1ad4240feSJulian Elischer /*- 2ad4240feSJulian Elischer * Copyright (c) 1986, 1988, 1991, 1993 3ad4240feSJulian Elischer * The Regents of the University of California. All rights reserved. 4ad4240feSJulian Elischer * (c) UNIX System Laboratories, Inc. 5ad4240feSJulian Elischer * All or some portions of this file are derived from material licensed 6ad4240feSJulian Elischer * to the University of California by American Telephone and Telegraph 7ad4240feSJulian Elischer * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8ad4240feSJulian Elischer * the permission of UNIX System Laboratories, Inc. 9ad4240feSJulian Elischer * 10ad4240feSJulian Elischer * Redistribution and use in source and binary forms, with or without 11ad4240feSJulian Elischer * modification, are permitted provided that the following conditions 12ad4240feSJulian Elischer * are met: 13ad4240feSJulian Elischer * 1. Redistributions of source code must retain the above copyright 14ad4240feSJulian Elischer * notice, this list of conditions and the following disclaimer. 15ad4240feSJulian Elischer * 2. Redistributions in binary form must reproduce the above copyright 16ad4240feSJulian Elischer * notice, this list of conditions and the following disclaimer in the 17ad4240feSJulian Elischer * documentation and/or other materials provided with the distribution. 1869a28758SEd Maste * 3. Neither the name of the University nor the names of its contributors 19ad4240feSJulian Elischer * may be used to endorse or promote products derived from this software 20ad4240feSJulian Elischer * without specific prior written permission. 21ad4240feSJulian Elischer * 22ad4240feSJulian Elischer * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23ad4240feSJulian Elischer * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24ad4240feSJulian Elischer * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25ad4240feSJulian Elischer * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26ad4240feSJulian Elischer * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27ad4240feSJulian Elischer * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28ad4240feSJulian Elischer * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29ad4240feSJulian Elischer * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30ad4240feSJulian Elischer * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31ad4240feSJulian Elischer * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32ad4240feSJulian Elischer * SUCH DAMAGE. 33ad4240feSJulian Elischer * 34ad4240feSJulian Elischer * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 35ad4240feSJulian Elischer */ 36ad4240feSJulian Elischer 37677b542eSDavid E. O'Brien #include <sys/cdefs.h> 38677b542eSDavid E. O'Brien __FBSDID("$FreeBSD$"); 39677b542eSDavid E. O'Brien 40618c7db3SRobert Watson #include "opt_ddb.h" 41480f31c2SKonrad Witaszczyk #include "opt_ekcd.h" 422d50560aSMarcel Moolenaar #include "opt_kdb.h" 436d58e6cbSBruce Evans #include "opt_panic.h" 449923b511SScott Long #include "opt_sched.h" 452be767e0SAttilio Rao #include "opt_watchdog.h" 46ad4240feSJulian Elischer 47ad4240feSJulian Elischer #include <sys/param.h> 48ad4240feSJulian Elischer #include <sys/systm.h> 499626b608SPoul-Henning Kamp #include <sys/bio.h> 50fc8f7066SBruce Evans #include <sys/buf.h> 511d79f1bbSJohn Baldwin #include <sys/conf.h> 521d79f1bbSJohn Baldwin #include <sys/cons.h> 531d79f1bbSJohn Baldwin #include <sys/eventhandler.h> 540d3d0cc3SEdward Tomasz Napierala #include <sys/filedesc.h> 5576ca6f88SJamie Gritton #include <sys/jail.h> 562d50560aSMarcel Moolenaar #include <sys/kdb.h> 57ad4240feSJulian Elischer #include <sys/kernel.h> 58e6592ee5SPeter Wemm #include <sys/kerneldump.h> 595e950839SLuoqi Chen #include <sys/kthread.h> 603945a964SAlfred Perlstein #include <sys/ktr.h> 61dcd7d9b7SMaxim Sobolev #include <sys/malloc.h> 62ac0ad63fSBruce Evans #include <sys/mount.h> 63acd3428bSRobert Watson #include <sys/priv.h> 641d79f1bbSJohn Baldwin #include <sys/proc.h> 651d79f1bbSJohn Baldwin #include <sys/reboot.h> 661d79f1bbSJohn Baldwin #include <sys/resourcevar.h> 6789f6b863SAttilio Rao #include <sys/rwlock.h> 6820e25d7dSPeter Wemm #include <sys/sched.h> 69248bb937SAttilio Rao #include <sys/smp.h> 70ad4240feSJulian Elischer #include <sys/sysctl.h> 71ad4240feSJulian Elischer #include <sys/sysproto.h> 72fa2b39a1SAttilio Rao #include <sys/vnode.h> 732be767e0SAttilio Rao #include <sys/watchdog.h> 74ad4240feSJulian Elischer 75480f31c2SKonrad Witaszczyk #include <crypto/rijndael/rijndael-api-fst.h> 76480f31c2SKonrad Witaszczyk #include <crypto/sha2/sha256.h> 77480f31c2SKonrad Witaszczyk 78618c7db3SRobert Watson #include <ddb/ddb.h> 79618c7db3SRobert Watson 8026502503SMarcel Moolenaar #include <machine/cpu.h> 81bdb9ab0dSMark Johnston #include <machine/dump.h> 82d39e457bSPoul-Henning Kamp #include <machine/pcb.h> 83752dff3dSJake Burkholder #include <machine/smp.h> 84ad4240feSJulian Elischer 85aed55708SRobert Watson #include <security/mac/mac_framework.h> 86aed55708SRobert Watson 870909f38aSPawel Jakub Dawidek #include <vm/vm.h> 880909f38aSPawel Jakub Dawidek #include <vm/vm_object.h> 890909f38aSPawel Jakub Dawidek #include <vm/vm_page.h> 900909f38aSPawel Jakub Dawidek #include <vm/vm_pager.h> 910909f38aSPawel Jakub Dawidek #include <vm/swap_pager.h> 920909f38aSPawel Jakub Dawidek 93ad4240feSJulian Elischer #include <sys/signalvar.h> 94ad4240feSJulian Elischer 955dc5dab6SConrad Meyer static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); 965dc5dab6SConrad Meyer 97ad4240feSJulian Elischer #ifndef PANIC_REBOOT_WAIT_TIME 98ad4240feSJulian Elischer #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 99ad4240feSJulian Elischer #endif 1003b251028SColin Percival static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 101af3b2549SHans Petter Selasky SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 1021cdbb9edSColin Percival &panic_reboot_wait_time, 0, 1031cdbb9edSColin Percival "Seconds to wait before rebooting after a panic"); 104ad4240feSJulian Elischer 105ad4240feSJulian Elischer /* 106ad4240feSJulian Elischer * Note that stdarg.h and the ANSI style va_start macro is used for both 107ad4240feSJulian Elischer * ANSI and traditional C compilers. 108ad4240feSJulian Elischer */ 109ad4240feSJulian Elischer #include <machine/stdarg.h> 110ad4240feSJulian Elischer 1112d50560aSMarcel Moolenaar #ifdef KDB 1122d50560aSMarcel Moolenaar #ifdef KDB_UNATTENDED 1139959b1a8SMike Smith int debugger_on_panic = 0; 114ad4240feSJulian Elischer #else 1159959b1a8SMike Smith int debugger_on_panic = 1; 116ad4240feSJulian Elischer #endif 1173d7618d8SDavid E. O'Brien SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 118af3b2549SHans Petter Selasky CTLFLAG_RWTUN | CTLFLAG_SECURE, 1191c5151f3SDavid E. O'Brien &debugger_on_panic, 0, "Run debugger on kernel panic"); 120e485b64bSJohn Baldwin 1212d50560aSMarcel Moolenaar #ifdef KDB_TRACE 12208a9c205SAndriy Gapon static int trace_on_panic = 1; 123e485b64bSJohn Baldwin #else 12408a9c205SAndriy Gapon static int trace_on_panic = 0; 125e485b64bSJohn Baldwin #endif 1263d7618d8SDavid E. O'Brien SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 127af3b2549SHans Petter Selasky CTLFLAG_RWTUN | CTLFLAG_SECURE, 1281c5151f3SDavid E. O'Brien &trace_on_panic, 0, "Print stack trace on kernel panic"); 1292d50560aSMarcel Moolenaar #endif /* KDB */ 130ad4240feSJulian Elischer 13108a9c205SAndriy Gapon static int sync_on_panic = 0; 132af3b2549SHans Petter Selasky SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 133259ed917SPeter Wemm &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 134259ed917SPeter Wemm 1356472ac3dSEd Schouten static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 1366472ac3dSEd Schouten "Shutdown environment"); 137db82a982SMike Smith 138fa2b39a1SAttilio Rao #ifndef DIAGNOSTIC 139fa2b39a1SAttilio Rao static int show_busybufs; 140fa2b39a1SAttilio Rao #else 141fa2b39a1SAttilio Rao static int show_busybufs = 1; 142fa2b39a1SAttilio Rao #endif 143fa2b39a1SAttilio Rao SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 144fa2b39a1SAttilio Rao &show_busybufs, 0, ""); 145fa2b39a1SAttilio Rao 1462eb0015aSColin Percival int suspend_blocked = 0; 1472eb0015aSColin Percival SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 1482eb0015aSColin Percival &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 1492eb0015aSColin Percival 150480f31c2SKonrad Witaszczyk #ifdef EKCD 151480f31c2SKonrad Witaszczyk FEATURE(ekcd, "Encrypted kernel crash dumps support"); 152480f31c2SKonrad Witaszczyk 153480f31c2SKonrad Witaszczyk MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); 154480f31c2SKonrad Witaszczyk 155480f31c2SKonrad Witaszczyk struct kerneldumpcrypto { 156480f31c2SKonrad Witaszczyk uint8_t kdc_encryption; 157480f31c2SKonrad Witaszczyk uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; 158480f31c2SKonrad Witaszczyk keyInstance kdc_ki; 159480f31c2SKonrad Witaszczyk cipherInstance kdc_ci; 160480f31c2SKonrad Witaszczyk off_t kdc_nextoffset; 161480f31c2SKonrad Witaszczyk uint32_t kdc_dumpkeysize; 162480f31c2SKonrad Witaszczyk struct kerneldumpkey kdc_dumpkey[]; 163480f31c2SKonrad Witaszczyk }; 164480f31c2SKonrad Witaszczyk #endif 165480f31c2SKonrad Witaszczyk 1665230cfd2SJulian Elischer /* 167ad4240feSJulian Elischer * Variable panicstr contains argument to first call to panic; used as flag 168ad4240feSJulian Elischer * to indicate that the kernel has already called panic. 169ad4240feSJulian Elischer */ 170ad4240feSJulian Elischer const char *panicstr; 171ad4240feSJulian Elischer 17216a011f9SPaul Saab int dumping; /* system is dumping */ 17336a52c3cSJeff Roberson int rebooting; /* system is rebooting */ 17481661c94SPoul-Henning Kamp static struct dumperinfo dumper; /* our selected dumper */ 1752d50560aSMarcel Moolenaar 1762d50560aSMarcel Moolenaar /* Context information for dump-debuggers. */ 1772d50560aSMarcel Moolenaar static struct pcb dumppcb; /* Registers. */ 178ac6e25ecSHartmut Brandt lwpid_t dumptid; /* Thread ID. */ 17916a011f9SPaul Saab 1800d3d0cc3SEdward Tomasz Napierala static struct cdevsw reroot_cdevsw = { 1810d3d0cc3SEdward Tomasz Napierala .d_version = D_VERSION, 1820d3d0cc3SEdward Tomasz Napierala .d_name = "reroot", 1830d3d0cc3SEdward Tomasz Napierala }; 1840d3d0cc3SEdward Tomasz Napierala 18582acbcf5SPeter Wemm static void poweroff_wait(void *, int); 18682acbcf5SPeter Wemm static void shutdown_halt(void *junk, int howto); 18782acbcf5SPeter Wemm static void shutdown_panic(void *junk, int howto); 18882acbcf5SPeter Wemm static void shutdown_reset(void *junk, int howto); 1890d3d0cc3SEdward Tomasz Napierala static int kern_reroot(void); 190f06a54f0SPoul-Henning Kamp 191fcb893a8SMike Smith /* register various local shutdown events */ 192fcb893a8SMike Smith static void 193fcb893a8SMike Smith shutdown_conf(void *unused) 194fcb893a8SMike Smith { 195e95499bdSAlfred Perlstein 196e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 197fd104c15SRebecca Cran SHUTDOWN_PRI_FIRST); 198e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 199e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 100); 200e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 201e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 100); 202e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 203e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 200); 204fcb893a8SMike Smith } 205ad4240feSJulian Elischer 206237fdd78SRobert Watson SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 207fcb893a8SMike Smith 208ad4240feSJulian Elischer /* 2090d3d0cc3SEdward Tomasz Napierala * The only reason this exists is to create the /dev/reroot/ directory, 2100d3d0cc3SEdward Tomasz Napierala * used by reroot code in init(8) as a mountpoint for tmpfs. 2110d3d0cc3SEdward Tomasz Napierala */ 2120d3d0cc3SEdward Tomasz Napierala static void 2130d3d0cc3SEdward Tomasz Napierala reroot_conf(void *unused) 2140d3d0cc3SEdward Tomasz Napierala { 2150d3d0cc3SEdward Tomasz Napierala int error; 2160d3d0cc3SEdward Tomasz Napierala struct cdev *cdev; 2170d3d0cc3SEdward Tomasz Napierala 2180d3d0cc3SEdward Tomasz Napierala error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 2190d3d0cc3SEdward Tomasz Napierala &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 2200d3d0cc3SEdward Tomasz Napierala if (error != 0) { 2210d3d0cc3SEdward Tomasz Napierala printf("%s: failed to create device node, error %d", 2220d3d0cc3SEdward Tomasz Napierala __func__, error); 2230d3d0cc3SEdward Tomasz Napierala } 2240d3d0cc3SEdward Tomasz Napierala } 2250d3d0cc3SEdward Tomasz Napierala 2260d3d0cc3SEdward Tomasz Napierala SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 2270d3d0cc3SEdward Tomasz Napierala 2280d3d0cc3SEdward Tomasz Napierala /* 2290c14ff0eSRobert Watson * The system call that results in a reboot. 230ad4240feSJulian Elischer */ 231835a82eeSMatthew Dillon /* ARGSUSED */ 232ad4240feSJulian Elischer int 2338451d0ddSKip Macy sys_reboot(struct thread *td, struct reboot_args *uap) 234ad4240feSJulian Elischer { 235ad4240feSJulian Elischer int error; 236ad4240feSJulian Elischer 237a2ecb9b7SRobert Watson error = 0; 238a2ecb9b7SRobert Watson #ifdef MAC 23930d239bcSRobert Watson error = mac_system_check_reboot(td->td_ucred, uap->opt); 240a2ecb9b7SRobert Watson #endif 241a2ecb9b7SRobert Watson if (error == 0) 242acd3428bSRobert Watson error = priv_check(td, PRIV_REBOOT); 243a2ecb9b7SRobert Watson if (error == 0) { 2440d3d0cc3SEdward Tomasz Napierala if (uap->opt & RB_REROOT) { 2450d3d0cc3SEdward Tomasz Napierala error = kern_reroot(); 2460d3d0cc3SEdward Tomasz Napierala } else { 247835a82eeSMatthew Dillon mtx_lock(&Giant); 24876e18b25SMarcel Moolenaar kern_reboot(uap->opt); 249835a82eeSMatthew Dillon mtx_unlock(&Giant); 250a2ecb9b7SRobert Watson } 2510d3d0cc3SEdward Tomasz Napierala } 252835a82eeSMatthew Dillon return (error); 253ad4240feSJulian Elischer } 254ad4240feSJulian Elischer 255ad4240feSJulian Elischer /* 256ad4240feSJulian Elischer * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 257ad4240feSJulian Elischer */ 258ad4240feSJulian Elischer void 2593e755f76SMike Smith shutdown_nice(int howto) 260ad4240feSJulian Elischer { 261e95499bdSAlfred Perlstein 262ad4240feSJulian Elischer if (initproc != NULL) { 263912d5937SEd Schouten /* Send a signal to init(8) and have it shutdown the world. */ 26487729a2bSJohn Baldwin PROC_LOCK(initproc); 265912d5937SEd Schouten if (howto & RB_POWEROFF) 266912d5937SEd Schouten kern_psignal(initproc, SIGUSR2); 267912d5937SEd Schouten else if (howto & RB_HALT) 268912d5937SEd Schouten kern_psignal(initproc, SIGUSR1); 269912d5937SEd Schouten else 2708451d0ddSKip Macy kern_psignal(initproc, SIGINT); 27187729a2bSJohn Baldwin PROC_UNLOCK(initproc); 272ad4240feSJulian Elischer } else { 273912d5937SEd Schouten /* No init(8) running, so simply reboot. */ 2748f5b107bSEd Schouten kern_reboot(howto | RB_NOSYNC); 275ad4240feSJulian Elischer } 276ad4240feSJulian Elischer } 277ad4240feSJulian Elischer 27872dfe7a3SPoul-Henning Kamp static void 27982acbcf5SPeter Wemm print_uptime(void) 28072dfe7a3SPoul-Henning Kamp { 28172dfe7a3SPoul-Henning Kamp int f; 28272dfe7a3SPoul-Henning Kamp struct timespec ts; 28372dfe7a3SPoul-Henning Kamp 28472dfe7a3SPoul-Henning Kamp getnanouptime(&ts); 28572dfe7a3SPoul-Henning Kamp printf("Uptime: "); 28672dfe7a3SPoul-Henning Kamp f = 0; 28772dfe7a3SPoul-Henning Kamp if (ts.tv_sec >= 86400) { 2884a6404dfSJohn Baldwin printf("%ldd", (long)ts.tv_sec / 86400); 28972dfe7a3SPoul-Henning Kamp ts.tv_sec %= 86400; 29072dfe7a3SPoul-Henning Kamp f = 1; 29172dfe7a3SPoul-Henning Kamp } 29272dfe7a3SPoul-Henning Kamp if (f || ts.tv_sec >= 3600) { 2934a6404dfSJohn Baldwin printf("%ldh", (long)ts.tv_sec / 3600); 29472dfe7a3SPoul-Henning Kamp ts.tv_sec %= 3600; 29572dfe7a3SPoul-Henning Kamp f = 1; 29672dfe7a3SPoul-Henning Kamp } 29772dfe7a3SPoul-Henning Kamp if (f || ts.tv_sec >= 60) { 2984a6404dfSJohn Baldwin printf("%ldm", (long)ts.tv_sec / 60); 29972dfe7a3SPoul-Henning Kamp ts.tv_sec %= 60; 30072dfe7a3SPoul-Henning Kamp f = 1; 30172dfe7a3SPoul-Henning Kamp } 3024a6404dfSJohn Baldwin printf("%lds\n", (long)ts.tv_sec); 30372dfe7a3SPoul-Henning Kamp } 30472dfe7a3SPoul-Henning Kamp 305299cceefSMarcel Moolenaar int 306299cceefSMarcel Moolenaar doadump(boolean_t textdump) 307d39e457bSPoul-Henning Kamp { 308299cceefSMarcel Moolenaar boolean_t coredump; 309f6b4f5caSGavin Atkinson int error; 310e95499bdSAlfred Perlstein 311f6b4f5caSGavin Atkinson error = 0; 312299cceefSMarcel Moolenaar if (dumping) 313299cceefSMarcel Moolenaar return (EBUSY); 314299cceefSMarcel Moolenaar if (dumper.dumper == NULL) 315299cceefSMarcel Moolenaar return (ENXIO); 316f6449d9dSJulian Elischer 317d39e457bSPoul-Henning Kamp savectx(&dumppcb); 3182d50560aSMarcel Moolenaar dumptid = curthread->td_tid; 319d39e457bSPoul-Henning Kamp dumping++; 320299cceefSMarcel Moolenaar 321299cceefSMarcel Moolenaar coredump = TRUE; 322618c7db3SRobert Watson #ifdef DDB 323299cceefSMarcel Moolenaar if (textdump && textdump_pending) { 324299cceefSMarcel Moolenaar coredump = FALSE; 325618c7db3SRobert Watson textdump_dumpsys(&dumper); 326299cceefSMarcel Moolenaar } 327618c7db3SRobert Watson #endif 328299cceefSMarcel Moolenaar if (coredump) 329f6b4f5caSGavin Atkinson error = dumpsys(&dumper); 330299cceefSMarcel Moolenaar 3319e473363SRuslan Ermilov dumping--; 332f6b4f5caSGavin Atkinson return (error); 333d39e457bSPoul-Henning Kamp } 334d39e457bSPoul-Henning Kamp 335ad4240feSJulian Elischer /* 33670ce93f4SNate Lawson * Shutdown the system cleanly to prepare for reboot, halt, or power off. 337ad4240feSJulian Elischer */ 33876e18b25SMarcel Moolenaar void 33976e18b25SMarcel Moolenaar kern_reboot(int howto) 340ad4240feSJulian Elischer { 34198082691SJeff Roberson static int once = 0; 342ad4240feSJulian Elischer 343f7ebc7ceSMarcel Moolenaar #if defined(SMP) 34470ce93f4SNate Lawson /* 34570ce93f4SNate Lawson * Bind us to CPU 0 so that all shutdown code runs there. Some 34670ce93f4SNate Lawson * systems don't shutdown properly (i.e., ACPI power off) if we 34770ce93f4SNate Lawson * run on another processor. 34870ce93f4SNate Lawson */ 34935370593SAndriy Gapon if (!SCHEDULER_STOPPED()) { 350982d11f8SJeff Roberson thread_lock(curthread); 35120e25d7dSPeter Wemm sched_bind(curthread, 0); 352982d11f8SJeff Roberson thread_unlock(curthread); 35335370593SAndriy Gapon KASSERT(PCPU_GET(cpuid) == 0, ("boot: not running on cpu 0")); 35435370593SAndriy Gapon } 35520e25d7dSPeter Wemm #endif 35636a52c3cSJeff Roberson /* We're in the process of rebooting. */ 35736a52c3cSJeff Roberson rebooting = 1; 35820e25d7dSPeter Wemm 35961e96500SJohn Baldwin /* We are out of the debugger now. */ 3602d50560aSMarcel Moolenaar kdb_active = 0; 36161e96500SJohn Baldwin 3625230cfd2SJulian Elischer /* 3635230cfd2SJulian Elischer * Do any callouts that should be done BEFORE syncing the filesystems. 3645230cfd2SJulian Elischer */ 365fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 3665230cfd2SJulian Elischer 3675230cfd2SJulian Elischer /* 3685230cfd2SJulian Elischer * Now sync filesystems 3695230cfd2SJulian Elischer */ 37098082691SJeff Roberson if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 37198082691SJeff Roberson once = 1; 37298082691SJeff Roberson bufshutdown(show_busybufs); 373ad4240feSJulian Elischer } 3745230cfd2SJulian Elischer 37572dfe7a3SPoul-Henning Kamp print_uptime(); 37672dfe7a3SPoul-Henning Kamp 377bf8696b4SAndriy Gapon cngrab(); 378bf8696b4SAndriy Gapon 3795230cfd2SJulian Elischer /* 3805230cfd2SJulian Elischer * Ok, now do things that assume all filesystem activity has 3815230cfd2SJulian Elischer * been completed. 3825230cfd2SJulian Elischer */ 383fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 38470ce93f4SNate Lawson 385f6449d9dSJulian Elischer if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 386299cceefSMarcel Moolenaar doadump(TRUE); 3872cfa0a03SJustin T. Gibbs 3882cfa0a03SJustin T. Gibbs /* Now that we're going to really halt the system... */ 389fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_final, howto); 3902cfa0a03SJustin T. Gibbs 391fcb893a8SMike Smith for(;;) ; /* safety against shutdown_reset not working */ 392fcb893a8SMike Smith /* NOTREACHED */ 393fcb893a8SMike Smith } 394fcb893a8SMike Smith 395fcb893a8SMike Smith /* 3960d3d0cc3SEdward Tomasz Napierala * The system call that results in changing the rootfs. 3970d3d0cc3SEdward Tomasz Napierala */ 3980d3d0cc3SEdward Tomasz Napierala static int 3990d3d0cc3SEdward Tomasz Napierala kern_reroot(void) 4000d3d0cc3SEdward Tomasz Napierala { 4010d3d0cc3SEdward Tomasz Napierala struct vnode *oldrootvnode, *vp; 4020d3d0cc3SEdward Tomasz Napierala struct mount *mp, *devmp; 4030d3d0cc3SEdward Tomasz Napierala int error; 4040d3d0cc3SEdward Tomasz Napierala 4050d3d0cc3SEdward Tomasz Napierala if (curproc != initproc) 4060d3d0cc3SEdward Tomasz Napierala return (EPERM); 4070d3d0cc3SEdward Tomasz Napierala 4080d3d0cc3SEdward Tomasz Napierala /* 4090d3d0cc3SEdward Tomasz Napierala * Mark the filesystem containing currently-running executable 4100d3d0cc3SEdward Tomasz Napierala * (the temporary copy of init(8)) busy. 4110d3d0cc3SEdward Tomasz Napierala */ 4120d3d0cc3SEdward Tomasz Napierala vp = curproc->p_textvp; 4130d3d0cc3SEdward Tomasz Napierala error = vn_lock(vp, LK_SHARED); 4140d3d0cc3SEdward Tomasz Napierala if (error != 0) 4150d3d0cc3SEdward Tomasz Napierala return (error); 4160d3d0cc3SEdward Tomasz Napierala mp = vp->v_mount; 4170d3d0cc3SEdward Tomasz Napierala error = vfs_busy(mp, MBF_NOWAIT); 4180d3d0cc3SEdward Tomasz Napierala if (error != 0) { 4190d3d0cc3SEdward Tomasz Napierala vfs_ref(mp); 4200d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 4210d3d0cc3SEdward Tomasz Napierala error = vfs_busy(mp, 0); 4220d3d0cc3SEdward Tomasz Napierala vn_lock(vp, LK_SHARED | LK_RETRY); 4230d3d0cc3SEdward Tomasz Napierala vfs_rel(mp); 4240d3d0cc3SEdward Tomasz Napierala if (error != 0) { 4250d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 4260d3d0cc3SEdward Tomasz Napierala return (ENOENT); 4270d3d0cc3SEdward Tomasz Napierala } 4280d3d0cc3SEdward Tomasz Napierala if (vp->v_iflag & VI_DOOMED) { 4290d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 4300d3d0cc3SEdward Tomasz Napierala vfs_unbusy(mp); 4310d3d0cc3SEdward Tomasz Napierala return (ENOENT); 4320d3d0cc3SEdward Tomasz Napierala } 4330d3d0cc3SEdward Tomasz Napierala } 4340d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 4350d3d0cc3SEdward Tomasz Napierala 4360d3d0cc3SEdward Tomasz Napierala /* 4370d3d0cc3SEdward Tomasz Napierala * Remove the filesystem containing currently-running executable 4380d3d0cc3SEdward Tomasz Napierala * from the mount list, to prevent it from being unmounted 4390d3d0cc3SEdward Tomasz Napierala * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 4400d3d0cc3SEdward Tomasz Napierala * 4410d3d0cc3SEdward Tomasz Napierala * Also preserve /dev - forcibly unmounting it could cause driver 4420d3d0cc3SEdward Tomasz Napierala * reinitialization. 4430d3d0cc3SEdward Tomasz Napierala */ 4440d3d0cc3SEdward Tomasz Napierala 4450d3d0cc3SEdward Tomasz Napierala vfs_ref(rootdevmp); 4460d3d0cc3SEdward Tomasz Napierala devmp = rootdevmp; 4470d3d0cc3SEdward Tomasz Napierala rootdevmp = NULL; 4480d3d0cc3SEdward Tomasz Napierala 4490d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 4500d3d0cc3SEdward Tomasz Napierala TAILQ_REMOVE(&mountlist, mp, mnt_list); 4510d3d0cc3SEdward Tomasz Napierala TAILQ_REMOVE(&mountlist, devmp, mnt_list); 4520d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 4530d3d0cc3SEdward Tomasz Napierala 4540d3d0cc3SEdward Tomasz Napierala oldrootvnode = rootvnode; 4550d3d0cc3SEdward Tomasz Napierala 4560d3d0cc3SEdward Tomasz Napierala /* 4570d3d0cc3SEdward Tomasz Napierala * Unmount everything except for the two filesystems preserved above. 4580d3d0cc3SEdward Tomasz Napierala */ 4590d3d0cc3SEdward Tomasz Napierala vfs_unmountall(); 4600d3d0cc3SEdward Tomasz Napierala 4610d3d0cc3SEdward Tomasz Napierala /* 4620d3d0cc3SEdward Tomasz Napierala * Add /dev back; vfs_mountroot() will move it into its new place. 4630d3d0cc3SEdward Tomasz Napierala */ 4640d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 4650d3d0cc3SEdward Tomasz Napierala TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 4660d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 4670d3d0cc3SEdward Tomasz Napierala rootdevmp = devmp; 4680d3d0cc3SEdward Tomasz Napierala vfs_rel(rootdevmp); 4690d3d0cc3SEdward Tomasz Napierala 4700d3d0cc3SEdward Tomasz Napierala /* 4710d3d0cc3SEdward Tomasz Napierala * Mount the new rootfs. 4720d3d0cc3SEdward Tomasz Napierala */ 4730d3d0cc3SEdward Tomasz Napierala vfs_mountroot(); 4740d3d0cc3SEdward Tomasz Napierala 4750d3d0cc3SEdward Tomasz Napierala /* 4760d3d0cc3SEdward Tomasz Napierala * Update all references to the old rootvnode. 4770d3d0cc3SEdward Tomasz Napierala */ 4780d3d0cc3SEdward Tomasz Napierala mountcheckdirs(oldrootvnode, rootvnode); 4790d3d0cc3SEdward Tomasz Napierala 4800d3d0cc3SEdward Tomasz Napierala /* 4810d3d0cc3SEdward Tomasz Napierala * Add the temporary filesystem back and unbusy it. 4820d3d0cc3SEdward Tomasz Napierala */ 4830d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 4840d3d0cc3SEdward Tomasz Napierala TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 4850d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 4860d3d0cc3SEdward Tomasz Napierala vfs_unbusy(mp); 4870d3d0cc3SEdward Tomasz Napierala 4880d3d0cc3SEdward Tomasz Napierala return (0); 4890d3d0cc3SEdward Tomasz Napierala } 4900d3d0cc3SEdward Tomasz Napierala 4910d3d0cc3SEdward Tomasz Napierala /* 492fcb893a8SMike Smith * If the shutdown was a clean halt, behave accordingly. 493fcb893a8SMike Smith */ 494fcb893a8SMike Smith static void 495fcb893a8SMike Smith shutdown_halt(void *junk, int howto) 496fcb893a8SMike Smith { 497e95499bdSAlfred Perlstein 498ad4240feSJulian Elischer if (howto & RB_HALT) { 499ad4240feSJulian Elischer printf("\n"); 500ad4240feSJulian Elischer printf("The operating system has halted.\n"); 501ad4240feSJulian Elischer printf("Please press any key to reboot.\n\n"); 502d13d3630SJulian Elischer switch (cngetc()) { 503d13d3630SJulian Elischer case -1: /* No console, just die */ 504d13d3630SJulian Elischer cpu_halt(); 505d13d3630SJulian Elischer /* NOTREACHED */ 506d13d3630SJulian Elischer default: 5072cfa0a03SJustin T. Gibbs howto &= ~RB_HALT; 508d13d3630SJulian Elischer break; 509d13d3630SJulian Elischer } 510fcb893a8SMike Smith } 511fcb893a8SMike Smith } 512ad4240feSJulian Elischer 513fcb893a8SMike Smith /* 514fcb893a8SMike Smith * Check to see if the system paniced, pause and then reboot 515fcb893a8SMike Smith * according to the specified delay. 516fcb893a8SMike Smith */ 517fcb893a8SMike Smith static void 518fcb893a8SMike Smith shutdown_panic(void *junk, int howto) 519fcb893a8SMike Smith { 520fcb893a8SMike Smith int loop; 521fcb893a8SMike Smith 522fcb893a8SMike Smith if (howto & RB_DUMP) { 5231cdbb9edSColin Percival if (panic_reboot_wait_time != 0) { 5241cdbb9edSColin Percival if (panic_reboot_wait_time != -1) { 5252cfa0a03SJustin T. Gibbs printf("Automatic reboot in %d seconds - " 5262cfa0a03SJustin T. Gibbs "press a key on the console to abort\n", 5271cdbb9edSColin Percival panic_reboot_wait_time); 5281cdbb9edSColin Percival for (loop = panic_reboot_wait_time * 10; 5292cfa0a03SJustin T. Gibbs loop > 0; --loop) { 530ad4240feSJulian Elischer DELAY(1000 * 100); /* 1/10th second */ 531a7f8f2abSBruce Evans /* Did user type a key? */ 532a7f8f2abSBruce Evans if (cncheckc() != -1) 533ad4240feSJulian Elischer break; 534ad4240feSJulian Elischer } 535ad4240feSJulian Elischer if (!loop) 536fcb893a8SMike Smith return; 537ad4240feSJulian Elischer } 538ad4240feSJulian Elischer } else { /* zero time specified - reboot NOW */ 539fcb893a8SMike Smith return; 540ad4240feSJulian Elischer } 541422702e9SNik Clayton printf("--> Press a key on the console to reboot,\n"); 542422702e9SNik Clayton printf("--> or switch off the system now.\n"); 543ad4240feSJulian Elischer cngetc(); 544ad4240feSJulian Elischer } 545fcb893a8SMike Smith } 546fcb893a8SMike Smith 547fcb893a8SMike Smith /* 548fcb893a8SMike Smith * Everything done, now reset 549fcb893a8SMike Smith */ 550fcb893a8SMike Smith static void 551fcb893a8SMike Smith shutdown_reset(void *junk, int howto) 552fcb893a8SMike Smith { 553e95499bdSAlfred Perlstein 554ad4240feSJulian Elischer printf("Rebooting...\n"); 555ad4240feSJulian Elischer DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 556248bb937SAttilio Rao 557248bb937SAttilio Rao /* 558248bb937SAttilio Rao * Acquiring smp_ipi_mtx here has a double effect: 559248bb937SAttilio Rao * - it disables interrupts avoiding CPU0 preemption 560248bb937SAttilio Rao * by fast handlers (thus deadlocking against other CPUs) 561248bb937SAttilio Rao * - it avoids deadlocks against smp_rendezvous() or, more 562248bb937SAttilio Rao * generally, threads busy-waiting, with this spinlock held, 563248bb937SAttilio Rao * and waiting for responses by threads on other CPUs 564248bb937SAttilio Rao * (ie. smp_tlb_shootdown()). 5650a2d5feaSAttilio Rao * 5660a2d5feaSAttilio Rao * For the !SMP case it just needs to handle the former problem. 567248bb937SAttilio Rao */ 5680a2d5feaSAttilio Rao #ifdef SMP 569248bb937SAttilio Rao mtx_lock_spin(&smp_ipi_mtx); 5700a2d5feaSAttilio Rao #else 5710a2d5feaSAttilio Rao spinlock_enter(); 5720a2d5feaSAttilio Rao #endif 573248bb937SAttilio Rao 574269fb9d7SJulian Elischer /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 575ad4240feSJulian Elischer cpu_reset(); 576fcb893a8SMike Smith /* NOTREACHED */ /* assuming reset worked */ 577ad4240feSJulian Elischer } 578ad4240feSJulian Elischer 579a0d20ecbSGleb Smirnoff #if defined(WITNESS) || defined(INVARIANT_SUPPORT) 5803945a964SAlfred Perlstein static int kassert_warn_only = 0; 581a94053baSAlfred Perlstein #ifdef KDB 582a94053baSAlfred Perlstein static int kassert_do_kdb = 0; 583a94053baSAlfred Perlstein #endif 5843945a964SAlfred Perlstein #ifdef KTR 5853945a964SAlfred Perlstein static int kassert_do_ktr = 0; 5863945a964SAlfred Perlstein #endif 5873945a964SAlfred Perlstein static int kassert_do_log = 1; 5883945a964SAlfred Perlstein static int kassert_log_pps_limit = 4; 5893945a964SAlfred Perlstein static int kassert_log_mute_at = 0; 5903945a964SAlfred Perlstein static int kassert_log_panic_at = 0; 5913945a964SAlfred Perlstein static int kassert_warnings = 0; 5923945a964SAlfred Perlstein 5933945a964SAlfred Perlstein SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 5943945a964SAlfred Perlstein 595af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, CTLFLAG_RWTUN, 5963945a964SAlfred Perlstein &kassert_warn_only, 0, 5973945a964SAlfred Perlstein "KASSERT triggers a panic (1) or just a warning (0)"); 5983945a964SAlfred Perlstein 599a94053baSAlfred Perlstein #ifdef KDB 600af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, CTLFLAG_RWTUN, 601a94053baSAlfred Perlstein &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 602a94053baSAlfred Perlstein #endif 603a94053baSAlfred Perlstein 6043945a964SAlfred Perlstein #ifdef KTR 605af3b2549SHans Petter Selasky SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, CTLFLAG_RWTUN, 6063945a964SAlfred Perlstein &kassert_do_ktr, 0, 6073945a964SAlfred Perlstein "KASSERT does a KTR, set this to the KTRMASK you want"); 6083945a964SAlfred Perlstein #endif 6093945a964SAlfred Perlstein 610af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, CTLFLAG_RWTUN, 6113945a964SAlfred Perlstein &kassert_do_log, 0, "KASSERT triggers a panic (1) or just a warning (0)"); 6123945a964SAlfred Perlstein 613af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RWTUN, 6143945a964SAlfred Perlstein &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 6153945a964SAlfred Perlstein 616af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, CTLFLAG_RWTUN, 6173945a964SAlfred Perlstein &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 6183945a964SAlfred Perlstein 619af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, CTLFLAG_RWTUN, 6203945a964SAlfred Perlstein &kassert_log_pps_limit, 0, "limit number of log messages per second"); 6213945a964SAlfred Perlstein 622af3b2549SHans Petter Selasky SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, CTLFLAG_RWTUN, 6233945a964SAlfred Perlstein &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 6243945a964SAlfred Perlstein 6253945a964SAlfred Perlstein static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 6263945a964SAlfred Perlstein 6273945a964SAlfred Perlstein SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 6283945a964SAlfred Perlstein CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 6293945a964SAlfred Perlstein kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 6303945a964SAlfred Perlstein 6313945a964SAlfred Perlstein static int 6323945a964SAlfred Perlstein kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 6333945a964SAlfred Perlstein { 6343945a964SAlfred Perlstein int error, i; 6353945a964SAlfred Perlstein 6363945a964SAlfred Perlstein error = sysctl_wire_old_buffer(req, sizeof(int)); 6373945a964SAlfred Perlstein if (error == 0) { 6383945a964SAlfred Perlstein i = 0; 6393945a964SAlfred Perlstein error = sysctl_handle_int(oidp, &i, 0, req); 6403945a964SAlfred Perlstein } 6413945a964SAlfred Perlstein if (error != 0 || req->newptr == NULL) 6423945a964SAlfred Perlstein return (error); 6433945a964SAlfred Perlstein KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 6443945a964SAlfred Perlstein return (0); 6453945a964SAlfred Perlstein } 6463945a964SAlfred Perlstein 6473945a964SAlfred Perlstein /* 6483945a964SAlfred Perlstein * Called by KASSERT, this decides if we will panic 6493945a964SAlfred Perlstein * or if we will log via printf and/or ktr. 6503945a964SAlfred Perlstein */ 6513945a964SAlfred Perlstein void 6523945a964SAlfred Perlstein kassert_panic(const char *fmt, ...) 6533945a964SAlfred Perlstein { 6543945a964SAlfred Perlstein static char buf[256]; 6553945a964SAlfred Perlstein va_list ap; 6563945a964SAlfred Perlstein 6573945a964SAlfred Perlstein va_start(ap, fmt); 6583945a964SAlfred Perlstein (void)vsnprintf(buf, sizeof(buf), fmt, ap); 6593945a964SAlfred Perlstein va_end(ap); 6603945a964SAlfred Perlstein 6613945a964SAlfred Perlstein /* 6623945a964SAlfred Perlstein * panic if we're not just warning, or if we've exceeded 6633945a964SAlfred Perlstein * kassert_log_panic_at warnings. 6643945a964SAlfred Perlstein */ 6653945a964SAlfred Perlstein if (!kassert_warn_only || 6663945a964SAlfred Perlstein (kassert_log_panic_at > 0 && 6673945a964SAlfred Perlstein kassert_warnings >= kassert_log_panic_at)) { 6683945a964SAlfred Perlstein va_start(ap, fmt); 6693945a964SAlfred Perlstein vpanic(fmt, ap); 6703945a964SAlfred Perlstein /* NORETURN */ 6713945a964SAlfred Perlstein } 6723945a964SAlfred Perlstein #ifdef KTR 6733945a964SAlfred Perlstein if (kassert_do_ktr) 6743945a964SAlfred Perlstein CTR0(ktr_mask, buf); 6753945a964SAlfred Perlstein #endif /* KTR */ 6763945a964SAlfred Perlstein /* 6773945a964SAlfred Perlstein * log if we've not yet met the mute limit. 6783945a964SAlfred Perlstein */ 6793945a964SAlfred Perlstein if (kassert_do_log && 6803945a964SAlfred Perlstein (kassert_log_mute_at == 0 || 6813945a964SAlfred Perlstein kassert_warnings < kassert_log_mute_at)) { 6823945a964SAlfred Perlstein static struct timeval lasterr; 6833945a964SAlfred Perlstein static int curerr; 6843945a964SAlfred Perlstein 6853945a964SAlfred Perlstein if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 6863945a964SAlfred Perlstein printf("KASSERT failed: %s\n", buf); 6873945a964SAlfred Perlstein kdb_backtrace(); 6883945a964SAlfred Perlstein } 6893945a964SAlfred Perlstein } 690a94053baSAlfred Perlstein #ifdef KDB 691a94053baSAlfred Perlstein if (kassert_do_kdb) { 692a94053baSAlfred Perlstein kdb_enter(KDB_WHY_KASSERT, buf); 693a94053baSAlfred Perlstein } 694a94053baSAlfred Perlstein #endif 6953945a964SAlfred Perlstein atomic_add_int(&kassert_warnings, 1); 6963945a964SAlfred Perlstein } 6973945a964SAlfred Perlstein #endif 6983945a964SAlfred Perlstein 699ad4240feSJulian Elischer /* 700ad4240feSJulian Elischer * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 701ad4240feSJulian Elischer * and then reboots. If we are called twice, then we avoid trying to sync 702ad4240feSJulian Elischer * the disks as this often leads to recursive panics. 703ad4240feSJulian Elischer */ 704ad4240feSJulian Elischer void 7059a6dc4b6SPoul-Henning Kamp panic(const char *fmt, ...) 706ad4240feSJulian Elischer { 7073945a964SAlfred Perlstein va_list ap; 7083945a964SAlfred Perlstein 7093945a964SAlfred Perlstein va_start(ap, fmt); 7103945a964SAlfred Perlstein vpanic(fmt, ap); 7113945a964SAlfred Perlstein } 7123945a964SAlfred Perlstein 713da10a603SMark Johnston void 7143945a964SAlfred Perlstein vpanic(const char *fmt, va_list ap) 7153945a964SAlfred Perlstein { 71664dd590eSAndriy Gapon #ifdef SMP 71735370593SAndriy Gapon cpuset_t other_cpus; 71864dd590eSAndriy Gapon #endif 719fe799533SAndrew Gallatin struct thread *td = curthread; 720e485b64bSJohn Baldwin int bootopt, newpanic; 72199237364SAndrey A. Chernov static char buf[256]; 722ad4240feSJulian Elischer 72335370593SAndriy Gapon spinlock_enter(); 72435370593SAndriy Gapon 7250384fff8SJason Evans #ifdef SMP 7261a5333c3SJohn Baldwin /* 7276898bee9SAndriy Gapon * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 7286898bee9SAndriy Gapon * concurrently entering panic. Only the winner will proceed 7296898bee9SAndriy Gapon * further. 7301a5333c3SJohn Baldwin */ 73135370593SAndriy Gapon if (panicstr == NULL && !kdb_active) { 73235370593SAndriy Gapon other_cpus = all_cpus; 73335370593SAndriy Gapon CPU_CLR(PCPU_GET(cpuid), &other_cpus); 73435370593SAndriy Gapon stop_cpus_hard(other_cpus); 73535370593SAndriy Gapon } 73642d33c1fSMark Johnston #endif 73735370593SAndriy Gapon 73835370593SAndriy Gapon /* 7399ad64f27SMark Johnston * Ensure that the scheduler is stopped while panicking, even if panic 7409ad64f27SMark Johnston * has been entered from kdb. 74135370593SAndriy Gapon */ 7425d7380f8SAttilio Rao td->td_stopsched = 1; 7430384fff8SJason Evans 744e3adb685SAttilio Rao bootopt = RB_AUTOBOOT; 745e485b64bSJohn Baldwin newpanic = 0; 746ad4240feSJulian Elischer if (panicstr) 747ad4240feSJulian Elischer bootopt |= RB_NOSYNC; 748e485b64bSJohn Baldwin else { 749e3adb685SAttilio Rao bootopt |= RB_DUMP; 750ad4240feSJulian Elischer panicstr = fmt; 751e485b64bSJohn Baldwin newpanic = 1; 752e485b64bSJohn Baldwin } 753ad4240feSJulian Elischer 7544f1b4577SIan Dowse if (newpanic) { 7552127f260SArchie Cobbs (void)vsnprintf(buf, sizeof(buf), fmt, ap); 75699237364SAndrey A. Chernov panicstr = buf; 757bf8696b4SAndriy Gapon cngrab(); 7589a6dc4b6SPoul-Henning Kamp printf("panic: %s\n", buf); 7594f1b4577SIan Dowse } else { 7604f1b4577SIan Dowse printf("panic: "); 7614f1b4577SIan Dowse vprintf(fmt, ap); 7629a6dc4b6SPoul-Henning Kamp printf("\n"); 7634f1b4577SIan Dowse } 76447d81897SSteve Passe #ifdef SMP 76555c45354SJohn Baldwin printf("cpuid = %d\n", PCPU_GET(cpuid)); 7662bcc63c5SJohn Baldwin #endif 7676cf0c1dbSGleb Smirnoff printf("time = %jd\n", (intmax_t )time_second); 7682d50560aSMarcel Moolenaar #ifdef KDB 769e485b64bSJohn Baldwin if (newpanic && trace_on_panic) 7702d50560aSMarcel Moolenaar kdb_backtrace(); 771ad4240feSJulian Elischer if (debugger_on_panic) 7723de213ccSRobert Watson kdb_enter(KDB_WHY_PANIC, "panic"); 7731432aa0cSJohn Baldwin #endif 774982d11f8SJeff Roberson /*thread_lock(td); */ 775fe799533SAndrew Gallatin td->td_flags |= TDF_INPANIC; 776982d11f8SJeff Roberson /* thread_unlock(td); */ 777259ed917SPeter Wemm if (!sync_on_panic) 778259ed917SPeter Wemm bootopt |= RB_NOSYNC; 77976e18b25SMarcel Moolenaar kern_reboot(bootopt); 780ad4240feSJulian Elischer } 781ad4240feSJulian Elischer 782e0d898b4SJulian Elischer /* 783db82a982SMike Smith * Support for poweroff delay. 784b22692bdSNick Hibma * 785b22692bdSNick Hibma * Please note that setting this delay too short might power off your machine 786b22692bdSNick Hibma * before the write cache on your hard disk has been flushed, leading to 787b22692bdSNick Hibma * soft-updates inconsistencies. 788db82a982SMike Smith */ 7899eec6969SMike Smith #ifndef POWEROFF_DELAY 7909eec6969SMike Smith # define POWEROFF_DELAY 5000 7919eec6969SMike Smith #endif 7929eec6969SMike Smith static int poweroff_delay = POWEROFF_DELAY; 7939eec6969SMike Smith 794db82a982SMike Smith SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 7953eb9ab52SEitan Adler &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 796db82a982SMike Smith 797fcb893a8SMike Smith static void 798fcb893a8SMike Smith poweroff_wait(void *junk, int howto) 799db82a982SMike Smith { 800e95499bdSAlfred Perlstein 801db82a982SMike Smith if (!(howto & RB_POWEROFF) || poweroff_delay <= 0) 802db82a982SMike Smith return; 803db82a982SMike Smith DELAY(poweroff_delay * 1000); 804db82a982SMike Smith } 8055e950839SLuoqi Chen 8065e950839SLuoqi Chen /* 8075e950839SLuoqi Chen * Some system processes (e.g. syncer) need to be stopped at appropriate 8085e950839SLuoqi Chen * points in their main loops prior to a system shutdown, so that they 8095e950839SLuoqi Chen * won't interfere with the shutdown process (e.g. by holding a disk buf 8105e950839SLuoqi Chen * to cause sync to fail). For each of these system processes, register 8115e950839SLuoqi Chen * shutdown_kproc() as a handler for one of shutdown events. 8125e950839SLuoqi Chen */ 8135e950839SLuoqi Chen static int kproc_shutdown_wait = 60; 8145e950839SLuoqi Chen SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 8153eb9ab52SEitan Adler &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 8165e950839SLuoqi Chen 8175e950839SLuoqi Chen void 818ffc831daSJohn Baldwin kproc_shutdown(void *arg, int howto) 8195e950839SLuoqi Chen { 8205e950839SLuoqi Chen struct proc *p; 8215e950839SLuoqi Chen int error; 8225e950839SLuoqi Chen 8235e950839SLuoqi Chen if (panicstr) 8245e950839SLuoqi Chen return; 8255e950839SLuoqi Chen 8265e950839SLuoqi Chen p = (struct proc *)arg; 827b1c81391SNate Lawson printf("Waiting (max %d seconds) for system process `%s' to stop... ", 8284f9d48e4SJohn Baldwin kproc_shutdown_wait, p->p_comm); 8293745c395SJulian Elischer error = kproc_suspend(p, kproc_shutdown_wait * hz); 8305e950839SLuoqi Chen 8315e950839SLuoqi Chen if (error == EWOULDBLOCK) 832b1c81391SNate Lawson printf("timed out\n"); 8335e950839SLuoqi Chen else 834b1c81391SNate Lawson printf("done\n"); 8355e950839SLuoqi Chen } 83681661c94SPoul-Henning Kamp 8377ab24ea3SJulian Elischer void 8387ab24ea3SJulian Elischer kthread_shutdown(void *arg, int howto) 8397ab24ea3SJulian Elischer { 8407ab24ea3SJulian Elischer struct thread *td; 8417ab24ea3SJulian Elischer int error; 8427ab24ea3SJulian Elischer 8437ab24ea3SJulian Elischer if (panicstr) 8447ab24ea3SJulian Elischer return; 8457ab24ea3SJulian Elischer 8467ab24ea3SJulian Elischer td = (struct thread *)arg; 8477ab24ea3SJulian Elischer printf("Waiting (max %d seconds) for system thread `%s' to stop... ", 8484f9d48e4SJohn Baldwin kproc_shutdown_wait, td->td_name); 8497ab24ea3SJulian Elischer error = kthread_suspend(td, kproc_shutdown_wait * hz); 8507ab24ea3SJulian Elischer 8517ab24ea3SJulian Elischer if (error == EWOULDBLOCK) 8527ab24ea3SJulian Elischer printf("timed out\n"); 8537ab24ea3SJulian Elischer else 8547ab24ea3SJulian Elischer printf("done\n"); 8557ab24ea3SJulian Elischer } 8567ab24ea3SJulian Elischer 857bad7e7f3SAlfred Perlstein static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 858bad7e7f3SAlfred Perlstein SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 859bad7e7f3SAlfred Perlstein dumpdevname, 0, "Device for kernel dumps"); 860bad7e7f3SAlfred Perlstein 861480f31c2SKonrad Witaszczyk #ifdef EKCD 862480f31c2SKonrad Witaszczyk static struct kerneldumpcrypto * 863480f31c2SKonrad Witaszczyk kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, 864480f31c2SKonrad Witaszczyk const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) 865480f31c2SKonrad Witaszczyk { 866480f31c2SKonrad Witaszczyk struct kerneldumpcrypto *kdc; 867480f31c2SKonrad Witaszczyk struct kerneldumpkey *kdk; 868480f31c2SKonrad Witaszczyk uint32_t dumpkeysize; 869480f31c2SKonrad Witaszczyk 870480f31c2SKonrad Witaszczyk dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); 871480f31c2SKonrad Witaszczyk kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); 872480f31c2SKonrad Witaszczyk 873480f31c2SKonrad Witaszczyk arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); 874480f31c2SKonrad Witaszczyk 875480f31c2SKonrad Witaszczyk kdc->kdc_encryption = encryption; 876480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 877480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 878480f31c2SKonrad Witaszczyk if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) 879480f31c2SKonrad Witaszczyk goto failed; 880480f31c2SKonrad Witaszczyk break; 881480f31c2SKonrad Witaszczyk default: 882480f31c2SKonrad Witaszczyk goto failed; 883480f31c2SKonrad Witaszczyk } 884480f31c2SKonrad Witaszczyk 885480f31c2SKonrad Witaszczyk kdc->kdc_dumpkeysize = dumpkeysize; 886480f31c2SKonrad Witaszczyk kdk = kdc->kdc_dumpkey; 887480f31c2SKonrad Witaszczyk kdk->kdk_encryption = kdc->kdc_encryption; 888480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 889480f31c2SKonrad Witaszczyk kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); 890480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); 891480f31c2SKonrad Witaszczyk 892480f31c2SKonrad Witaszczyk return (kdc); 893480f31c2SKonrad Witaszczyk failed: 894480f31c2SKonrad Witaszczyk explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); 895480f31c2SKonrad Witaszczyk free(kdc, M_EKCD); 896480f31c2SKonrad Witaszczyk return (NULL); 897480f31c2SKonrad Witaszczyk } 898480f31c2SKonrad Witaszczyk #endif /* EKCD */ 899480f31c2SKonrad Witaszczyk 900*50ef60daSMark Johnston static int 901480f31c2SKonrad Witaszczyk kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) 902480f31c2SKonrad Witaszczyk { 903480f31c2SKonrad Witaszczyk #ifndef EKCD 904480f31c2SKonrad Witaszczyk return (0); 905480f31c2SKonrad Witaszczyk #else 906480f31c2SKonrad Witaszczyk uint8_t hash[SHA256_DIGEST_LENGTH]; 907480f31c2SKonrad Witaszczyk SHA256_CTX ctx; 908480f31c2SKonrad Witaszczyk struct kerneldumpkey *kdk; 909480f31c2SKonrad Witaszczyk int error; 910480f31c2SKonrad Witaszczyk 911480f31c2SKonrad Witaszczyk error = 0; 912480f31c2SKonrad Witaszczyk 913480f31c2SKonrad Witaszczyk if (kdc == NULL) 914480f31c2SKonrad Witaszczyk return (0); 915480f31c2SKonrad Witaszczyk 916480f31c2SKonrad Witaszczyk /* 917480f31c2SKonrad Witaszczyk * When a user enters ddb it can write a crash dump multiple times. 918480f31c2SKonrad Witaszczyk * Each time it should be encrypted using a different IV. 919480f31c2SKonrad Witaszczyk */ 920480f31c2SKonrad Witaszczyk SHA256_Init(&ctx); 921480f31c2SKonrad Witaszczyk SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 922480f31c2SKonrad Witaszczyk SHA256_Final(hash, &ctx); 923480f31c2SKonrad Witaszczyk bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 924480f31c2SKonrad Witaszczyk 925480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 926480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 927480f31c2SKonrad Witaszczyk if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 928480f31c2SKonrad Witaszczyk kdc->kdc_iv) <= 0) { 929480f31c2SKonrad Witaszczyk error = EINVAL; 930480f31c2SKonrad Witaszczyk goto out; 931480f31c2SKonrad Witaszczyk } 932480f31c2SKonrad Witaszczyk break; 933480f31c2SKonrad Witaszczyk default: 934480f31c2SKonrad Witaszczyk error = EINVAL; 935480f31c2SKonrad Witaszczyk goto out; 936480f31c2SKonrad Witaszczyk } 937480f31c2SKonrad Witaszczyk 938480f31c2SKonrad Witaszczyk kdc->kdc_nextoffset = 0; 939480f31c2SKonrad Witaszczyk 940480f31c2SKonrad Witaszczyk kdk = kdc->kdc_dumpkey; 941480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 942480f31c2SKonrad Witaszczyk out: 943480f31c2SKonrad Witaszczyk explicit_bzero(hash, sizeof(hash)); 944480f31c2SKonrad Witaszczyk return (error); 945480f31c2SKonrad Witaszczyk #endif 946480f31c2SKonrad Witaszczyk } 947480f31c2SKonrad Witaszczyk 948480f31c2SKonrad Witaszczyk uint32_t 949480f31c2SKonrad Witaszczyk kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) 950480f31c2SKonrad Witaszczyk { 951480f31c2SKonrad Witaszczyk 952480f31c2SKonrad Witaszczyk #ifdef EKCD 953480f31c2SKonrad Witaszczyk if (kdc == NULL) 954480f31c2SKonrad Witaszczyk return (0); 955480f31c2SKonrad Witaszczyk return (kdc->kdc_dumpkeysize); 956480f31c2SKonrad Witaszczyk #else 957480f31c2SKonrad Witaszczyk return (0); 958480f31c2SKonrad Witaszczyk #endif 959480f31c2SKonrad Witaszczyk } 960480f31c2SKonrad Witaszczyk 96181661c94SPoul-Henning Kamp /* Registration of dumpers */ 96281661c94SPoul-Henning Kamp int 963480f31c2SKonrad Witaszczyk set_dumper(struct dumperinfo *di, const char *devname, struct thread *td, 964480f31c2SKonrad Witaszczyk uint8_t encryption, const uint8_t *key, uint32_t encryptedkeysize, 965480f31c2SKonrad Witaszczyk const uint8_t *encryptedkey) 96681661c94SPoul-Henning Kamp { 9675a3a8ec0SAlfred Perlstein size_t wantcopy; 9685ebb15b9SPawel Jakub Dawidek int error; 9695ebb15b9SPawel Jakub Dawidek 9705ebb15b9SPawel Jakub Dawidek error = priv_check(td, PRIV_SETDUMPER); 9715ebb15b9SPawel Jakub Dawidek if (error != 0) 9725ebb15b9SPawel Jakub Dawidek return (error); 973e95499bdSAlfred Perlstein 97481661c94SPoul-Henning Kamp if (di == NULL) { 975480f31c2SKonrad Witaszczyk error = 0; 976480f31c2SKonrad Witaszczyk goto cleanup; 97781661c94SPoul-Henning Kamp } 97881661c94SPoul-Henning Kamp if (dumper.dumper != NULL) 97981661c94SPoul-Henning Kamp return (EBUSY); 98081661c94SPoul-Henning Kamp dumper = *di; 981480f31c2SKonrad Witaszczyk dumper.blockbuf = NULL; 982480f31c2SKonrad Witaszczyk dumper.kdc = NULL; 983480f31c2SKonrad Witaszczyk 984480f31c2SKonrad Witaszczyk if (encryption != KERNELDUMP_ENC_NONE) { 985480f31c2SKonrad Witaszczyk #ifdef EKCD 986480f31c2SKonrad Witaszczyk dumper.kdc = kerneldumpcrypto_create(di->blocksize, encryption, 987480f31c2SKonrad Witaszczyk key, encryptedkeysize, encryptedkey); 988480f31c2SKonrad Witaszczyk if (dumper.kdc == NULL) { 989480f31c2SKonrad Witaszczyk error = EINVAL; 990480f31c2SKonrad Witaszczyk goto cleanup; 991480f31c2SKonrad Witaszczyk } 992480f31c2SKonrad Witaszczyk #else 993480f31c2SKonrad Witaszczyk error = EOPNOTSUPP; 994480f31c2SKonrad Witaszczyk goto cleanup; 995480f31c2SKonrad Witaszczyk #endif 996480f31c2SKonrad Witaszczyk } 997480f31c2SKonrad Witaszczyk 9985a3a8ec0SAlfred Perlstein wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 9995a3a8ec0SAlfred Perlstein if (wantcopy >= sizeof(dumpdevname)) { 1000bad7e7f3SAlfred Perlstein printf("set_dumper: device name truncated from '%s' -> '%s'\n", 1001bad7e7f3SAlfred Perlstein devname, dumpdevname); 1002bad7e7f3SAlfred Perlstein } 1003480f31c2SKonrad Witaszczyk 10045dc5dab6SConrad Meyer dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO); 100581661c94SPoul-Henning Kamp return (0); 1006480f31c2SKonrad Witaszczyk cleanup: 1007480f31c2SKonrad Witaszczyk #ifdef EKCD 1008480f31c2SKonrad Witaszczyk if (dumper.kdc != NULL) { 1009480f31c2SKonrad Witaszczyk explicit_bzero(dumper.kdc, sizeof(*dumper.kdc) + 1010480f31c2SKonrad Witaszczyk dumper.kdc->kdc_dumpkeysize); 1011480f31c2SKonrad Witaszczyk free(dumper.kdc, M_EKCD); 1012480f31c2SKonrad Witaszczyk } 1013480f31c2SKonrad Witaszczyk #endif 1014480f31c2SKonrad Witaszczyk if (dumper.blockbuf != NULL) { 1015480f31c2SKonrad Witaszczyk explicit_bzero(dumper.blockbuf, dumper.blocksize); 1016480f31c2SKonrad Witaszczyk free(dumper.blockbuf, M_DUMPER); 1017480f31c2SKonrad Witaszczyk } 1018480f31c2SKonrad Witaszczyk explicit_bzero(&dumper, sizeof(dumper)); 1019480f31c2SKonrad Witaszczyk dumpdevname[0] = '\0'; 1020480f31c2SKonrad Witaszczyk return (error); 102181661c94SPoul-Henning Kamp } 102281661c94SPoul-Henning Kamp 1023480f31c2SKonrad Witaszczyk static int 1024480f31c2SKonrad Witaszczyk dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) 1025007b1b7bSRuslan Ermilov { 1026007b1b7bSRuslan Ermilov 1027007b1b7bSRuslan Ermilov if (length != 0 && (offset < di->mediaoffset || 1028007b1b7bSRuslan Ermilov offset - di->mediaoffset + length > di->mediasize)) { 102958379067SAttilio Rao printf("Attempt to write outside dump device boundaries.\n" 103058379067SAttilio Rao "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 103158379067SAttilio Rao (intmax_t)offset, (intmax_t)di->mediaoffset, 103258379067SAttilio Rao (uintmax_t)length, (intmax_t)di->mediasize); 103358379067SAttilio Rao return (ENOSPC); 1034007b1b7bSRuslan Ermilov } 1035480f31c2SKonrad Witaszczyk 1036480f31c2SKonrad Witaszczyk return (0); 1037480f31c2SKonrad Witaszczyk } 1038480f31c2SKonrad Witaszczyk 1039480f31c2SKonrad Witaszczyk #ifdef EKCD 1040480f31c2SKonrad Witaszczyk static int 1041480f31c2SKonrad Witaszczyk dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) 1042480f31c2SKonrad Witaszczyk { 1043480f31c2SKonrad Witaszczyk 1044480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 1045480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 1046480f31c2SKonrad Witaszczyk if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 1047480f31c2SKonrad Witaszczyk 8 * size, buf) <= 0) { 1048480f31c2SKonrad Witaszczyk return (EIO); 1049480f31c2SKonrad Witaszczyk } 1050480f31c2SKonrad Witaszczyk if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1051480f31c2SKonrad Witaszczyk buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { 1052480f31c2SKonrad Witaszczyk return (EIO); 1053480f31c2SKonrad Witaszczyk } 1054480f31c2SKonrad Witaszczyk break; 1055480f31c2SKonrad Witaszczyk default: 1056480f31c2SKonrad Witaszczyk return (EINVAL); 1057480f31c2SKonrad Witaszczyk } 1058480f31c2SKonrad Witaszczyk 1059480f31c2SKonrad Witaszczyk return (0); 1060480f31c2SKonrad Witaszczyk } 1061480f31c2SKonrad Witaszczyk 1062480f31c2SKonrad Witaszczyk /* Encrypt data and call dumper. */ 1063480f31c2SKonrad Witaszczyk static int 1064480f31c2SKonrad Witaszczyk dump_encrypted_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1065480f31c2SKonrad Witaszczyk off_t offset, size_t length) 1066480f31c2SKonrad Witaszczyk { 1067480f31c2SKonrad Witaszczyk static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; 1068480f31c2SKonrad Witaszczyk struct kerneldumpcrypto *kdc; 1069480f31c2SKonrad Witaszczyk int error; 1070480f31c2SKonrad Witaszczyk size_t nbytes; 1071480f31c2SKonrad Witaszczyk off_t nextoffset; 1072480f31c2SKonrad Witaszczyk 1073480f31c2SKonrad Witaszczyk kdc = di->kdc; 1074480f31c2SKonrad Witaszczyk 1075480f31c2SKonrad Witaszczyk error = dump_check_bounds(di, offset, length); 1076480f31c2SKonrad Witaszczyk if (error != 0) 1077480f31c2SKonrad Witaszczyk return (error); 1078480f31c2SKonrad Witaszczyk 1079480f31c2SKonrad Witaszczyk /* Signal completion. */ 1080480f31c2SKonrad Witaszczyk if (virtual == NULL && physical == 0 && offset == 0 && length == 0) { 1081480f31c2SKonrad Witaszczyk return (di->dumper(di->priv, virtual, physical, offset, 1082480f31c2SKonrad Witaszczyk length)); 1083480f31c2SKonrad Witaszczyk } 1084480f31c2SKonrad Witaszczyk 1085480f31c2SKonrad Witaszczyk /* Data have to be aligned to block size. */ 1086480f31c2SKonrad Witaszczyk if ((length % di->blocksize) != 0) 1087480f31c2SKonrad Witaszczyk return (EINVAL); 1088480f31c2SKonrad Witaszczyk 1089480f31c2SKonrad Witaszczyk /* 1090480f31c2SKonrad Witaszczyk * Data have to be written continuously becase we're encrypting using 1091480f31c2SKonrad Witaszczyk * CBC mode which has this assumption. 1092480f31c2SKonrad Witaszczyk */ 1093480f31c2SKonrad Witaszczyk if (kdc->kdc_nextoffset != 0 && kdc->kdc_nextoffset != offset) 1094480f31c2SKonrad Witaszczyk return (EINVAL); 1095480f31c2SKonrad Witaszczyk 1096480f31c2SKonrad Witaszczyk nextoffset = offset + (off_t)length; 1097480f31c2SKonrad Witaszczyk 1098480f31c2SKonrad Witaszczyk while (length > 0) { 1099480f31c2SKonrad Witaszczyk nbytes = MIN(length, sizeof(buf)); 1100480f31c2SKonrad Witaszczyk bcopy(virtual, buf, nbytes); 1101480f31c2SKonrad Witaszczyk 1102480f31c2SKonrad Witaszczyk if (dump_encrypt(kdc, buf, nbytes) != 0) 1103480f31c2SKonrad Witaszczyk return (EIO); 1104480f31c2SKonrad Witaszczyk 1105480f31c2SKonrad Witaszczyk error = di->dumper(di->priv, buf, physical, offset, nbytes); 1106480f31c2SKonrad Witaszczyk if (error != 0) 1107480f31c2SKonrad Witaszczyk return (error); 1108480f31c2SKonrad Witaszczyk 1109480f31c2SKonrad Witaszczyk offset += nbytes; 1110480f31c2SKonrad Witaszczyk virtual = (void *)((uint8_t *)virtual + nbytes); 1111480f31c2SKonrad Witaszczyk length -= nbytes; 1112480f31c2SKonrad Witaszczyk } 1113480f31c2SKonrad Witaszczyk 1114480f31c2SKonrad Witaszczyk kdc->kdc_nextoffset = nextoffset; 1115480f31c2SKonrad Witaszczyk 1116480f31c2SKonrad Witaszczyk return (0); 1117480f31c2SKonrad Witaszczyk } 1118480f31c2SKonrad Witaszczyk #endif /* EKCD */ 1119480f31c2SKonrad Witaszczyk 1120480f31c2SKonrad Witaszczyk /* Call dumper with bounds checking. */ 1121480f31c2SKonrad Witaszczyk static int 1122480f31c2SKonrad Witaszczyk dump_raw_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1123480f31c2SKonrad Witaszczyk off_t offset, size_t length) 1124480f31c2SKonrad Witaszczyk { 1125480f31c2SKonrad Witaszczyk int error; 1126480f31c2SKonrad Witaszczyk 1127480f31c2SKonrad Witaszczyk error = dump_check_bounds(di, offset, length); 1128480f31c2SKonrad Witaszczyk if (error != 0) 1129480f31c2SKonrad Witaszczyk return (error); 1130480f31c2SKonrad Witaszczyk 1131007b1b7bSRuslan Ermilov return (di->dumper(di->priv, virtual, physical, offset, length)); 1132007b1b7bSRuslan Ermilov } 1133007b1b7bSRuslan Ermilov 11345dc5dab6SConrad Meyer int 1135480f31c2SKonrad Witaszczyk dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1136480f31c2SKonrad Witaszczyk off_t offset, size_t length) 11375dc5dab6SConrad Meyer { 1138480f31c2SKonrad Witaszczyk 1139480f31c2SKonrad Witaszczyk #ifdef EKCD 1140480f31c2SKonrad Witaszczyk if (di->kdc != NULL) { 1141480f31c2SKonrad Witaszczyk return (dump_encrypted_write(di, virtual, physical, offset, 1142480f31c2SKonrad Witaszczyk length)); 1143480f31c2SKonrad Witaszczyk } 1144480f31c2SKonrad Witaszczyk #endif 1145480f31c2SKonrad Witaszczyk 1146480f31c2SKonrad Witaszczyk return (dump_raw_write(di, virtual, physical, offset, length)); 1147480f31c2SKonrad Witaszczyk } 1148480f31c2SKonrad Witaszczyk 1149480f31c2SKonrad Witaszczyk static int 1150480f31c2SKonrad Witaszczyk dump_pad(struct dumperinfo *di, void *virtual, size_t length, void **buf, 1151480f31c2SKonrad Witaszczyk size_t *size) 1152480f31c2SKonrad Witaszczyk { 11535dc5dab6SConrad Meyer 11545dc5dab6SConrad Meyer if (length > di->blocksize) 11555dc5dab6SConrad Meyer return (ENOMEM); 11565dc5dab6SConrad Meyer 11575dc5dab6SConrad Meyer *size = di->blocksize; 1158480f31c2SKonrad Witaszczyk if (length == di->blocksize) { 1159480f31c2SKonrad Witaszczyk *buf = virtual; 1160480f31c2SKonrad Witaszczyk } else { 1161480f31c2SKonrad Witaszczyk *buf = di->blockbuf; 1162480f31c2SKonrad Witaszczyk memcpy(*buf, virtual, length); 1163480f31c2SKonrad Witaszczyk memset((uint8_t *)*buf + length, 0, di->blocksize - length); 11645dc5dab6SConrad Meyer } 11655dc5dab6SConrad Meyer 1166480f31c2SKonrad Witaszczyk return (0); 1167480f31c2SKonrad Witaszczyk } 1168480f31c2SKonrad Witaszczyk 1169480f31c2SKonrad Witaszczyk static int 1170480f31c2SKonrad Witaszczyk dump_raw_write_pad(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1171480f31c2SKonrad Witaszczyk off_t offset, size_t length, size_t *size) 1172480f31c2SKonrad Witaszczyk { 1173480f31c2SKonrad Witaszczyk void *buf; 1174480f31c2SKonrad Witaszczyk int error; 1175480f31c2SKonrad Witaszczyk 1176480f31c2SKonrad Witaszczyk error = dump_pad(di, virtual, length, &buf, size); 1177480f31c2SKonrad Witaszczyk if (error != 0) 1178480f31c2SKonrad Witaszczyk return (error); 1179480f31c2SKonrad Witaszczyk 1180480f31c2SKonrad Witaszczyk return (dump_raw_write(di, buf, physical, offset, *size)); 1181480f31c2SKonrad Witaszczyk } 1182480f31c2SKonrad Witaszczyk 1183*50ef60daSMark Johnston static int 1184480f31c2SKonrad Witaszczyk dump_write_header(struct dumperinfo *di, struct kerneldumpheader *kdh, 1185480f31c2SKonrad Witaszczyk vm_offset_t physical, off_t offset) 1186480f31c2SKonrad Witaszczyk { 1187480f31c2SKonrad Witaszczyk size_t size; 1188480f31c2SKonrad Witaszczyk int ret; 1189480f31c2SKonrad Witaszczyk 1190480f31c2SKonrad Witaszczyk ret = dump_raw_write_pad(di, kdh, physical, offset, sizeof(*kdh), 1191480f31c2SKonrad Witaszczyk &size); 1192480f31c2SKonrad Witaszczyk if (ret == 0 && size != di->blocksize) 1193480f31c2SKonrad Witaszczyk ret = EINVAL; 11945dc5dab6SConrad Meyer return (ret); 11955dc5dab6SConrad Meyer } 11965dc5dab6SConrad Meyer 1197*50ef60daSMark Johnston static int 1198480f31c2SKonrad Witaszczyk dump_write_key(struct dumperinfo *di, vm_offset_t physical, off_t offset) 1199480f31c2SKonrad Witaszczyk { 1200480f31c2SKonrad Witaszczyk #ifndef EKCD 1201480f31c2SKonrad Witaszczyk return (0); 1202480f31c2SKonrad Witaszczyk #else /* EKCD */ 1203480f31c2SKonrad Witaszczyk struct kerneldumpcrypto *kdc; 1204480f31c2SKonrad Witaszczyk 1205480f31c2SKonrad Witaszczyk kdc = di->kdc; 1206480f31c2SKonrad Witaszczyk if (kdc == NULL) 1207480f31c2SKonrad Witaszczyk return (0); 1208480f31c2SKonrad Witaszczyk 1209480f31c2SKonrad Witaszczyk return (dump_raw_write(di, kdc->kdc_dumpkey, physical, offset, 1210480f31c2SKonrad Witaszczyk kdc->kdc_dumpkeysize)); 1211480f31c2SKonrad Witaszczyk #endif /* !EKCD */ 1212480f31c2SKonrad Witaszczyk } 12135dc5dab6SConrad Meyer 1214*50ef60daSMark Johnston /* 1215*50ef60daSMark Johnston * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to 1216*50ef60daSMark Johnston * protect us from metadata and metadata from us. 1217*50ef60daSMark Johnston */ 1218*50ef60daSMark Johnston #define SIZEOF_METADATA (64 * 1024) 1219*50ef60daSMark Johnston 1220*50ef60daSMark Johnston /* 1221*50ef60daSMark Johnston * Do some preliminary setup for a kernel dump: verify that we have enough space 1222*50ef60daSMark Johnston * on the dump device, write the leading header, and optionally write the crypto 1223*50ef60daSMark Johnston * key. 1224*50ef60daSMark Johnston */ 1225*50ef60daSMark Johnston int 1226*50ef60daSMark Johnston dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh, off_t *dumplop) 1227*50ef60daSMark Johnston { 1228*50ef60daSMark Johnston uint64_t dumpsize; 1229*50ef60daSMark Johnston int error; 1230*50ef60daSMark Johnston 1231*50ef60daSMark Johnston error = kerneldumpcrypto_init(di->kdc); 1232*50ef60daSMark Johnston if (error != 0) 1233*50ef60daSMark Johnston return (error); 1234*50ef60daSMark Johnston 1235*50ef60daSMark Johnston dumpsize = dtoh64(kdh->dumplength) + 2 * di->blocksize + 1236*50ef60daSMark Johnston kerneldumpcrypto_dumpkeysize(di->kdc); 1237*50ef60daSMark Johnston if (di->mediasize < SIZEOF_METADATA + dumpsize) 1238*50ef60daSMark Johnston return (E2BIG); 1239*50ef60daSMark Johnston 1240*50ef60daSMark Johnston *dumplop = di->mediaoffset + di->mediasize - dumpsize; 1241*50ef60daSMark Johnston 1242*50ef60daSMark Johnston error = dump_write_header(di, kdh, 0, *dumplop); 1243*50ef60daSMark Johnston if (error != 0) 1244*50ef60daSMark Johnston return (error); 1245*50ef60daSMark Johnston *dumplop += di->blocksize; 1246*50ef60daSMark Johnston 1247*50ef60daSMark Johnston error = dump_write_key(di, 0, *dumplop); 1248*50ef60daSMark Johnston if (error != 0) 1249*50ef60daSMark Johnston return (error); 1250*50ef60daSMark Johnston *dumplop += kerneldumpcrypto_dumpkeysize(di->kdc); 1251*50ef60daSMark Johnston 1252*50ef60daSMark Johnston return (0); 1253*50ef60daSMark Johnston } 1254*50ef60daSMark Johnston 1255*50ef60daSMark Johnston /* 1256*50ef60daSMark Johnston * Write the trailing kernel dump header and signal to the lower layers that the 1257*50ef60daSMark Johnston * dump has completed. 1258*50ef60daSMark Johnston */ 1259*50ef60daSMark Johnston int 1260*50ef60daSMark Johnston dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh, off_t dumplo) 1261*50ef60daSMark Johnston { 1262*50ef60daSMark Johnston int error; 1263*50ef60daSMark Johnston 1264*50ef60daSMark Johnston error = dump_write_header(di, kdh, 0, dumplo); 1265*50ef60daSMark Johnston if (error != 0) 1266*50ef60daSMark Johnston return (error); 1267*50ef60daSMark Johnston 1268*50ef60daSMark Johnston (void)dump_write(di, NULL, 0, 0, 0); 1269*50ef60daSMark Johnston return (0); 1270*50ef60daSMark Johnston } 1271*50ef60daSMark Johnston 1272e6592ee5SPeter Wemm void 1273e6592ee5SPeter Wemm mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, 1274480f31c2SKonrad Witaszczyk uint64_t dumplen, uint32_t dumpkeysize, uint32_t blksz) 1275e6592ee5SPeter Wemm { 1276ab384d75SMark Johnston size_t dstsize; 1277e6592ee5SPeter Wemm 1278e6592ee5SPeter Wemm bzero(kdh, sizeof(*kdh)); 12797a9c38e6SAlan Somers strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 12807a9c38e6SAlan Somers strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 1281e6592ee5SPeter Wemm kdh->version = htod32(KERNELDUMPVERSION); 1282e6592ee5SPeter Wemm kdh->architectureversion = htod32(archver); 1283e6592ee5SPeter Wemm kdh->dumplength = htod64(dumplen); 1284e6592ee5SPeter Wemm kdh->dumptime = htod64(time_second); 1285480f31c2SKonrad Witaszczyk kdh->dumpkeysize = htod32(dumpkeysize); 1286e6592ee5SPeter Wemm kdh->blocksize = htod32(blksz); 12877a9c38e6SAlan Somers strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 1288ab384d75SMark Johnston dstsize = sizeof(kdh->versionstring); 1289ab384d75SMark Johnston if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) 1290ab384d75SMark Johnston kdh->versionstring[dstsize - 2] = '\n'; 1291e6592ee5SPeter Wemm if (panicstr != NULL) 12927a9c38e6SAlan Somers strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 1293e6592ee5SPeter Wemm kdh->parity = kerneldump_parity(kdh); 1294e6592ee5SPeter Wemm } 12953af72c11SBjoern A. Zeeb 12963af72c11SBjoern A. Zeeb #ifdef DDB 12973af72c11SBjoern A. Zeeb DB_SHOW_COMMAND(panic, db_show_panic) 12983af72c11SBjoern A. Zeeb { 12993af72c11SBjoern A. Zeeb 13003af72c11SBjoern A. Zeeb if (panicstr == NULL) 13013af72c11SBjoern A. Zeeb db_printf("panicstr not set\n"); 13023af72c11SBjoern A. Zeeb else 13033af72c11SBjoern A. Zeeb db_printf("panic: %s\n", panicstr); 13043af72c11SBjoern A. Zeeb } 13053af72c11SBjoern A. Zeeb #endif 1306