xref: /freebsd/sbin/savecore/savecore.c (revision a35f04fba2ebb8f86d4cbdc710c89a094572b08e)
1 /*-
2  * Copyright (c) 2002 Poul-Henning Kamp
3  * Copyright (c) 2002 Networks Associates Technology, Inc.
4  * All rights reserved.
5  *
6  * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7  * and NAI Labs, the Security Research Division of Network Associates, Inc.
8  * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9  * DARPA CHATS research program.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  * 3. The names of the authors may not be used to endorse or promote
20  *    products derived from this software without specific prior written
21  *    permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  *
35  * Copyright (c) 1986, 1992, 1993
36  *	The Regents of the University of California.  All rights reserved.
37  *
38  * Redistribution and use in source and binary forms, with or without
39  * modification, are permitted provided that the following conditions
40  * are met:
41  * 1. Redistributions of source code must retain the above copyright
42  *    notice, this list of conditions and the following disclaimer.
43  * 2. Redistributions in binary form must reproduce the above copyright
44  *    notice, this list of conditions and the following disclaimer in the
45  *    documentation and/or other materials provided with the distribution.
46  * 3. Neither the name of the University nor the names of its contributors
47  *    may be used to endorse or promote products derived from this software
48  *    without specific prior written permission.
49  *
50  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
51  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60  * SUCH DAMAGE.
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include <sys/param.h>
67 #include <sys/disk.h>
68 #include <sys/kerneldump.h>
69 #include <sys/mount.h>
70 #include <sys/stat.h>
71 #include <errno.h>
72 #include <fcntl.h>
73 #include <fstab.h>
74 #include <paths.h>
75 #include <signal.h>
76 #include <stdarg.h>
77 #include <stdbool.h>
78 #include <stdio.h>
79 #include <stdlib.h>
80 #include <string.h>
81 #include <syslog.h>
82 #include <time.h>
83 #include <unistd.h>
84 #include <libxo/xo.h>
85 
86 /* The size of the buffer used for I/O. */
87 #define	BUFFERSIZE	(1024*1024)
88 
89 #define	STATUS_BAD	0
90 #define	STATUS_GOOD	1
91 #define	STATUS_UNKNOWN	2
92 
93 static int checkfor, compress, clear, force, keep, verbose;	/* flags */
94 static int nfound, nsaved, nerr;			/* statistics */
95 static int maxdumps;
96 
97 extern FILE *zopen(const char *, const char *);
98 
99 static sig_atomic_t got_siginfo;
100 static void infohandler(int);
101 
102 static void
103 printheader(xo_handle_t *xo, const struct kerneldumpheader *h, const char *device,
104     int bounds, const int status)
105 {
106 	uint64_t dumplen;
107 	time_t t;
108 	const char *stat_str;
109 
110 	xo_flush_h(xo);
111 	xo_emit_h(xo, "{Lwc:Dump header from device}{:dump_device/%s}\n", device);
112 	xo_emit_h(xo, "{P:  }{Lwc:Architecture}{:architecture/%s}\n", h->architecture);
113 	xo_emit_h(xo, "{P:  }{Lwc:Architecture Version}{:architecture_version/%u}\n", dtoh32(h->architectureversion));
114 	dumplen = dtoh64(h->dumplength);
115 	xo_emit_h(xo, "{P:  }{Lwc:Dump Length}{:dump_length_bytes/%lld}\n", (long long)dumplen);
116 	xo_emit_h(xo, "{P:  }{Lwc:Blocksize}{:blocksize/%d}\n", dtoh32(h->blocksize));
117 	t = dtoh64(h->dumptime);
118 	xo_emit_h(xo, "{P:  }{Lwc:Dumptime}{:dumptime/%s}", ctime(&t));
119 	xo_emit_h(xo, "{P:  }{Lwc:Hostname}{:hostname/%s}\n", h->hostname);
120 	xo_emit_h(xo, "{P:  }{Lwc:Magic}{:magic/%s}\n", h->magic);
121 	xo_emit_h(xo, "{P:  }{Lwc:Version String}{:version_string/%s}", h->versionstring);
122 	xo_emit_h(xo, "{P:  }{Lwc:Panic String}{:panic_string/%s}\n", h->panicstring);
123 	xo_emit_h(xo, "{P:  }{Lwc:Dump Parity}{:dump_parity/%u}\n", h->parity);
124 	xo_emit_h(xo, "{P:  }{Lwc:Bounds}{:bounds/%d}\n", bounds);
125 
126 	switch(status) {
127 	case STATUS_BAD:
128 		stat_str = "bad";
129 		break;
130 	case STATUS_GOOD:
131 		stat_str = "good";
132 		break;
133 	default:
134 		stat_str = "unknown";
135 	}
136 	xo_emit_h(xo, "{P:  }{Lwc:Dump Status}{:dump_status/%s}\n", stat_str);
137 	xo_flush_h(xo);
138 }
139 
140 static int
141 getbounds(void) {
142 	FILE *fp;
143 	char buf[6];
144 	int ret;
145 
146 	ret = 0;
147 
148 	if ((fp = fopen("bounds", "r")) == NULL) {
149 		if (verbose)
150 			printf("unable to open bounds file, using 0\n");
151 		return (ret);
152 	}
153 
154 	if (fgets(buf, sizeof buf, fp) == NULL) {
155 		if (feof(fp))
156 			syslog(LOG_WARNING, "bounds file is empty, using 0");
157 		else
158 			syslog(LOG_WARNING, "bounds file: %s", strerror(errno));
159 		fclose(fp);
160 		return (ret);
161 	}
162 
163 	errno = 0;
164 	ret = (int)strtol(buf, NULL, 10);
165 	if (ret == 0 && (errno == EINVAL || errno == ERANGE))
166 		syslog(LOG_WARNING, "invalid value found in bounds, using 0");
167 	fclose(fp);
168 	return (ret);
169 }
170 
171 static void
172 writebounds(int bounds) {
173 	FILE *fp;
174 
175 	if ((fp = fopen("bounds", "w")) == NULL) {
176 		syslog(LOG_WARNING, "unable to write to bounds file: %m");
177 		return;
178 	}
179 
180 	if (verbose)
181 		printf("bounds number: %d\n", bounds);
182 
183 	fprintf(fp, "%d\n", bounds);
184 	fclose(fp);
185 }
186 
187 static bool
188 writekey(const char *keyname, uint8_t *dumpkey, uint32_t dumpkeysize)
189 {
190 	int fd;
191 
192 	fd = open(keyname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
193 	if (fd == -1) {
194 		syslog(LOG_ERR, "Unable to open %s to write the key: %m.",
195 		    keyname);
196 		return (false);
197 	}
198 
199 	if (write(fd, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
200 		syslog(LOG_ERR, "Unable to write the key to %s: %m.", keyname);
201 		close(fd);
202 		return (false);
203 	}
204 
205 	close(fd);
206 	return (true);
207 }
208 
209 static off_t
210 file_size(const char *path)
211 {
212 	struct stat sb;
213 
214 	/* Ignore all errors, those file may not exists. */
215 	if (stat(path, &sb) == -1)
216 		return (0);
217 	return (sb.st_size);
218 }
219 
220 static off_t
221 saved_dump_size(int bounds)
222 {
223 	static char path[PATH_MAX];
224 	off_t dumpsize;
225 
226 	dumpsize = 0;
227 
228 	(void)snprintf(path, sizeof(path), "info.%d", bounds);
229 	dumpsize += file_size(path);
230 	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
231 	dumpsize += file_size(path);
232 	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
233 	dumpsize += file_size(path);
234 	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
235 	dumpsize += file_size(path);
236 	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
237 	dumpsize += file_size(path);
238 
239 	return (dumpsize);
240 }
241 
242 static void
243 saved_dump_remove(int bounds)
244 {
245 	static char path[PATH_MAX];
246 
247 	(void)snprintf(path, sizeof(path), "info.%d", bounds);
248 	(void)unlink(path);
249 	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
250 	(void)unlink(path);
251 	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
252 	(void)unlink(path);
253 	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
254 	(void)unlink(path);
255 	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
256 	(void)unlink(path);
257 }
258 
259 static void
260 symlinks_remove(void)
261 {
262 
263 	(void)unlink("info.last");
264 	(void)unlink("key.last");
265 	(void)unlink("vmcore.last");
266 	(void)unlink("vmcore.last.gz");
267 	(void)unlink("vmcore_encrypted.last");
268 	(void)unlink("vmcore_encrypted.last.gz");
269 	(void)unlink("textdump.tar.last");
270 	(void)unlink("textdump.tar.last.gz");
271 }
272 
273 /*
274  * Check that sufficient space is available on the disk that holds the
275  * save directory.
276  */
277 static int
278 check_space(const char *savedir, off_t dumpsize, int bounds)
279 {
280 	FILE *fp;
281 	off_t minfree, spacefree, totfree, needed;
282 	struct statfs fsbuf;
283 	char buf[100];
284 
285 	if (statfs(".", &fsbuf) < 0) {
286 		syslog(LOG_ERR, "%s: %m", savedir);
287 		exit(1);
288 	}
289 	spacefree = ((off_t) fsbuf.f_bavail * fsbuf.f_bsize) / 1024;
290 	totfree = ((off_t) fsbuf.f_bfree * fsbuf.f_bsize) / 1024;
291 
292 	if ((fp = fopen("minfree", "r")) == NULL)
293 		minfree = 0;
294 	else {
295 		if (fgets(buf, sizeof(buf), fp) == NULL)
296 			minfree = 0;
297 		else
298 			minfree = atoi(buf);
299 		(void)fclose(fp);
300 	}
301 
302 	needed = dumpsize / 1024 + 2;	/* 2 for info file */
303 	needed -= saved_dump_size(bounds);
304 	if ((minfree > 0 ? spacefree : totfree) - needed < minfree) {
305 		syslog(LOG_WARNING,
306 	"no dump, not enough free space on device (%lld available, need %lld)",
307 		    (long long)(minfree > 0 ? spacefree : totfree),
308 		    (long long)needed);
309 		return (0);
310 	}
311 	if (spacefree - needed < 0)
312 		syslog(LOG_WARNING,
313 		    "dump performed, but free space threshold crossed");
314 	return (1);
315 }
316 
317 #define BLOCKSIZE (1<<12)
318 #define BLOCKMASK (~(BLOCKSIZE-1))
319 
320 static int
321 DoRegularFile(int fd, bool isencrypted, off_t dumpsize, char *buf,
322     const char *device, const char *filename, FILE *fp)
323 {
324 	int he, hs, nr, nw, wl;
325 	off_t dmpcnt, origsize;
326 
327 	dmpcnt = 0;
328 	origsize = dumpsize;
329 	he = 0;
330 	while (dumpsize > 0) {
331 		wl = BUFFERSIZE;
332 		if (wl > dumpsize)
333 			wl = dumpsize;
334 		nr = read(fd, buf, wl);
335 		if (nr != wl) {
336 			if (nr == 0)
337 				syslog(LOG_WARNING,
338 				    "WARNING: EOF on dump device");
339 			else
340 				syslog(LOG_ERR, "read error on %s: %m", device);
341 			nerr++;
342 			return (-1);
343 		}
344 		if (compress || isencrypted) {
345 			nw = fwrite(buf, 1, wl, fp);
346 		} else {
347 			for (nw = 0; nw < nr; nw = he) {
348 				/* find a contiguous block of zeroes */
349 				for (hs = nw; hs < nr; hs += BLOCKSIZE) {
350 					for (he = hs; he < nr && buf[he] == 0;
351 					    ++he)
352 						/* nothing */ ;
353 					/* is the hole long enough to matter? */
354 					if (he >= hs + BLOCKSIZE)
355 						break;
356 				}
357 
358 				/* back down to a block boundary */
359 				he &= BLOCKMASK;
360 
361 				/*
362 				 * 1) Don't go beyond the end of the buffer.
363 				 * 2) If the end of the buffer is less than
364 				 *    BLOCKSIZE bytes away, we're at the end
365 				 *    of the file, so just grab what's left.
366 				 */
367 				if (hs + BLOCKSIZE > nr)
368 					hs = he = nr;
369 
370 				/*
371 				 * At this point, we have a partial ordering:
372 				 *     nw <= hs <= he <= nr
373 				 * If hs > nw, buf[nw..hs] contains non-zero data.
374 				 * If he > hs, buf[hs..he] is all zeroes.
375 				 */
376 				if (hs > nw)
377 					if (fwrite(buf + nw, hs - nw, 1, fp)
378 					    != 1)
379 					break;
380 				if (he > hs)
381 					if (fseeko(fp, he - hs, SEEK_CUR) == -1)
382 						break;
383 			}
384 		}
385 		if (nw != wl) {
386 			syslog(LOG_ERR,
387 			    "write error on %s file: %m", filename);
388 			syslog(LOG_WARNING,
389 			    "WARNING: vmcore may be incomplete");
390 			nerr++;
391 			return (-1);
392 		}
393 		if (verbose) {
394 			dmpcnt += wl;
395 			printf("%llu\r", (unsigned long long)dmpcnt);
396 			fflush(stdout);
397 		}
398 		dumpsize -= wl;
399 		if (got_siginfo) {
400 			printf("%s %.1lf%%\n", filename, (100.0 - (100.0 *
401 			    (double)dumpsize / (double)origsize)));
402 			got_siginfo = 0;
403 		}
404 	}
405 	return (0);
406 }
407 
408 /*
409  * Specialized version of dump-reading logic for use with textdumps, which
410  * are written backwards from the end of the partition, and must be reversed
411  * before being written to the file.  Textdumps are small, so do a bit less
412  * work to optimize/sparsify.
413  */
414 static int
415 DoTextdumpFile(int fd, off_t dumpsize, off_t lasthd, char *buf,
416     const char *device, const char *filename, FILE *fp)
417 {
418 	int nr, nw, wl;
419 	off_t dmpcnt, totsize;
420 
421 	totsize = dumpsize;
422 	dmpcnt = 0;
423 	wl = 512;
424 	if ((dumpsize % wl) != 0) {
425 		syslog(LOG_ERR, "textdump uneven multiple of 512 on %s",
426 		    device);
427 		nerr++;
428 		return (-1);
429 	}
430 	while (dumpsize > 0) {
431 		nr = pread(fd, buf, wl, lasthd - (totsize - dumpsize) - wl);
432 		if (nr != wl) {
433 			if (nr == 0)
434 				syslog(LOG_WARNING,
435 				    "WARNING: EOF on dump device");
436 			else
437 				syslog(LOG_ERR, "read error on %s: %m", device);
438 			nerr++;
439 			return (-1);
440 		}
441 		nw = fwrite(buf, 1, wl, fp);
442 		if (nw != wl) {
443 			syslog(LOG_ERR,
444 			    "write error on %s file: %m", filename);
445 			syslog(LOG_WARNING,
446 			    "WARNING: textdump may be incomplete");
447 			nerr++;
448 			return (-1);
449 		}
450 		if (verbose) {
451 			dmpcnt += wl;
452 			printf("%llu\r", (unsigned long long)dmpcnt);
453 			fflush(stdout);
454 		}
455 		dumpsize -= wl;
456 	}
457 	return (0);
458 }
459 
460 static void
461 DoFile(const char *savedir, const char *device)
462 {
463 	xo_handle_t *xostdout, *xoinfo;
464 	static char infoname[PATH_MAX], corename[PATH_MAX], linkname[PATH_MAX];
465 	static char keyname[PATH_MAX];
466 	static char *buf = NULL;
467 	char *temp = NULL;
468 	struct kerneldumpheader kdhf, kdhl;
469 	uint8_t *dumpkey;
470 	off_t mediasize, dumpsize, firsthd, lasthd;
471 	FILE *info, *fp;
472 	mode_t oumask;
473 	int fd, fdinfo, error;
474 	int bounds, status;
475 	u_int sectorsize, xostyle;
476 	int istextdump;
477 	uint32_t dumpkeysize;
478 	bool isencrypted, ret;
479 
480 	bounds = getbounds();
481 	dumpkey = NULL;
482 	mediasize = 0;
483 	status = STATUS_UNKNOWN;
484 
485 	xostdout = xo_create_to_file(stdout, XO_STYLE_TEXT, 0);
486 	if (xostdout == NULL) {
487 		syslog(LOG_ERR, "%s: %m", infoname);
488 		return;
489 	}
490 
491 	if (maxdumps > 0 && bounds == maxdumps)
492 		bounds = 0;
493 
494 	if (buf == NULL) {
495 		buf = malloc(BUFFERSIZE);
496 		if (buf == NULL) {
497 			syslog(LOG_ERR, "%m");
498 			return;
499 		}
500 	}
501 
502 	if (verbose)
503 		printf("checking for kernel dump on device %s\n", device);
504 
505 	fd = open(device, (checkfor || keep) ? O_RDONLY : O_RDWR);
506 	if (fd < 0) {
507 		syslog(LOG_ERR, "%s: %m", device);
508 		return;
509 	}
510 
511 	error = ioctl(fd, DIOCGMEDIASIZE, &mediasize);
512 	if (!error)
513 		error = ioctl(fd, DIOCGSECTORSIZE, &sectorsize);
514 	if (error) {
515 		syslog(LOG_ERR,
516 		    "couldn't find media and/or sector size of %s: %m", device);
517 		goto closefd;
518 	}
519 
520 	if (verbose) {
521 		printf("mediasize = %lld\n", (long long)mediasize);
522 		printf("sectorsize = %u\n", sectorsize);
523 	}
524 
525 	if (sectorsize < sizeof(kdhl)) {
526 		syslog(LOG_ERR,
527 		    "Sector size is less the kernel dump header %zu",
528 		    sizeof(kdhl));
529 		goto closefd;
530 	}
531 
532 	lasthd = mediasize - sectorsize;
533 	temp = malloc(sectorsize);
534 	if (temp == NULL) {
535 		syslog(LOG_ERR, "%m");
536 		goto closefd;
537 	}
538 	if (lseek(fd, lasthd, SEEK_SET) != lasthd ||
539 	    read(fd, temp, sectorsize) != (ssize_t)sectorsize) {
540 		syslog(LOG_ERR,
541 		    "error reading last dump header at offset %lld in %s: %m",
542 		    (long long)lasthd, device);
543 		goto closefd;
544 	}
545 	memcpy(&kdhl, temp, sizeof(kdhl));
546 	istextdump = 0;
547 	if (strncmp(kdhl.magic, TEXTDUMPMAGIC, sizeof kdhl) == 0) {
548 		if (verbose)
549 			printf("textdump magic on last dump header on %s\n",
550 			    device);
551 		istextdump = 1;
552 		if (dtoh32(kdhl.version) != KERNELDUMP_TEXT_VERSION) {
553 			syslog(LOG_ERR,
554 			    "unknown version (%d) in last dump header on %s",
555 			    dtoh32(kdhl.version), device);
556 
557 			status = STATUS_BAD;
558 			if (force == 0)
559 				goto closefd;
560 		}
561 	} else if (memcmp(kdhl.magic, KERNELDUMPMAGIC, sizeof kdhl.magic) ==
562 	    0) {
563 		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
564 			syslog(LOG_ERR,
565 			    "unknown version (%d) in last dump header on %s",
566 			    dtoh32(kdhl.version), device);
567 
568 			status = STATUS_BAD;
569 			if (force == 0)
570 				goto closefd;
571 		}
572 	} else {
573 		if (verbose)
574 			printf("magic mismatch on last dump header on %s\n",
575 			    device);
576 
577 		status = STATUS_BAD;
578 		if (force == 0)
579 			goto closefd;
580 
581 		if (memcmp(kdhl.magic, KERNELDUMPMAGIC_CLEARED,
582 			    sizeof kdhl.magic) == 0) {
583 			if (verbose)
584 				printf("forcing magic on %s\n", device);
585 			memcpy(kdhl.magic, KERNELDUMPMAGIC,
586 			    sizeof kdhl.magic);
587 		} else {
588 			syslog(LOG_ERR, "unable to force dump - bad magic");
589 			goto closefd;
590 		}
591 		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
592 			syslog(LOG_ERR,
593 			    "unknown version (%d) in last dump header on %s",
594 			    dtoh32(kdhl.version), device);
595 
596 			status = STATUS_BAD;
597 			if (force == 0)
598 				goto closefd;
599 		}
600 	}
601 
602 	nfound++;
603 	if (clear)
604 		goto nuke;
605 
606 	if (kerneldump_parity(&kdhl)) {
607 		syslog(LOG_ERR,
608 		    "parity error on last dump header on %s", device);
609 		nerr++;
610 		status = STATUS_BAD;
611 		if (force == 0)
612 			goto closefd;
613 	}
614 	dumpsize = dtoh64(kdhl.dumplength);
615 	dumpkeysize = dtoh32(kdhl.dumpkeysize);
616 	firsthd = lasthd - dumpsize - sectorsize - dumpkeysize;
617 	if (lseek(fd, firsthd, SEEK_SET) != firsthd ||
618 	    read(fd, temp, sectorsize) != (ssize_t)sectorsize) {
619 		syslog(LOG_ERR,
620 		    "error reading first dump header at offset %lld in %s: %m",
621 		    (long long)firsthd, device);
622 		nerr++;
623 		goto closefd;
624 	}
625 	memcpy(&kdhf, temp, sizeof(kdhf));
626 
627 	if (verbose >= 2) {
628 		printf("First dump headers:\n");
629 		printheader(xostdout, &kdhf, device, bounds, -1);
630 
631 		printf("\nLast dump headers:\n");
632 		printheader(xostdout, &kdhl, device, bounds, -1);
633 		printf("\n");
634 	}
635 
636 	if (memcmp(&kdhl, &kdhf, sizeof(kdhl))) {
637 		syslog(LOG_ERR,
638 		    "first and last dump headers disagree on %s", device);
639 		nerr++;
640 		status = STATUS_BAD;
641 		if (force == 0)
642 			goto closefd;
643 	} else {
644 		status = STATUS_GOOD;
645 	}
646 
647 	if (checkfor) {
648 		printf("A dump exists on %s\n", device);
649 		close(fd);
650 		exit(0);
651 	}
652 
653 	if (kdhl.panicstring[0] != '\0')
654 		syslog(LOG_ALERT, "reboot after panic: %.*s",
655 		    (int)sizeof(kdhl.panicstring), kdhl.panicstring);
656 	else
657 		syslog(LOG_ALERT, "reboot");
658 
659 	if (verbose)
660 		printf("Checking for available free space\n");
661 
662 	if (!check_space(savedir, dumpsize, bounds)) {
663 		nerr++;
664 		goto closefd;
665 	}
666 
667 	writebounds(bounds + 1);
668 
669 	saved_dump_remove(bounds);
670 
671 	snprintf(infoname, sizeof(infoname), "info.%d", bounds);
672 
673 	/*
674 	 * Create or overwrite any existing dump header files.
675 	 */
676 	fdinfo = open(infoname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
677 	if (fdinfo < 0) {
678 		syslog(LOG_ERR, "%s: %m", infoname);
679 		nerr++;
680 		goto closefd;
681 	}
682 
683 	oumask = umask(S_IRWXG|S_IRWXO); /* Restrict access to the core file.*/
684 	isencrypted = (dumpkeysize > 0);
685 	if (compress) {
686 		snprintf(corename, sizeof(corename), "%s.%d.gz",
687 		    istextdump ? "textdump.tar" :
688 		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
689 		fp = zopen(corename, "w");
690 	} else {
691 		snprintf(corename, sizeof(corename), "%s.%d",
692 		    istextdump ? "textdump.tar" :
693 		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
694 		fp = fopen(corename, "w");
695 	}
696 	if (fp == NULL) {
697 		syslog(LOG_ERR, "%s: %m", corename);
698 		close(fdinfo);
699 		nerr++;
700 		goto closefd;
701 	}
702 	(void)umask(oumask);
703 
704 	info = fdopen(fdinfo, "w");
705 
706 	if (info == NULL) {
707 		syslog(LOG_ERR, "fdopen failed: %m");
708 		nerr++;
709 		goto closeall;
710 	}
711 
712 	xostyle = xo_get_style(NULL);
713 	xoinfo = xo_create_to_file(info, xostyle, 0);
714 	if (xoinfo == NULL) {
715 		syslog(LOG_ERR, "%s: %m", infoname);
716 		nerr++;
717 		goto closeall;
718 	}
719 	xo_open_container_h(xoinfo, "crashdump");
720 
721 	if (verbose)
722 		printheader(xostdout, &kdhl, device, bounds, status);
723 
724 	printheader(xoinfo, &kdhl, device, bounds, status);
725 	xo_close_container_h(xoinfo, "crashdump");
726 	xo_flush_h(xoinfo);
727 	xo_finish_h(xoinfo);
728 	fclose(info);
729 
730 	if (isencrypted) {
731 		dumpkey = calloc(1, dumpkeysize);
732 		if (dumpkey == NULL) {
733 			syslog(LOG_ERR, "Unable to allocate kernel dump key.");
734 			nerr++;
735 			goto closeall;
736 		}
737 
738 		if (read(fd, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
739 			syslog(LOG_ERR, "Unable to read kernel dump key: %m.");
740 			nerr++;
741 			goto closeall;
742 		}
743 
744 		snprintf(keyname, sizeof(keyname), "key.%d", bounds);
745 		ret = writekey(keyname, dumpkey, dumpkeysize);
746 		explicit_bzero(dumpkey, dumpkeysize);
747 		if (!ret) {
748 			nerr++;
749 			goto closeall;
750 		}
751 	}
752 
753 	syslog(LOG_NOTICE, "writing %s%score to %s/%s",
754 	    isencrypted ? "encrypted " : "", compress ? "compressed " : "",
755 	    savedir, corename);
756 
757 	if (istextdump) {
758 		if (DoTextdumpFile(fd, dumpsize, lasthd, buf, device,
759 		    corename, fp) < 0)
760 			goto closeall;
761 	} else {
762 		if (DoRegularFile(fd, isencrypted, dumpsize, buf, device,
763 		    corename, fp) < 0) {
764 			goto closeall;
765 		}
766 	}
767 	if (verbose)
768 		printf("\n");
769 
770 	if (fclose(fp) < 0) {
771 		syslog(LOG_ERR, "error on %s: %m", corename);
772 		nerr++;
773 		goto closefd;
774 	}
775 
776 	symlinks_remove();
777 	if (symlink(infoname, "info.last") == -1) {
778 		syslog(LOG_WARNING, "unable to create symlink %s/%s: %m",
779 		    savedir, "info.last");
780 	}
781 	if (isencrypted) {
782 		if (symlink(keyname, "key.last") == -1) {
783 			syslog(LOG_WARNING,
784 			    "unable to create symlink %s/%s: %m", savedir,
785 			    "key.last");
786 		}
787 	}
788 	if (compress) {
789 		snprintf(linkname, sizeof(linkname), "%s.last.gz",
790 		    istextdump ? "textdump.tar" :
791 		    (isencrypted ? "vmcore_encrypted" : "vmcore"));
792 	} else {
793 		snprintf(linkname, sizeof(linkname), "%s.last",
794 		    istextdump ? "textdump.tar" :
795 		    (isencrypted ? "vmcore_encrypted" : "vmcore"));
796 	}
797 	if (symlink(corename, linkname) == -1) {
798 		syslog(LOG_WARNING, "unable to create symlink %s/%s: %m",
799 		    savedir, linkname);
800 	}
801 
802 	nsaved++;
803 
804 	if (verbose)
805 		printf("dump saved\n");
806 
807 nuke:
808 	if (!keep) {
809 		if (verbose)
810 			printf("clearing dump header\n");
811 		memcpy(kdhl.magic, KERNELDUMPMAGIC_CLEARED, sizeof(kdhl.magic));
812 		memcpy(temp, &kdhl, sizeof(kdhl));
813 		if (lseek(fd, lasthd, SEEK_SET) != lasthd ||
814 		    write(fd, temp, sectorsize) != (ssize_t)sectorsize)
815 			syslog(LOG_ERR,
816 			    "error while clearing the dump header: %m");
817 	}
818 	xo_close_container_h(xostdout, "crashdump");
819 	xo_finish_h(xostdout);
820 	free(dumpkey);
821 	free(temp);
822 	close(fd);
823 	return;
824 
825 closeall:
826 	fclose(fp);
827 
828 closefd:
829 	free(dumpkey);
830 	free(temp);
831 	close(fd);
832 }
833 
834 static void
835 usage(void)
836 {
837 	xo_error("%s\n%s\n%s\n",
838 	    "usage: savecore -c [-v] [device ...]",
839 	    "       savecore -C [-v] [device ...]",
840 	    "       savecore [-fkvz] [-m maxdumps] [directory [device ...]]");
841 	exit(1);
842 }
843 
844 int
845 main(int argc, char **argv)
846 {
847 	const char *savedir = ".";
848 	struct fstab *fsp;
849 	int i, ch, error;
850 
851 	checkfor = compress = clear = force = keep = verbose = 0;
852 	nfound = nsaved = nerr = 0;
853 
854 	openlog("savecore", LOG_PERROR, LOG_DAEMON);
855 	signal(SIGINFO, infohandler);
856 
857 	argc = xo_parse_args(argc, argv);
858 	if (argc < 0)
859 		exit(1);
860 
861 	while ((ch = getopt(argc, argv, "Ccfkm:vz")) != -1)
862 		switch(ch) {
863 		case 'C':
864 			checkfor = 1;
865 			break;
866 		case 'c':
867 			clear = 1;
868 			break;
869 		case 'f':
870 			force = 1;
871 			break;
872 		case 'k':
873 			keep = 1;
874 			break;
875 		case 'm':
876 			maxdumps = atoi(optarg);
877 			if (maxdumps <= 0) {
878 				syslog(LOG_ERR, "Invalid maxdump value");
879 				exit(1);
880 			}
881 			break;
882 		case 'v':
883 			verbose++;
884 			break;
885 		case 'z':
886 			compress = 1;
887 			break;
888 		case '?':
889 		default:
890 			usage();
891 		}
892 	if (checkfor && (clear || force || keep))
893 		usage();
894 	if (clear && (compress || keep))
895 		usage();
896 	if (maxdumps > 0 && (checkfor || clear))
897 		usage();
898 	argc -= optind;
899 	argv += optind;
900 	if (argc >= 1 && !checkfor && !clear) {
901 		error = chdir(argv[0]);
902 		if (error) {
903 			syslog(LOG_ERR, "chdir(%s): %m", argv[0]);
904 			exit(1);
905 		}
906 		savedir = argv[0];
907 		argc--;
908 		argv++;
909 	}
910 	if (argc == 0) {
911 		for (;;) {
912 			fsp = getfsent();
913 			if (fsp == NULL)
914 				break;
915 			if (strcmp(fsp->fs_vfstype, "swap") &&
916 			    strcmp(fsp->fs_vfstype, "dump"))
917 				continue;
918 			DoFile(savedir, fsp->fs_spec);
919 		}
920 		endfsent();
921 	} else {
922 		for (i = 0; i < argc; i++)
923 			DoFile(savedir, argv[i]);
924 	}
925 
926 	/* Emit minimal output. */
927 	if (nfound == 0) {
928 		if (checkfor) {
929 			if (verbose)
930 				printf("No dump exists\n");
931 			exit(1);
932 		}
933 		if (verbose)
934 			syslog(LOG_WARNING, "no dumps found");
935 	} else if (nsaved == 0) {
936 		if (nerr != 0) {
937 			if (verbose)
938 				syslog(LOG_WARNING, "unsaved dumps found but not saved");
939 			exit(1);
940 		} else if (verbose)
941 			syslog(LOG_WARNING, "no unsaved dumps found");
942 	}
943 
944 	return (0);
945 }
946 
947 static void
948 infohandler(int sig __unused)
949 {
950 	got_siginfo = 1;
951 }
952