xo_get_style(NULL), 0);
325 	if (xoinfo == NULL) {
326 		logmsg(LOG_ERR, "%s: %m", infoname);
327 		fclose(info);
328 		return (-1);
329 	}
330 	xo_open_container_h(xoinfo, "crashdump");
331 
332 	if (verbose)
333 		printheader(xostdout, kdh, device, bounds, status);
334 
335 	printheader(xoinfo, kdh, device, bounds, status);
336 	xo_close_container_h(xoinfo, "crashdump");
337 	xo_flush_h(xoinfo);
338 	if (xo_finish_h(xoinfo) < 0)
339 		xo_err(EXIT_FAILURE, "stdout");
340 	fclose(info);
341 
342 	return (0);
343 }
344 
345 static off_t
file_size(int savedirfd,const char * path)346 file_size(int savedirfd, const char *path)
347 {
348 	struct stat sb;
349 
350 	/* Ignore all errors, this file may not exist. */
351 	if (fstatat(savedirfd, path, &sb, 0) == -1)
352 		return (0);
353 	return (sb.st_size);
354 }
355 
356 static off_t
saved_dump_size(int savedirfd,int bounds)357 saved_dump_size(int savedirfd, int bounds)
358 {
359 	char path[32];
360 	off_t dumpsize;
361 
362 	dumpsize = 0;
363 
364 	(void)snprintf(path, sizeof(path), "info.%d", bounds);
365 	dumpsize += file_size(savedirfd, path);
366 	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
367 	dumpsize += file_size(savedirfd, path);
368 	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
369 	dumpsize += file_size(savedirfd, path);
370 	(void)snprintf(path, sizeof(path), "vmcore.%d.zst", bounds);
371 	dumpsize += file_size(savedirfd, path);
372 	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
373 	dumpsize += file_size(savedirfd, path);
374 	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
375 	dumpsize += file_size(savedirfd, path);
376 
377 	return (dumpsize);
378 }
379 
380 static void
saved_dump_remove(int savedirfd,int bounds)381 saved_dump_remove(int savedirfd, int bounds)
382 {
383 	char path[32];
384 
385 	(void)snprintf(path, sizeof(path), "info.%d", bounds);
386 	(void)unlinkat(savedirfd, path, 0);
387 	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
388 	(void)unlinkat(savedirfd, path, 0);
389 	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
390 	(void)unlinkat(savedirfd, path, 0);
391 	(void)snprintf(path, sizeof(path), "vmcore.%d.zst", bounds);
392 	(void)unlinkat(savedirfd, path, 0);
393 	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
394 	(void)unlinkat(savedirfd, path, 0);
395 	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
396 	(void)unlinkat(savedirfd, path, 0);
397 	(void)snprintf(path, sizeof(path), "livecore.%d", bounds);
398 	(void)unlinkat(savedirfd, path, 0);
399 	(void)snprintf(path, sizeof(path), "livecore.%d.gz", bounds);
400 	(void)unlinkat(savedirfd, path, 0);
401 	(void)snprintf(path, sizeof(path), "livecore.%d.zst", bounds);
402 	(void)unlinkat(savedirfd, path, 0);
403 }
404 
405 static void
symlinks_remove(int savedirfd)406 symlinks_remove(int savedirfd)
407 {
408 
409 	(void)unlinkat(savedirfd, "info.last", 0);
410 	(void)unlinkat(savedirfd, "key.last", 0);
411 	(void)unlinkat(savedirfd, "vmcore.last", 0);
412 	(void)unlinkat(savedirfd, "vmcore.last.gz", 0);
413 	(void)unlinkat(savedirfd, "vmcore.last.zst", 0);
414 	(void)unlinkat(savedirfd, "vmcore_encrypted.last", 0);
415 	(void)unlinkat(savedirfd, "vmcore_encrypted.last.gz", 0);
416 	(void)unlinkat(savedirfd, "textdump.tar.last", 0);
417 	(void)unlinkat(savedirfd, "textdump.tar.last.gz", 0);
418 	(void)unlinkat(savedirfd, "livecore.last", 0);
419 	(void)unlinkat(savedirfd, "livecore.last.gz", 0);
420 	(void)unlinkat(savedirfd, "livecore.last.zst", 0);
421 }
422 
423 /*
424  * Check that sufficient space is available on the disk that holds the
425  * save directory.
426  */
427 static int
check_space(const char * savedir,int savedirfd,off_t dumpsize,int bounds)428 check_space(const char *savedir, int savedirfd, off_t dumpsize, int bounds)
429 {
430 	char buf[100];
431 	struct statfs fsbuf;
432 	FILE *fp;
433 	off_t available, minfree, spacefree, totfree, needed;
434 
435 	if (fstatfs(savedirfd, &fsbuf) < 0) {
436 		logmsg(LOG_ERR, "%s: %m", savedir);
437 		exit(EXIT_FAILURE);
438 	}
439 	spacefree = ((off_t) fsbuf.f_bavail * fsbuf.f_bsize) / 1024;
440 	totfree = ((off_t) fsbuf.f_bfree * fsbuf.f_bsize) / 1024;
441 
442 	if ((fp = xfopenat(savedirfd, "minfree", O_RDONLY, "r")) == NULL)
443 		minfree = 0;
444 	else {
445 		if (fgets(buf, sizeof(buf), fp) == NULL)
446 			minfree = 0;
447 		else {
448 			char *endp;
449 
450 			errno = 0;
451 			minfree = strtoll(buf, &endp, 10);
452 			if (minfree == 0 && errno != 0)
453 				minfree = -1;
454 			else {
455 				while (*endp != '\0' && isspace(*endp))
456 					endp++;
457 				if (*endp != '\0' || minfree < 0)
458 					minfree = -1;
459 			}
460 			if (minfree < 0)
461 				logmsg(LOG_WARNING,
462 				    "`minfree` didn't contain a valid size "
463 				    "(`%s`). Defaulting to 0", buf);
464 		}
465 		(void)fclose(fp);
466 	}
467 
468 	available = minfree > 0 ? spacefree - minfree : totfree;
469 	needed = dumpsize / 1024 + 2;	/* 2 for info file */
470 	needed -= saved_dump_size(savedirfd, bounds);
471 	if (available < needed) {
472 		logmsg(LOG_WARNING,
473 		    "no dump: not enough free space on device (need at least "
474 		    "%jdkB for dump; %jdkB available; %jdkB reserved)",
475 		    (intmax_t)needed,
476 		    (intmax_t)available + minfree,
477 		    (intmax_t)minfree);
478 		return (0);
479 	}
480 	if (spacefree - needed < 0)
481 		logmsg(LOG_WARNING,
482 		    "dump performed, but free space threshold crossed");
483 	return (1);
484 }
485 
486 static bool
compare_magic(const struct kerneldumpheader * kdh,const char * magic)487 compare_magic(const struct kerneldumpheader *kdh, const char *magic)
488 {
489 
490 	return (strncmp(kdh->magic, magic, sizeof(kdh->magic)) == 0);
491 }
492 
493 #define BLOCKSIZE (1<<12)
494 #define BLOCKMASK (~(BLOCKSIZE-1))
495 
496 static size_t
sparsefwrite(const char * buf,size_t nr,FILE * fp)497 sparsefwrite(const char *buf, size_t nr, FILE *fp)
498 {
499 	size_t nw, he, hs;
500 
501 	for (nw = 0; nw < nr; nw = he) {
502 		/* find a contiguous block of zeroes */
503 		for (hs = nw; hs < nr; hs += BLOCKSIZE) {
504 			for (he = hs; he < nr && buf[he] == 0; ++he)
505 				/* nothing */ ;
506 			/* is the hole long enough to matter? */
507 			if (he >= hs + BLOCKSIZE)
508 				break;
509 		}
510 
511 		/* back down to a block boundary */
512 		he &= BLOCKMASK;
513 
514 		/*
515 		 * 1) Don't go beyond the end of the buffer.
516 		 * 2) If the end of the buffer is less than
517 		 *    BLOCKSIZE bytes away, we're at the end
518 		 *    of the file, so just grab what's left.
519 		 */
520 		if (hs + BLOCKSIZE > nr)
521 			hs = he = nr;
522 
523 		/*
524 		 * At this point, we have a partial ordering:
525 		 *     nw <= hs <= he <= nr
526 		 * If hs > nw, buf[nw..hs] contains non-zero
527 		 * data. If he > hs, buf[hs..he] is all zeroes.
528 		 */
529 		if (hs > nw)
530 			if (fwrite(buf + nw, hs - nw, 1, fp) != 1)
531 				break;
532 		if (he > hs)
533 			if (fseeko(fp, he - hs, SEEK_CUR) == -1)
534 				break;
535 	}
536 
537 	return (nw);
538 }
539 
540 static char *zbuf;
541 static size_t zbufsize;
542 
543 static ssize_t
GunzipWrite(z_stream * z,char * in,size_t insize,FILE * fp)544 GunzipWrite(z_stream *z, char *in, size_t insize, FILE *fp)
545 {
546 	static bool firstblock = true;		/* XXX not re-entrable/usable */
547 	const size_t hdrlen = 10;
548 	size_t nw = 0, w;
549 	int rv;
550 
551 	z->next_in = in;
552 	z->avail_in = insize;
553 	/*
554 	 * Since contrib/zlib for some reason is compiled
555 	 * without GUNZIP define, we need to skip the gzip
556 	 * header manually.  Kernel puts minimal 10 byte
557 	 * header, see sys/kern/subr_compressor.c:gz_reset().
558 	 */
559 	if (firstblock) {
560 		z->next_in += hdrlen;
561 		z->avail_in -= hdrlen;
562 		firstblock = false;
563 	}
564 	do {
565 		z->next_out = zbuf;
566 		z->avail_out = zbufsize;
567 		rv = inflate(z, Z_NO_FLUSH);
568 		if (rv != Z_OK && rv != Z_STREAM_END) {
569 			logmsg(LOG_ERR, "decompression failed: %s", z->msg);
570 			return (-1);
571 		}
572 		w = sparsefwrite(zbuf, zbufsize - z->avail_out, fp);
573 		if (w < zbufsize - z->avail_out)
574 			return (-1);
575 		nw += w;
576 	} while (z->avail_in > 0 && rv != Z_STREAM_END);
577 
578 	return (nw);
579 }
580 
581 static ssize_t
ZstdWrite(ZSTD_DCtx * Zctx,char * in,size_t insize,FILE * fp)582 ZstdWrite(ZSTD_DCtx *Zctx, char *in, size_t insize, FILE *fp)
583 {
584 	ZSTD_inBuffer Zin;
585 	ZSTD_outBuffer Zout;
586 	size_t nw = 0, w;
587 	int rv;
588 
589 	Zin.src = in;
590 	Zin.size = insize;
591 	Zin.pos = 0;
592 	do {
593 		Zout.dst = zbuf;
594 		Zout.size = zbufsize;
595 		Zout.pos = 0;
596 		rv = ZSTD_decompressStream(Zctx, &Zout, &Zin);
597 		if (ZSTD_isError(rv)) {
598 			logmsg(LOG_ERR, "decompression failed: %s",
599 			    ZSTD_getErrorName(rv));
600 			return (-1);
601 		}
602 		w = sparsefwrite(zbuf, Zout.pos, fp);
603 		if (w < Zout.pos)
604 			return (-1);
605 		nw += w;
606 	} while (Zin.pos < Zin.size && rv != 0);
607 
608 	return (nw);
609 }
610 
611 static int
DoRegularFile(int fd,off_t dumpsize,u_int sectorsize,bool sparse,uint8_t compression,char * buf,const char * device,const char * filename,FILE * fp)612 DoRegularFile(int fd, off_t dumpsize, u_int sectorsize, bool sparse,
613     uint8_t compression, char *buf, const char *device,
614     const char *filename, FILE *fp)
615 {
616 	size_t nr, wl;
617 	ssize_t nw;
618 	off_t dmpcnt, origsize;
619 	z_stream z;		/* gzip */
620 	ZSTD_DCtx *Zctx;	/* zstd */
621 
622 	dmpcnt = 0;
623 	origsize = dumpsize;
624 	if (compression == KERNELDUMP_COMP_GZIP) {
625 		memset(&z, 0, sizeof(z));
626 		z.zalloc = Z_NULL;
627 		z.zfree = Z_NULL;
628 		if (inflateInit2(&z, -MAX_WBITS) != Z_OK) {
629 			logmsg(LOG_ERR, "failed to initialize zlib: %s", z.msg);
630 			return (-1);
631 		}
632 		zbufsize = BUFFERSIZE;
633 	} else if (compression == KERNELDUMP_COMP_ZSTD) {
634 		if ((Zctx = ZSTD_createDCtx()) == NULL) {
635 			logmsg(LOG_ERR, "failed to initialize zstd");
636 			return (-1);
637 		}
638 		zbufsize = ZSTD_DStreamOutSize();
639 	}
640 	if (zbufsize > 0)
641 		if ((zbuf = malloc(zbufsize)) == NULL) {
642 			logmsg(LOG_ERR, "failed to alloc decompression buffer");
643 			return (-1);
644 		}
645 
646 	while (dumpsize > 0) {
647 		wl = BUFFERSIZE;
648 		if (wl > (size_t)dumpsize)
649 			wl = dumpsize;
650 		nr = read(fd, buf, roundup(wl, sectorsize));
651 		if (nr != roundup(wl, sectorsize)) {
652 			if (nr == 0)
653 				logmsg(LOG_WARNING,
654 				    "WARNING: EOF on dump device");
655 			else
656 				logmsg(LOG_ERR, "read error on %s: %m", device);
657 			nerr++;
658 			return (-1);
659 		}
660 		if (compression == KERNELDUMP_COMP_GZIP)
661 			nw = GunzipWrite(&z, buf, nr, fp);
662 		else if (compression == KERNELDUMP_COMP_ZSTD)
663 			nw = ZstdWrite(Zctx, buf, nr, fp);
664 		else if (!sparse)
665 			nw = fwrite(buf, 1, wl, fp);
666 		else
667 			nw = sparsefwrite(buf, wl, fp);
668 		if (nw < 0 || (compression == KERNELDUMP_COMP_NONE &&
669 		     (size_t)nw != wl)) {
670 			logmsg(LOG_ERR,
671 			    "write error on %s file: %m", filename);
672 			logmsg(LOG_WARNING,
673 			    "WARNING: vmcore may be incomplete");
674 			nerr++;
675 			return (-1);
676 		}
677 		if (verbose) {
678 			dmpcnt += wl;
679 			printf("%llu\r", (unsigned long long)dmpcnt);
680 			fflush(stdout);
681 		}
682 		dumpsize -= wl;
683 		if (got_siginfo) {
684 			printf("%s %.1lf%%\n", filename, (100.0 - (100.0 *
685 			    (double)dumpsize / (double)origsize)));
686 			got_siginfo = 0;
687 		}
688 	}
689 	return (0);
690 }
691 
692 /*
693  * Specialized version of dump-reading logic for use with textdumps, which
694  * are written backwards from the end of the partition, and must be reversed
695  * before being written to the file.  Textdumps are small, so do a bit less
696  * work to optimize/sparsify.
697  */
698 static int
DoTextdumpFile(int fd,off_t dumpsize,off_t lasthd,char * buf,const char * device,const char * filename,FILE * fp)699 DoTextdumpFile(int fd, off_t dumpsize, off_t lasthd, char *buf,
700     const char *device, const char *filename, FILE *fp)
701 {
702 	int nr, nw, wl;
703 	off_t dmpcnt, totsize;
704 
705 	totsize = dumpsize;
706 	dmpcnt = 0;
707 	wl = 512;
708 	if ((dumpsize % wl) != 0) {
709 		logmsg(LOG_ERR, "textdump uneven multiple of 512 on %s",
710 		    device);
711 		nerr++;
712 		return (-1);
713 	}
714 	while (dumpsize > 0) {
715 		nr = pread(fd, buf, wl, lasthd - (totsize - dumpsize) - wl);
716 		if (nr != wl) {
717 			if (nr == 0)
718 				logmsg(LOG_WARNING,
719 				    "WARNING: EOF on dump device");
720 			else
721 				logmsg(LOG_ERR, "read error on %s: %m", device);
722 			nerr++;
723 			return (-1);
724 		}
725 		nw = fwrite(buf, 1, wl, fp);
726 		if (nw != wl) {
727 			logmsg(LOG_ERR,
728 			    "write error on %s file: %m", filename);
729 			logmsg(LOG_WARNING,
730 			    "WARNING: textdump may be incomplete");
731 			nerr++;
732 			return (-1);
733 		}
734 		if (verbose) {
735 			dmpcnt += wl;
736 			printf("%llu\r", (unsigned long long)dmpcnt);
737 			fflush(stdout);
738 		}
739 		dumpsize -= wl;
740 	}
741 	return (0);
742 }
743 
744 static void
DoLiveFile(const char * savedir,int savedirfd,const char * device)745 DoLiveFile(const char *savedir, int savedirfd, const char *device)
746 {
747 	char infoname[32], corename[32], linkname[32], tmpname[32];
748 	struct mem_livedump_arg marg;
749 	struct kerneldumpheader kdhl;
750 	xo_handle_t *xostdout;
751 	off_t dumplength;
752 	uint32_t version;
753 	int fddev, fdcore;
754 	int bounds;
755 	int error, status;
756 
757 	bounds = getbounds(savedirfd);
758 	status = STATUS_UNKNOWN;
759 
760 	xostdout = xo_create_to_file(stdout, XO_STYLE_TEXT, 0);
761 	if (xostdout == NULL) {
762 		logmsg(LOG_ERR, "xo_create_to_file() failed: %m");
763 		return;
764 	}
765 
766 	/*
767 	 * Create a temporary file. We will invoke the live dump and its
768 	 * contents will be written to this fd. After validating and removing
769 	 * the kernel dump header from the tail-end of this file, it will be
770 	 * renamed to its definitive filename (e.g. livecore.2.gz).
771 	 *
772 	 * If any errors are encountered before the rename, the temporary file
773 	 * is unlinked.
774 	 */
775 	strcpy(tmpname, "livecore.tmp.XXXXXX");
776 	fdcore = mkostempsat(savedirfd, tmpname, 0, 0);
777 	if (fdcore < 0) {
778 		logmsg(LOG_ERR, "error opening temp file: %m");
779 		return;
780 	}
781 
782 	fddev = fileargs_open(capfa, device);
783 	if (fddev < 0) {
784 		logmsg(LOG_ERR, "%s: %m", device);
785 		goto unlinkexit;
786 	}
787 
788 	bzero(&marg, sizeof(marg));
789 	marg.fd = fdcore;
790 	marg.compression = comp_desired;
791 	if (ioctl(fddev, MEM_KERNELDUMP, &marg) == -1) {
792 		logmsg(LOG_ERR,
793 		    "failed to invoke live-dump on system: %m");
794 		close(fddev);
795 		goto unlinkexit;
796 	}
797 
798 	/* Close /dev/mem fd, we are finished with it. */
799 	close(fddev);
800 
801 	/* Seek to the end of the file, minus the size of the header. */
802 	if (lseek(fdcore, -(off_t)sizeof(kdhl), SEEK_END) == -1) {
803 		logmsg(LOG_ERR, "failed to lseek: %m");
804 		goto unlinkexit;
805 	}
806 
807 	if (read(fdcore, &kdhl, sizeof(kdhl)) != sizeof(kdhl)) {
808 		logmsg(LOG_ERR, "failed to read kernel dump header: %m");
809 		goto unlinkexit;
810 	}
811 	/* Reset cursor */
812 	(void)lseek(fdcore, 0, SEEK_SET);
813 
814 	/* Validate the dump header. */
815 	version = dtoh32(kdhl.version);
816 	if (compare_magic(&kdhl, KERNELDUMPMAGIC)) {
817 		if (version != KERNELDUMPVERSION) {
818 			logmsg(LOG_ERR,
819 			    "unknown version (%d) in dump header on %s",
820 			    version, device);
821 			goto unlinkexit;
822 		} else if (kdhl.compression != comp_desired) {
823 			/* This should be impossible. */
824 			logmsg(LOG_ERR,
825 			    "dump compression (%u) doesn't match request (%u)",
826 			    kdhl.compression, comp_desired);
827 			if (!force)
828 				goto unlinkexit;
829 		}
830 	} else {
831 		logmsg(LOG_ERR, "magic mismatch on live dump header");
832 		goto unlinkexit;
833 	}
834 	if (kerneldump_parity(&kdhl)) {
835 		logmsg(LOG_ERR,
836 		    "parity error on last dump header on %s", device);
837 		nerr++;
838 		status = STATUS_BAD;
839 		if (!force)
840 			goto unlinkexit;
841 	} else {
842 		status = STATUS_GOOD;
843 	}
844 
845 	nfound++;
846 	dumplength = dtoh64(kdhl.dumplength);
847 	if (dtoh32(kdhl.dumpkeysize) != 0) {
848 		logmsg(LOG_ERR,
849 		    "dump header unexpectedly reported keysize > 0");
850 		goto unlinkexit;
851 	}
852 
853 	/* Remove the vestigial kernel dump header. */
854 	error = ftruncate(fdcore, dumplength);
855 	if (error != 0) {
856 		logmsg(LOG_ERR, "failed to truncate the core file: %m");
857 		goto unlinkexit;
858 	}
859 
860 	if (verbose >= 2) {
861 		printf("\nDump header:\n");
862 		printheader(xostdout, &kdhl, device, bounds, -1);
863 		printf("\n");
864 	}
865 	logmsg(LOG_ALERT, "livedump");
866 
867 	writebounds(savedirfd, bounds + 1);
868 	saved_dump_remove(savedirfd, bounds);
869 
870 	snprintf(corename, sizeof(corename), "livecore.%d", bounds);
871 	if (compress)
872 		strcat(corename, kdhl.compression == KERNELDUMP_COMP_ZSTD ?
873 		    ".zst" : ".gz");
874 
875 	if (verbose)
876 		printf("renaming %s to %s\n", tmpname, corename);
877 	if (renameat(savedirfd, tmpname, savedirfd, corename) != 0) {
878 		logmsg(LOG_ERR, "renameat failed: %m");
879 		goto unlinkexit;
880 	}
881 
882 	snprintf(infoname, sizeof(infoname), "info.%d", bounds);
883 	if (write_header_info(xostdout, &kdhl, savedirfd, infoname, device,
884 	    bounds, status) != 0) {
885 		nerr++;
886 		return;
887 	}
888 
889 	logmsg(LOG_NOTICE, "writing %score to %s/%s",
890 	    compress ? "compressed " : "", savedir, corename);
891 
892 	if (verbose)
893 		printf("\n");
894 
895 	symlinks_remove(savedirfd);
896 	if (symlinkat(infoname, savedirfd, "info.last") == -1) {
897 		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
898 		    savedir, "info.last");
899 	}
900 
901 	snprintf(linkname, sizeof(linkname), "livecore.last");
902 	if (compress)
903 		strcat(linkname, kdhl.compression == KERNELDUMP_COMP_ZSTD ?
904 		    ".zst" : ".gz");
905 	if (symlinkat(corename, savedirfd, linkname) == -1) {
906 		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
907 		    savedir, linkname);
908 	}
909 
910 	nsaved++;
911 	if (verbose)
912 		printf("dump saved\n");
913 
914 	close(fdcore);
915 	return;
916 unlinkexit:
917 	funlinkat(savedirfd, tmpname, fdcore, 0);
918 	close(fdcore);
919 }
920 
921 static void
DoFile(const char * savedir,int savedirfd,const char * device)922 DoFile(const char *savedir, int savedirfd, const char *device)
923 {
924 	static char *buf = NULL;
925 	xo_handle_t *xostdout;
926 	char infoname[32], corename[32], linkname[32], keyname[32];
927 	char *temp = NULL;
928 	struct kerneldumpheader kdhf, kdhl;
929 	uint8_t *dumpkey;
930 	off_t mediasize, dumpextent, dumplength, firsthd, lasthd;
931 	FILE *core;
932 	int fdcore, fddev, error;
933 	int bounds, status;
934 	u_int sectorsize;
935 	uint32_t dumpkeysize;
936 	bool iscompressed, isencrypted, istextdump, ret;
937 
938 	/* Live kernel dumps are handled separately. */
939 	if (livecore) {
940 		DoLiveFile(savedir, savedirfd, device);
941 		return;
942 	}
943 
944 	bounds = getbounds(savedirfd);
945 	dumpkey = NULL;
946 	mediasize = 0;
947 	status = STATUS_UNKNOWN;
948 
949 	xostdout = xo_create_to_file(stdout, XO_STYLE_TEXT, 0);
950 	if (xostdout == NULL) {
951 		logmsg(LOG_ERR, "xo_create_to_file() failed: %m");
952 		return;
953 	}
954 
955 	if (buf == NULL) {
956 		buf = malloc(BUFFERSIZE);
957 		if (buf == NULL) {
958 			logmsg(LOG_ERR, "%m");
959 			return;
960 		}
961 	}
962 
963 	if (verbose)
964 		printf("checking for kernel dump on device %s\n", device);
965 
966 	fddev = fileargs_open(capfa, device);
967 	if (fddev < 0) {
968 		logmsg(LOG_ERR, "%s: %m", device);
969 		return;
970 	}
971 
972 	error = ioctl(fddev, DIOCGMEDIASIZE, &mediasize);
973 	if (!error)
974 		error = ioctl(fddev, DIOCGSECTORSIZE, &sectorsize);
975 	if (error) {
976 		logmsg(LOG_ERR,
977 		    "couldn't find media and/or sector size of %s: %m", device);
978 		goto closefd;
979 	}
980 
981 	if (verbose) {
982 		printf("mediasize = %lld bytes\n", (long long)mediasize);
983 		printf("sectorsize = %u bytes\n", sectorsize);
984 	}
985 
986 	if (sectorsize < sizeof(kdhl)) {
987 		logmsg(LOG_ERR,
988 		    "Sector size is less the kernel dump header %zu",
989 		    sizeof(kdhl));
990 		goto closefd;
991 	}
992 
993 	lasthd = mediasize - sectorsize;
994 	temp = malloc(sectorsize);
995 	if (temp == NULL) {
996 		logmsg(LOG_ERR, "%m");
997 		goto closefd;
998 	}
999 	if (lseek(fddev, lasthd, SEEK_SET) != lasthd ||
1000 	    read(fddev, temp, sectorsize) != (ssize_t)sectorsize) {
1001 		logmsg(LOG_ERR,
1002 		    "error reading last dump header at offset %lld in %s: %m",
1003 		    (long long)lasthd, device);
1004 		goto closefd;
1005 	}
1006 	memcpy(&kdhl, temp, sizeof(kdhl));
1007 	iscompressed = istextdump = false;
1008 	if (compare_magic(&kdhl, TEXTDUMPMAGIC)) {
1009 		if (verbose)
1010 			printf("textdump magic on last dump header on %s\n",
1011 			    device);
1012 		istextdump = true;
1013 		if (dtoh32(kdhl.version) != KERNELDUMP_TEXT_VERSION) {
1014 			logmsg(LOG_ERR,
1015 			    "unknown version (%d) in last dump header on %s",
1016 			    dtoh32(kdhl.version), device);
1017 
1018 			status = STATUS_BAD;
1019 			if (!force)
1020 				goto closefd;
1021 		}
1022 	} else if (compare_magic(&kdhl, KERNELDUMPMAGIC)) {
1023 		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
1024 			logmsg(LOG_ERR,
1025 			    "unknown version (%d) in last dump header on %s",
1026 			    dtoh32(kdhl.version), device);
1027 
1028 			status = STATUS_BAD;
1029 			if (!force)
1030 				goto closefd;
1031 		}
1032 		switch (kdhl.compression) {
1033 		case KERNELDUMP_COMP_NONE:
1034 			uncompress = false;
1035 			break;
1036 		case KERNELDUMP_COMP_GZIP:
1037 		case KERNELDUMP_COMP_ZSTD:
1038 			if (compress && verbose)
1039 				printf("dump is already compressed\n");
1040 			if (uncompress && verbose)
1041 				printf("dump to be uncompressed\n");
1042 			compress = false;
1043 			iscompressed = true;
1044 			break;
1045 		default:
1046 			logmsg(LOG_ERR, "unknown compression type %d on %s",
1047 			    kdhl.compression, device);
1048 			break;
1049 		}
1050 	} else {
1051 		if (verbose)
1052 			printf("magic mismatch on last dump header on %s\n",
1053 			    device);
1054 
1055 		status = STATUS_BAD;
1056 		if (!force)
1057 			goto closefd;
1058 
1059 		if (compare_magic(&kdhl, KERNELDUMPMAGIC_CLEARED)) {
1060 			if (verbose)
1061 				printf("forcing magic on %s\n", device);
1062 			memcpy(kdhl.magic, KERNELDUMPMAGIC, sizeof(kdhl.magic));
1063 		} else {
1064 			logmsg(LOG_ERR, "unable to force dump - bad magic");
1065 			goto closefd;
1066 		}
1067 		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
1068 			logmsg(LOG_ERR,
1069 			    "unknown version (%d) in last dump header on %s",
1070 			    dtoh32(kdhl.version), device);
1071 
1072 			status = STATUS_BAD;
1073 			if (!force)
1074 				goto closefd;
1075 		}
1076 	}
1077 
1078 	nfound++;
1079 	if (clear)
1080 		goto nuke;
1081 
1082 	if (kerneldump_parity(&kdhl)) {
1083 		logmsg(LOG_ERR,
1084 		    "parity error on last dump header on %s", device);
1085 		nerr++;
1086 		status = STATUS_BAD;
1087 		if (!force)
1088 			goto closefd;
1089 	}
1090 	dumpextent = dtoh64(kdhl.dumpextent);
1091 	dumplength = dtoh64(kdhl.dumplength);
1092 	dumpkeysize = dtoh32(kdhl.dumpkeysize);
1093 	firsthd = lasthd - dumpextent - sectorsize - dumpkeysize;
1094 	if (lseek(fddev, firsthd, SEEK_SET) != firsthd ||
1095 	    read(fddev, temp, sectorsize) != (ssize_t)sectorsize) {
1096 		logmsg(LOG_ERR,
1097 		    "error reading first dump header at offset %lld in %s: %m",
1098 		    (long long)firsthd, device);
1099 		nerr++;
1100 		goto closefd;
1101 	}
1102 	memcpy(&kdhf, temp, sizeof(kdhf));
1103 
1104 	if (verbose >= 2) {
1105 		printf("First dump headers:\n");
1106 		printheader(xostdout, &kdhf, device, bounds, -1);
1107 
1108 		printf("\nLast dump headers:\n");
1109 		printheader(xostdout, &kdhl, device, bounds, -1);
1110 		printf("\n");
1111 	}
1112 
1113 	if (memcmp(&kdhl, &kdhf, sizeof(kdhl))) {
1114 		logmsg(LOG_ERR,
1115 		    "first and last dump headers disagree on %s", device);
1116 		nerr++;
1117 		status = STATUS_BAD;
1118 		if (!force)
1119 			goto closefd;
1120 	} else {
1121 		status = STATUS_GOOD;
1122 	}
1123 
1124 	if (checkfor) {
1125 		printf("A dump exists on %s\n", device);
1126 		close(fddev);
1127 		exit(EXIT_SUCCESS);
1128 	}
1129 
1130 	if (kdhl.panicstring[0] != '\0')
1131 		logmsg(LOG_ALERT, "reboot after panic: %.*s",
1132 		    (int)sizeof(kdhl.panicstring), kdhl.panicstring);
1133 	else
1134 		logmsg(LOG_ALERT, "reboot");
1135 
1136 	if (verbose)
1137 		printf("Checking for available free space\n");
1138 
1139 	if (!check_space(savedir, savedirfd, dumplength, bounds)) {
1140 		nerr++;
1141 		goto closefd;
1142 	}
1143 
1144 	writebounds(savedirfd, bounds + 1);
1145 
1146 	saved_dump_remove(savedirfd, bounds);
1147 
1148 	isencrypted = (dumpkeysize > 0);
1149 	if (compress)
1150 		snprintf(corename, sizeof(corename), "%s.%d.gz",
1151 		    istextdump ? "textdump.tar" :
1152 		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
1153 	else if (iscompressed && !isencrypted && !uncompress)
1154 		snprintf(corename, sizeof(corename), "vmcore.%d.%s", bounds,
1155 		    (kdhl.compression == KERNELDUMP_COMP_GZIP) ? "gz" : "zst");
1156 	else
1157 		snprintf(corename, sizeof(corename), "%s.%d",
1158 		    istextdump ? "textdump.tar" :
1159 		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
1160 	fdcore = openat(savedirfd, corename, O_WRONLY | O_CREAT | O_TRUNC,
1161 	    0600);
1162 	if (fdcore < 0) {
1163 		logmsg(LOG_ERR, "open(%s): %m", corename);
1164 		nerr++;
1165 		goto closefd;
1166 	}
1167 
1168 	if (compress)
1169 		core = zdopen(fdcore, "w");
1170 	else
1171 		core = fdopen(fdcore, "w");
1172 	if (core == NULL) {
1173 		logmsg(LOG_ERR, "%s: %m", corename);
1174 		(void)close(fdcore);
1175 		nerr++;
1176 		goto closefd;
1177 	}
1178 	fdcore = -1;
1179 
1180 	snprintf(infoname, sizeof(infoname), "info.%d", bounds);
1181 	if (write_header_info(xostdout, &kdhl, savedirfd, infoname, device,
1182 	    bounds, status) != 0) {
1183 		nerr++;
1184 		goto closeall;
1185 	}
1186 
1187 	if (isencrypted) {
1188 		dumpkey = calloc(1, dumpkeysize);
1189 		if (dumpkey == NULL) {
1190 			logmsg(LOG_ERR, "Unable to allocate kernel dump key.");
1191 			nerr++;
1192 			goto closeall;
1193 		}
1194 
1195 		if (read(fddev, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
1196 			logmsg(LOG_ERR, "Unable to read kernel dump key: %m.");
1197 			nerr++;
1198 			goto closeall;
1199 		}
1200 
1201 		snprintf(keyname, sizeof(keyname), "key.%d", bounds);
1202 		ret = writekey(savedirfd, keyname, dumpkey, dumpkeysize);
1203 		explicit_bzero(dumpkey, dumpkeysize);
1204 		if (!ret) {
1205 			nerr++;
1206 			goto closeall;
1207 		}
1208 	}
1209 
1210 	logmsg(LOG_NOTICE, "writing %s%score to %s/%s",
1211 	    isencrypted ? "encrypted " : "", compress ? "compressed " : "",
1212 	    savedir, corename);
1213 
1214 	if (istextdump) {
1215 		if (DoTextdumpFile(fddev, dumplength, lasthd, buf, device,
1216 		    corename, core) < 0)
1217 			goto closeall;
1218 	} else {
1219 		if (DoRegularFile(fddev, dumplength, sectorsize,
1220 		    !(compress || iscompressed || isencrypted),
1221 		    uncompress ? kdhl.compression : KERNELDUMP_COMP_NONE,
1222 		    buf, device, corename, core) < 0) {
1223 			goto closeall;
1224 		}
1225 	}
1226 	if (verbose)
1227 		printf("\n");
1228 
1229 	if (fclose(core) < 0) {
1230 		logmsg(LOG_ERR, "error on %s: %m", corename);
1231 		nerr++;
1232 		goto closefd;
1233 	}
1234 
1235 	symlinks_remove(savedirfd);
1236 	if (symlinkat(infoname, savedirfd, "info.last") == -1) {
1237 		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
1238 		    savedir, "info.last");
1239 	}
1240 	if (isencrypted) {
1241 		if (symlinkat(keyname, savedirfd, "key.last") == -1) {
1242 			logmsg(LOG_WARNING,
1243 			    "unable to create symlink %s/%s: %m", savedir,
1244 			    "key.last");
1245 		}
1246 	}
1247 	if ((iscompressed && !uncompress) || compress) {
1248 		snprintf(linkname, sizeof(linkname), "%s.last.%s",
1249 		    istextdump ? "textdump.tar" :
1250 		    (isencrypted ? "vmcore_encrypted" : "vmcore"),
1251 		    (kdhl.compression == KERNELDUMP_COMP_ZSTD) ? "zst" : "gz");
1252 	} else {
1253 		snprintf(linkname, sizeof(linkname), "%s.last",
1254 		    istextdump ? "textdump.tar" :
1255 		    (isencrypted ? "vmcore_encrypted" : "vmcore"));
1256 	}
1257 	if (symlinkat(corename, savedirfd, linkname) == -1) {
1258 		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
1259 		    savedir, linkname);
1260 	}
1261 
1262 	nsaved++;
1263 
1264 	if (verbose)
1265 		printf("dump saved\n");
1266 
1267 nuke:
1268 	if (!keep) {
1269 		if (verbose)
1270 			printf("clearing dump header\n");
1271 		memcpy(kdhl.magic, KERNELDUMPMAGIC_CLEARED, sizeof(kdhl.magic));
1272 		memcpy(temp, &kdhl, sizeof(kdhl));
1273 		if (lseek(fddev, lasthd, SEEK_SET) != lasthd ||
1274 		    write(fddev, temp, sectorsize) != (ssize_t)sectorsize)
1275 			logmsg(LOG_ERR,
1276 			    "error while clearing the dump header: %m");
1277 	}
1278 	xo_close_container_h(xostdout, "crashdump");
1279 	if (xo_finish_h(xostdout) < 0)
1280 		xo_err(EXIT_FAILURE, "stdout");
1281 	free(dumpkey);
1282 	free(temp);
1283 	close(fddev);
1284 	return;
1285 
1286 closeall:
1287 	fclose(core);
1288 
1289 closefd:
1290 	free(dumpkey);
1291 	free(temp);
1292 	close(fddev);
1293 }
1294 
1295 /* Prepend "/dev/" to any arguments that don't already have it */
1296 static char **
devify(int argc,char ** argv)1297 devify(int argc, char **argv)
1298 {
1299 	char **devs;
1300 	int i, l;
1301 
1302 	devs = malloc(argc * sizeof(*argv));
1303 	if (devs == NULL) {
1304 		logmsg(LOG_ERR, "malloc(): %m");
1305 		exit(EXIT_FAILURE);
1306 	}
1307 	for (i = 0; i < argc; i++) {
1308 		if (strncmp(argv[i], _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
1309 			devs[i] = strdup(argv[i]);
1310 		else {
1311 			char *fullpath;
1312 
1313 			fullpath = malloc(PATH_MAX);
1314 			if (fullpath == NULL) {
1315 				logmsg(LOG_ERR, "malloc(): %m");
1316 				exit(EXIT_FAILURE);
1317 			}
1318 			l = snprintf(fullpath, PATH_MAX, "%s%s", _PATH_DEV,
1319 			    argv[i]);
1320 			if (l < 0) {
1321 				logmsg(LOG_ERR, "snprintf(): %m");
1322 				exit(EXIT_FAILURE);
1323 			} else if (l >= PATH_MAX) {
1324 				logmsg(LOG_ERR, "device name too long");
1325 				exit(EXIT_FAILURE);
1326 			}
1327 			devs[i] = fullpath;
1328 		}
1329 	}
1330 	return (devs);
1331 }
1332 
1333 static char **
enum_dumpdevs(int * argcp)1334 enum_dumpdevs(int *argcp)
1335 {
1336 	struct fstab *fsp;
1337 	char **argv;
1338 	int argc, n;
1339 
1340 	/*
1341 	 * We cannot use getfsent(3) in capability mode, so we must
1342 	 * scan /etc/fstab and build up a list of candidate devices
1343 	 * before proceeding.
1344 	 */
1345 	argc = 0;
1346 	n = 8;
1347 	argv = malloc(n * sizeof(*argv));
1348 	if (argv == NULL) {
1349 		logmsg(LOG_ERR, "malloc(): %m");
1350 		exit(EXIT_FAILURE);
1351 	}
1352 	for (;;) {
1353 		fsp = getfsent();
1354 		if (fsp == NULL)
1355 			break;
1356 		if (strcmp(fsp->fs_vfstype, "swap") != 0 &&
1357 		    strcmp(fsp->fs_vfstype, "dump") != 0)
1358 			continue;
1359 		if (argc >= n) {
1360 			n *= 2;
1361 			argv = realloc(argv, n * sizeof(*argv));
1362 			if (argv == NULL) {
1363 				logmsg(LOG_ERR, "realloc(): %m");
1364 				exit(EXIT_FAILURE);
1365 			}
1366 		}
1367 		argv[argc] = strdup(fsp->fs_spec);
1368 		if (argv[argc] == NULL) {
1369 			logmsg(LOG_ERR, "strdup(): %m");
1370 			exit(EXIT_FAILURE);
1371 		}
1372 		argc++;
1373 	}
1374 	*argcp = argc;
1375 	return (argv);
1376 }
1377 
1378 static void
init_caps(int argc,char ** argv)1379 init_caps(int argc, char **argv)
1380 {
1381 	cap_rights_t rights;
1382 	cap_channel_t *capcas;
1383 
1384 	capcas = cap_init();
1385 	if (capcas == NULL) {
1386 		logmsg(LOG_ERR, "cap_init(): %m");
1387 		exit(EXIT_FAILURE);
1388 	}
1389 	/*
1390 	 * The fileargs capability does not currently provide a way to limit
1391 	 * ioctls.
1392 	 */
1393 	(void)cap_rights_init(&rights, CAP_PREAD, CAP_WRITE, CAP_IOCTL);
1394 	capfa = fileargs_init(argc, argv, checkfor || keep ? O_RDONLY : O_RDWR,
1395 	    0, &rights, FA_OPEN);
1396 	if (capfa == NULL) {
1397 		logmsg(LOG_ERR, "fileargs_init(): %m");
1398 		exit(EXIT_FAILURE);
1399 	}
1400 	caph_cache_catpages();
1401 	caph_cache_tzdata();
1402 	if (caph_enter_casper() != 0) {
1403 		logmsg(LOG_ERR, "caph_enter_casper(): %m");
1404 		exit(EXIT_FAILURE);
1405 	}
1406 	capsyslog = cap_service_open(capcas, "system.syslog");
1407 	if (capsyslog == NULL) {
1408 		logmsg(LOG_ERR, "cap_service_open(system.syslog): %m");
1409 		exit(EXIT_FAILURE);
1410 	}
1411 	cap_close(capcas);
1412 }
1413 
1414 static void
usage(void)1415 usage(void)
1416 {
1417 	xo_error("%s\n%s\n%s\n%s\n",
1418 	    "usage: savecore -c [-v] [device ...]",
1419 	    "       savecore -C [-v] [device ...]",
1420 	    "       savecore -L [-fvZz] [-m maxdumps] [directory]",
1421 	    "       savecore [-fkuvz] [-m maxdumps] [directory [device ...]]");
1422 	exit(EXIT_FAILURE);
1423 }
1424 
1425 int
main(int argc,char ** argv)1426 main(int argc, char **argv)
1427 {
1428 	cap_rights_t rights;
1429 	const char *savedir;
1430 	char **devs;
1431 	int i, ch, error, savedirfd;
1432 
1433 	checkfor = compress = clear = force = keep = livecore = false;
1434 	verbose = 0;
1435 	nfound = nsaved = nerr = 0;
1436 	savedir = ".";
1437 	comp_desired = KERNELDUMP_COMP_NONE;
1438 
1439 	openlog("savecore", LOG_PERROR, LOG_DAEMON);
1440 	signal(SIGINFO, infohandler);
1441 
1442 	argc = xo_parse_args(argc, argv);
1443 	if (argc < 0)
1444 		exit(EXIT_FAILURE);
1445 
1446 	while ((ch = getopt(argc, argv, "CcfkLm:uvZz")) != -1)
1447 		switch(ch) {
1448 		case 'C':
1449 			checkfor = true;
1450 			break;
1451 		case 'c':
1452 			clear = true;
1453 			break;
1454 		case 'f':
1455 			force = true;
1456 			break;
1457 		case 'k':
1458 			keep = true;
1459 			break;
1460 		case 'L':
1461 			livecore = true;
1462 			break;
1463 		case 'm':
1464 			maxdumps = atoi(optarg);
1465 			if (maxdumps <= 0) {
1466 				logmsg(LOG_ERR, "Invalid maxdump value");
1467 				exit(EXIT_FAILURE);
1468 			}
1469 			break;
1470 		case 'u':
1471 			uncompress = true;
1472 			break;
1473 		case 'v':
1474 			verbose++;
1475 			break;
1476 		case 'Z':
1477 			/* No on-the-fly compression with zstd at the moment. */
1478 			if (!livecore)
1479 				usage();
1480 			compress = true;
1481 			comp_desired = KERNELDUMP_COMP_ZSTD;
1482 			break;
1483 		case 'z':
1484 			compress = true;
1485 			comp_desired = KERNELDUMP_COMP_GZIP;
1486 			break;
1487 		case '?':
1488 		default:
1489 			usage();
1490 		}
1491 	if (checkfor && (clear || force || keep))
1492 		usage();
1493 	if (clear && (compress || keep))
1494 		usage();
1495 	if (maxdumps > 0 && (checkfor || clear))
1496 		usage();
1497 	if (compress && uncompress)
1498 		usage();
1499 	if (livecore && (checkfor || clear || uncompress || keep))
1500 		usage();
1501 	argc -= optind;
1502 	argv += optind;
1503 	if (argc >= 1 && !checkfor && !clear) {
1504 		error = chdir(argv[0]);
1505 		if (error) {
1506 			logmsg(LOG_ERR, "chdir(%s): %m", argv[0]);
1507 			exit(EXIT_FAILURE);
1508 		}
1509 		savedir = argv[0];
1510 		argc--;
1511 		argv++;
1512 	}
1513 	if (livecore) {
1514 		if (argc > 0)
1515 			usage();
1516 
1517 		/* Always need /dev/mem to invoke the dump */
1518 		devs = malloc(sizeof(char *));
1519 		devs[0] = strdup("/dev/mem");
1520 		argc++;
1521 	} else if (argc == 0)
1522 		devs = enum_dumpdevs(&argc);
1523 	else
1524 		devs = devify(argc, argv);
1525 
1526 	savedirfd = open(savedir, O_RDONLY | O_DIRECTORY);
1527 	if (savedirfd < 0) {
1528 		logmsg(LOG_ERR, "open(%s): %m", savedir);
1529 		exit(EXIT_FAILURE);
1530 	}
1531 	(void)cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL, CAP_FSTATAT,
1532 	    CAP_FSTATFS, CAP_PREAD, CAP_SYMLINKAT, CAP_FTRUNCATE, CAP_UNLINKAT,
1533 	    CAP_WRITE);
1534 	if (livecore)
1535 		cap_rights_set(&rights, CAP_RENAMEAT_SOURCE,
1536 		    CAP_RENAMEAT_TARGET);
1537 	if (caph_rights_limit(savedirfd, &rights) < 0) {
1538 		logmsg(LOG_ERR, "cap_rights_limit(): %m");
1539 		exit(EXIT_FAILURE);
1540 	}
1541 
1542 	/* Enter capability mode. */
1543 	init_caps(argc, devs);
1544 
1545 	for (i = 0; i < argc; i++)
1546 		DoFile(savedir, savedirfd, devs[i]);
1547 
1548 	if (nfound == 0) {
1549 		if (checkfor) {
1550 			if (verbose)
1551 				printf("No dump exists\n");
1552 			exit(EXIT_FAILURE);
1553 		}
1554 		if (verbose)
1555 			logmsg(LOG_WARNING, "no dumps found");
1556 	} else if (nsaved == 0) {
1557 		if (nerr != 0) {
1558 			if (verbose)
1559 				logmsg(LOG_WARNING,
1560 				    "unsaved dumps found but not saved");
1561 			exit(EXIT_FAILURE);
1562 		} else if (verbose)
1563 			logmsg(LOG_WARNING, "no unsaved dumps found");
1564 	} else if (verbose) {
1565 		logmsg(LOG_NOTICE, "%d cores saved in %s\n", nsaved, savedir);
1566 	}
1567 
1568 	exit(EXIT_SUCCESS);
1569 }
1570 
1571 static void
infohandler(int sig __unused)1572 infohandler(int sig __unused)
1573 {
1574 	got_siginfo = 1;
1575 }
1576