1 /*- 2 * Copyright (c) 2007 Robert N. M. Watson 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 /*- 28 * Kernel text-dump support: write a series of text files to the dump 29 * partition for later recovery, including captured DDB output, kernel 30 * configuration, message buffer, and panic message. This allows for a more 31 * compact representation of critical debugging information than traditional 32 * binary dumps, as well as allowing dump information to be used without 33 * access to kernel symbols, source code, etc. 34 * 35 * Storage Layout 36 * -------------- 37 * 38 * Crash dumps are aligned to the end of the dump or swap partition in order 39 * to minimize the chances of swap duing fsck eating into the dump. However, 40 * unlike a memory dump, we don't know the size of the textdump a priori, so 41 * can't just write it out sequentially in order from a known starting point 42 * calculated with respect to the end of the partition. In order to address 43 * this, we actually write out the textdump in reverse block order, allowing 44 * us to directly align it to the end of the partition and then write out the 45 * dump header and trailer before and after it once done. savecore(8) must 46 * know to reverse the order of the blocks in order to produce a readable 47 * file. 48 * 49 * Data is written out in the ustar file format so that we can write data 50 * incrementally as a stream without reference to previous files. 51 * 52 * TODO 53 * ---- 54 * 55 * - Allow subsystems to register to submit files for inclusion in the text 56 * dump in a generic way. 57 */ 58 59 #include <sys/cdefs.h> 60 __FBSDID("$FreeBSD$"); 61 62 #include "opt_config.h" 63 64 #include "opt_ddb.h" 65 66 #include <sys/param.h> 67 #include <sys/conf.h> 68 #include <sys/kernel.h> 69 #include <sys/kerneldump.h> 70 #include <sys/msgbuf.h> 71 #include <sys/sysctl.h> 72 #include <sys/systm.h> 73 74 #include <ddb/ddb.h> 75 #include <ddb/db_lex.h> 76 77 static SYSCTL_NODE(_debug_ddb, OID_AUTO, textdump, CTLFLAG_RW, 0, 78 "DDB textdump options"); 79 80 /* 81 * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is 82 * to protect us from metadata and metadata from us. 83 */ 84 #define SIZEOF_METADATA (64*1024) 85 86 /* 87 * Data is written out as a series of files in the ustar tar format. ustar 88 * is a simple streamed format consiting of a series of files prefixed with 89 * headers, and all padded to 512-byte block boundaries, which maps 90 * conveniently to our requirements. 91 */ 92 struct ustar_header { 93 char uh_filename[100]; 94 char uh_mode[8]; 95 char uh_tar_owner[8]; 96 char uh_tar_group[8]; 97 char uh_size[12]; 98 char uh_mtime[12]; 99 char uh_sum[8]; 100 char uh_type; 101 char uh_linkfile[100]; 102 char uh_ustar[6]; 103 char uh_version[2]; 104 char uh_owner[32]; 105 char uh_group[32]; 106 char uh_major[8]; 107 char uh_minor[8]; 108 char uh_filenameprefix[155]; 109 char uh_zeropad[12]; 110 } __packed; 111 112 /* 113 * Various size assertions -- pretty much everything must be one block in 114 * size. 115 */ 116 CTASSERT(sizeof(struct kerneldumpheader) == TEXTDUMP_BLOCKSIZE); 117 CTASSERT(sizeof(struct ustar_header) == TEXTDUMP_BLOCKSIZE); 118 119 /* 120 * Is a textdump scheduled? If so, the shutdown code will invoke our dumpsys 121 * routine instead of the machine-dependent kernel dump routine. 122 */ 123 #ifdef TEXTDUMP_PREFERRED 124 int textdump_pending = 1; 125 #else 126 int textdump_pending = 0; 127 #endif 128 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, pending, CTLFLAG_RW, 129 &textdump_pending, 0, 130 "Perform textdump instead of regular kernel dump."); 131 132 /* 133 * Various constants for tar headers and contents. 134 */ 135 #define TAR_USER "root" 136 #define TAR_GROUP "wheel" 137 #define TAR_UID "0" 138 #define TAR_GID "0" 139 #define TAR_MODE "0600" 140 #define TAR_USTAR "ustar" 141 142 #define TAR_CONFIG_FILENAME "config.txt" /* Kernel configuration. */ 143 #define TAR_MSGBUF_FILENAME "msgbuf.txt" /* Kernel messsage buffer. */ 144 #define TAR_PANIC_FILENAME "panic.txt" /* Panic message. */ 145 #define TAR_VERSION_FILENAME "version.txt" /* Kernel version. */ 146 147 /* 148 * Configure which files will be dumped. 149 */ 150 #ifdef INCLUDE_CONFIG_FILE 151 static int textdump_do_config = 1; 152 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, do_config, CTLFLAG_RW, 153 &textdump_do_config, 0, "Dump kernel configuration in textdump"); 154 #endif 155 156 static int textdump_do_ddb = 1; 157 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, do_ddb, CTLFLAG_RW, 158 &textdump_do_ddb, 0, "Dump DDB captured output in textdump"); 159 160 static int textdump_do_msgbuf = 1; 161 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, do_msgbuf, CTLFLAG_RW, 162 &textdump_do_msgbuf, 0, "Dump kernel message buffer in textdump"); 163 164 static int textdump_do_panic = 1; 165 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, do_panic, CTLFLAG_RW, 166 &textdump_do_panic, 0, "Dump kernel panic message in textdump"); 167 168 static int textdump_do_version = 1; 169 SYSCTL_INT(_debug_ddb_textdump, OID_AUTO, do_version, CTLFLAG_RW, 170 &textdump_do_version, 0, "Dump kernel version string in textdump"); 171 172 /* 173 * State related to incremental writing of blocks to disk. 174 */ 175 static off_t textdump_offset; /* Offset of next sequential write. */ 176 static int textdump_error; /* Carried write error, if any. */ 177 178 /* 179 * Statically allocate space to prepare block-sized headers and data. 180 */ 181 char textdump_block_buffer[TEXTDUMP_BLOCKSIZE]; 182 static struct kerneldumpheader kdh; 183 184 /* 185 * Calculate and fill in the checksum for a ustar header. 186 */ 187 static void 188 ustar_checksum(struct ustar_header *uhp) 189 { 190 u_int sum; 191 int i; 192 193 for (i = 0; i < sizeof(uhp->uh_sum); i++) 194 uhp->uh_sum[i] = ' '; 195 sum = 0; 196 for (i = 0; i < sizeof(*uhp); i++) 197 sum += ((u_char *)uhp)[i]; 198 snprintf(uhp->uh_sum, sizeof(uhp->uh_sum), "%6o", sum); 199 } 200 201 /* 202 * Each file in the tarball has a block-sized header with its name and other, 203 * largely hard-coded, properties. 204 */ 205 void 206 textdump_mkustar(char *block_buffer, const char *filename, u_int size) 207 { 208 struct ustar_header *uhp; 209 210 #ifdef TEXTDUMP_VERBOSE 211 if (textdump_error == 0) 212 printf("textdump: creating '%s'.\n", filename); 213 #endif 214 uhp = (struct ustar_header *)block_buffer; 215 bzero(uhp, sizeof(*uhp)); 216 strlcpy(uhp->uh_filename, filename, sizeof(uhp->uh_filename)); 217 strlcpy(uhp->uh_mode, TAR_MODE, sizeof(uhp->uh_mode)); 218 snprintf(uhp->uh_size, sizeof(uhp->uh_size), "%o", size); 219 strlcpy(uhp->uh_tar_owner, TAR_UID, sizeof(uhp->uh_tar_owner)); 220 strlcpy(uhp->uh_tar_group, TAR_GID, sizeof(uhp->uh_tar_group)); 221 strlcpy(uhp->uh_owner, TAR_USER, sizeof(uhp->uh_owner)); 222 strlcpy(uhp->uh_group, TAR_GROUP, sizeof(uhp->uh_group)); 223 snprintf(uhp->uh_mtime, sizeof(uhp->uh_mtime), "%lo", 224 (unsigned long)time_second); 225 uhp->uh_type = 0; 226 strlcpy(uhp->uh_ustar, TAR_USTAR, sizeof(uhp->uh_ustar)); 227 ustar_checksum(uhp); 228 } 229 230 /* 231 * textdump_writeblock() writes TEXTDUMP_BLOCKSIZE-sized blocks of data to 232 * the space between di->mediaoffset and di->mediaoffset + di->mediasize. It 233 * accepts an offset relative to di->mediaoffset. If we're carrying any 234 * error from previous I/O, return that error and don't continue to try to 235 * write. Most writers ignore the error and forge ahead on the basis that 236 * there's not much you can do. 237 */ 238 static int 239 textdump_writeblock(struct dumperinfo *di, off_t offset, char *buffer) 240 { 241 242 if (textdump_error) 243 return (textdump_error); 244 if (offset + TEXTDUMP_BLOCKSIZE > di->mediasize) 245 return (EIO); 246 if (offset < SIZEOF_METADATA) 247 return (ENOSPC); 248 textdump_error = dump_write(di, buffer, 0, offset + di->mediaoffset, 249 TEXTDUMP_BLOCKSIZE); 250 if (textdump_error) 251 printf("textdump_writeblock: offset %jd, error %d\n", (intmax_t)offset, 252 textdump_error); 253 return (textdump_error); 254 } 255 256 /* 257 * Interfaces to save and restore the dump offset, so that printers can go 258 * back to rewrite a header if required, while avoiding their knowing about 259 * the global layout of the blocks. 260 * 261 * If we ever want to support writing textdumps to tape or other 262 * stream-oriented target, we'll need to remove this. 263 */ 264 void 265 textdump_saveoff(off_t *offsetp) 266 { 267 268 *offsetp = textdump_offset; 269 } 270 271 void 272 textdump_restoreoff(off_t offset) 273 { 274 275 textdump_offset = offset; 276 } 277 278 /* 279 * Interface to write the "next block" relative to the current offset; since 280 * we write backwards from the end of the partition, we subtract, but there's 281 * no reason for the caller to know this. 282 */ 283 int 284 textdump_writenextblock(struct dumperinfo *di, char *buffer) 285 { 286 int error; 287 288 error = textdump_writeblock(di, textdump_offset, buffer); 289 textdump_offset -= TEXTDUMP_BLOCKSIZE; 290 return (error); 291 } 292 293 #ifdef INCLUDE_CONFIG_FILE 294 extern char kernconfstring[]; 295 296 /* 297 * Dump kernel configuration. 298 */ 299 static void 300 textdump_dump_config(struct dumperinfo *di) 301 { 302 u_int count, fullblocks, len; 303 304 len = strlen(kernconfstring); 305 textdump_mkustar(textdump_block_buffer, TAR_CONFIG_FILENAME, len); 306 (void)textdump_writenextblock(di, textdump_block_buffer); 307 308 /* 309 * Write out all full blocks directly from the string, and handle any 310 * left-over bits by copying it to out to the local buffer and 311 * zero-padding it. 312 */ 313 fullblocks = len / TEXTDUMP_BLOCKSIZE; 314 for (count = 0; count < fullblocks; count++) 315 (void)textdump_writenextblock(di, kernconfstring + count * 316 TEXTDUMP_BLOCKSIZE); 317 if (len % TEXTDUMP_BLOCKSIZE != 0) { 318 bzero(textdump_block_buffer, TEXTDUMP_BLOCKSIZE); 319 bcopy(kernconfstring + count * TEXTDUMP_BLOCKSIZE, 320 textdump_block_buffer, len % TEXTDUMP_BLOCKSIZE); 321 (void)textdump_writenextblock(di, textdump_block_buffer); 322 } 323 } 324 #endif /* INCLUDE_CONFIG_FILE */ 325 326 /* 327 * Dump kernel message buffer. 328 */ 329 static void 330 textdump_dump_msgbuf(struct dumperinfo *di) 331 { 332 off_t end_offset, tarhdr_offset; 333 u_int i, len, offset, seq, total_len; 334 char buf[16]; 335 336 /* 337 * Write out a dummy tar header to advance the offset; we'll rewrite 338 * it later once we know the true size. 339 */ 340 textdump_saveoff(&tarhdr_offset); 341 textdump_mkustar(textdump_block_buffer, TAR_MSGBUF_FILENAME, 0); 342 (void)textdump_writenextblock(di, textdump_block_buffer); 343 344 /* 345 * Copy out the data in small chunks, but don't copy nuls that may be 346 * present if the message buffer has not yet completely filled at 347 * least once. 348 */ 349 total_len = 0; 350 offset = 0; 351 msgbuf_peekbytes(msgbufp, NULL, 0, &seq); 352 while ((len = msgbuf_peekbytes(msgbufp, buf, sizeof(buf), &seq)) > 0) { 353 for (i = 0; i < len; i++) { 354 if (buf[i] == '\0') 355 continue; 356 textdump_block_buffer[offset] = buf[i]; 357 offset++; 358 if (offset != sizeof(textdump_block_buffer)) 359 continue; 360 (void)textdump_writenextblock(di, 361 textdump_block_buffer); 362 total_len += offset; 363 offset = 0; 364 } 365 } 366 total_len += offset; /* Without the zero-padding. */ 367 if (offset != 0) { 368 bzero(textdump_block_buffer + offset, 369 sizeof(textdump_block_buffer) - offset); 370 (void)textdump_writenextblock(di, textdump_block_buffer); 371 } 372 373 /* 374 * Rewrite tar header to reflect how much was actually written. 375 */ 376 textdump_saveoff(&end_offset); 377 textdump_restoreoff(tarhdr_offset); 378 textdump_mkustar(textdump_block_buffer, TAR_MSGBUF_FILENAME, 379 total_len); 380 (void)textdump_writenextblock(di, textdump_block_buffer); 381 textdump_restoreoff(end_offset); 382 } 383 384 static void 385 textdump_dump_panic(struct dumperinfo *di) 386 { 387 u_int len; 388 389 /* 390 * Write out tar header -- we store up to one block of panic message. 391 */ 392 len = min(strlen(panicstr), TEXTDUMP_BLOCKSIZE); 393 textdump_mkustar(textdump_block_buffer, TAR_PANIC_FILENAME, len); 394 (void)textdump_writenextblock(di, textdump_block_buffer); 395 396 /* 397 * Zero-pad the panic string and write out block. 398 */ 399 bzero(textdump_block_buffer, sizeof(textdump_block_buffer)); 400 bcopy(panicstr, textdump_block_buffer, len); 401 (void)textdump_writenextblock(di, textdump_block_buffer); 402 } 403 404 static void 405 textdump_dump_version(struct dumperinfo *di) 406 { 407 u_int len; 408 409 /* 410 * Write out tar header -- at most one block of version information. 411 */ 412 len = min(strlen(version), TEXTDUMP_BLOCKSIZE); 413 textdump_mkustar(textdump_block_buffer, TAR_VERSION_FILENAME, len); 414 (void)textdump_writenextblock(di, textdump_block_buffer); 415 416 /* 417 * Zero pad the version string and write out block. 418 */ 419 bzero(textdump_block_buffer, sizeof(textdump_block_buffer)); 420 bcopy(version, textdump_block_buffer, len); 421 (void)textdump_writenextblock(di, textdump_block_buffer); 422 } 423 424 /* 425 * Commit text dump to disk. 426 */ 427 void 428 textdump_dumpsys(struct dumperinfo *di) 429 { 430 struct kerneldumpcrypto *kdc; 431 off_t dumplen, trailer_offset; 432 433 if (di->blocksize != TEXTDUMP_BLOCKSIZE) { 434 printf("Dump partition block size (%ju) not textdump " 435 "block size (%ju)", (uintmax_t)di->blocksize, 436 (uintmax_t)TEXTDUMP_BLOCKSIZE); 437 return; 438 } 439 440 /* 441 * We don't know a priori how large the dump will be, but we do know 442 * that we need to reserve space for metadata and that we need two 443 * dump headers. Also leave room for one ustar header and one block 444 * of data. 445 */ 446 if (di->mediasize < SIZEOF_METADATA + 2 * sizeof(kdh)) { 447 printf("Insufficient space on dump partition for minimal textdump.\n"); 448 return; 449 } 450 textdump_error = 0; 451 452 /* 453 * Disable EKCD because we don't provide encrypted textdumps. 454 */ 455 kdc = di->kdc; 456 di->kdc = NULL; 457 458 /* 459 * Position the start of the dump so that we'll write the kernel dump 460 * trailer immediately before the end of the partition, and then work 461 * our way back. We will rewrite this header later to reflect the 462 * true size if things go well. 463 */ 464 textdump_offset = di->mediasize - sizeof(kdh); 465 textdump_saveoff(&trailer_offset); 466 mkdumpheader(&kdh, TEXTDUMPMAGIC, KERNELDUMP_TEXT_VERSION, 0, 0, 467 TEXTDUMP_BLOCKSIZE); 468 (void)textdump_writenextblock(di, (char *)&kdh); 469 470 /* 471 * Write a series of files in ustar format. 472 */ 473 if (textdump_do_ddb) 474 db_capture_dump(di); 475 #ifdef INCLUDE_CONFIG_FILE 476 if (textdump_do_config) 477 textdump_dump_config(di); 478 #endif 479 if (textdump_do_msgbuf) 480 textdump_dump_msgbuf(di); 481 if (textdump_do_panic && panicstr != NULL) 482 textdump_dump_panic(di); 483 if (textdump_do_version) 484 textdump_dump_version(di); 485 486 /* 487 * Now that we know the true size, we can write out the header, then 488 * seek back to the end and rewrite the trailer with the correct 489 * size. 490 */ 491 dumplen = trailer_offset - (textdump_offset + TEXTDUMP_BLOCKSIZE); 492 mkdumpheader(&kdh, TEXTDUMPMAGIC, KERNELDUMP_TEXT_VERSION, dumplen, 0, 493 TEXTDUMP_BLOCKSIZE); 494 (void)textdump_writenextblock(di, (char *)&kdh); 495 textdump_restoreoff(trailer_offset); 496 (void)textdump_writenextblock(di, (char *)&kdh); 497 498 /* 499 * Terminate the dump, report any errors, and clear the pending flag. 500 */ 501 if (textdump_error == 0) 502 (void)dump_write(di, NULL, 0, 0, 0); 503 if (textdump_error == ENOSPC) 504 printf("Textdump: Insufficient space on dump partition\n"); 505 else if (textdump_error != 0) 506 printf("Textdump: Error %d writing dump\n", textdump_error); 507 else 508 printf("Textdump complete.\n"); 509 textdump_pending = 0; 510 511 /* 512 * Restore EKCD status. 513 */ 514 di->kdc = kdc; 515 } 516 517 /*- 518 * DDB(4) command to manage textdumps: 519 * 520 * textdump set - request a textdump 521 * textdump status - print DDB output textdump status 522 * textdump unset - clear textdump request 523 */ 524 static void 525 db_textdump_usage(void) 526 { 527 528 db_printf("textdump [unset|set|status|dump]\n"); 529 } 530 531 void 532 db_textdump_cmd(db_expr_t addr, bool have_addr, db_expr_t count, char *modif) 533 { 534 int t; 535 536 t = db_read_token(); 537 if (t != tIDENT) { 538 db_textdump_usage(); 539 return; 540 } 541 if (db_read_token() != tEOL) { 542 db_textdump_usage(); 543 return; 544 } 545 if (strcmp(db_tok_string, "set") == 0) { 546 textdump_pending = 1; 547 db_printf("textdump set\n"); 548 } else if (strcmp(db_tok_string, "status") == 0) { 549 if (textdump_pending) 550 db_printf("textdump is set\n"); 551 else 552 db_printf("textdump is not set\n"); 553 } else if (strcmp(db_tok_string, "unset") == 0) { 554 textdump_pending = 0; 555 db_printf("textdump unset\n"); 556 } else if (strcmp(db_tok_string, "dump") == 0) { 557 textdump_pending = 1; 558 doadump(true); 559 } else { 560 db_textdump_usage(); 561 } 562 } 563