1ad4240feSJulian Elischer /*- 251369649SPedro F. Giffuni * SPDX-License-Identifier: BSD-3-Clause 351369649SPedro F. Giffuni * 4ad4240feSJulian Elischer * Copyright (c) 1986, 1988, 1991, 1993 5ad4240feSJulian Elischer * The Regents of the University of California. All rights reserved. 6ad4240feSJulian Elischer * (c) UNIX System Laboratories, Inc. 7ad4240feSJulian Elischer * All or some portions of this file are derived from material licensed 8ad4240feSJulian Elischer * to the University of California by American Telephone and Telegraph 9ad4240feSJulian Elischer * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10ad4240feSJulian Elischer * the permission of UNIX System Laboratories, Inc. 11ad4240feSJulian Elischer * 12ad4240feSJulian Elischer * Redistribution and use in source and binary forms, with or without 13ad4240feSJulian Elischer * modification, are permitted provided that the following conditions 14ad4240feSJulian Elischer * are met: 15ad4240feSJulian Elischer * 1. Redistributions of source code must retain the above copyright 16ad4240feSJulian Elischer * notice, this list of conditions and the following disclaimer. 17ad4240feSJulian Elischer * 2. Redistributions in binary form must reproduce the above copyright 18ad4240feSJulian Elischer * notice, this list of conditions and the following disclaimer in the 19ad4240feSJulian Elischer * documentation and/or other materials provided with the distribution. 2069a28758SEd Maste * 3. Neither the name of the University nor the names of its contributors 21ad4240feSJulian Elischer * may be used to endorse or promote products derived from this software 22ad4240feSJulian Elischer * without specific prior written permission. 23ad4240feSJulian Elischer * 24ad4240feSJulian Elischer * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25ad4240feSJulian Elischer * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26ad4240feSJulian Elischer * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27ad4240feSJulian Elischer * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28ad4240feSJulian Elischer * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29ad4240feSJulian Elischer * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30ad4240feSJulian Elischer * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31ad4240feSJulian Elischer * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32ad4240feSJulian Elischer * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33ad4240feSJulian Elischer * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34ad4240feSJulian Elischer * SUCH DAMAGE. 35ad4240feSJulian Elischer * 36ad4240feSJulian Elischer * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 37ad4240feSJulian Elischer */ 38ad4240feSJulian Elischer 39677b542eSDavid E. O'Brien #include <sys/cdefs.h> 40677b542eSDavid E. O'Brien __FBSDID("$FreeBSD$"); 41677b542eSDavid E. O'Brien 42618c7db3SRobert Watson #include "opt_ddb.h" 43480f31c2SKonrad Witaszczyk #include "opt_ekcd.h" 442d50560aSMarcel Moolenaar #include "opt_kdb.h" 456d58e6cbSBruce Evans #include "opt_panic.h" 466b6e2954SConrad Meyer #include "opt_printf.h" 479923b511SScott Long #include "opt_sched.h" 482be767e0SAttilio Rao #include "opt_watchdog.h" 49ad4240feSJulian Elischer 50ad4240feSJulian Elischer #include <sys/param.h> 51ad4240feSJulian Elischer #include <sys/systm.h> 529626b608SPoul-Henning Kamp #include <sys/bio.h> 53fc8f7066SBruce Evans #include <sys/buf.h> 541d79f1bbSJohn Baldwin #include <sys/conf.h> 5578f57a9cSMark Johnston #include <sys/compressor.h> 561d79f1bbSJohn Baldwin #include <sys/cons.h> 576b6e2954SConrad Meyer #include <sys/disk.h> 581d79f1bbSJohn Baldwin #include <sys/eventhandler.h> 590d3d0cc3SEdward Tomasz Napierala #include <sys/filedesc.h> 6076ca6f88SJamie Gritton #include <sys/jail.h> 612d50560aSMarcel Moolenaar #include <sys/kdb.h> 62ad4240feSJulian Elischer #include <sys/kernel.h> 63e6592ee5SPeter Wemm #include <sys/kerneldump.h> 645e950839SLuoqi Chen #include <sys/kthread.h> 653945a964SAlfred Perlstein #include <sys/ktr.h> 66dcd7d9b7SMaxim Sobolev #include <sys/malloc.h> 67bd92e6b6SMark Johnston #include <sys/mbuf.h> 68ac0ad63fSBruce Evans #include <sys/mount.h> 69acd3428bSRobert Watson #include <sys/priv.h> 701d79f1bbSJohn Baldwin #include <sys/proc.h> 711d79f1bbSJohn Baldwin #include <sys/reboot.h> 721d79f1bbSJohn Baldwin #include <sys/resourcevar.h> 7389f6b863SAttilio Rao #include <sys/rwlock.h> 746b6e2954SConrad Meyer #include <sys/sbuf.h> 7520e25d7dSPeter Wemm #include <sys/sched.h> 76248bb937SAttilio Rao #include <sys/smp.h> 77ad4240feSJulian Elischer #include <sys/sysctl.h> 78ad4240feSJulian Elischer #include <sys/sysproto.h> 79c3982007SKonstantin Belousov #include <sys/taskqueue.h> 80fa2b39a1SAttilio Rao #include <sys/vnode.h> 812be767e0SAttilio Rao #include <sys/watchdog.h> 82ad4240feSJulian Elischer 8382985292SConrad Meyer #include <crypto/chacha20/chacha.h> 84480f31c2SKonrad Witaszczyk #include <crypto/rijndael/rijndael-api-fst.h> 85480f31c2SKonrad Witaszczyk #include <crypto/sha2/sha256.h> 86480f31c2SKonrad Witaszczyk 87618c7db3SRobert Watson #include <ddb/ddb.h> 88618c7db3SRobert Watson 8926502503SMarcel Moolenaar #include <machine/cpu.h> 90bdb9ab0dSMark Johnston #include <machine/dump.h> 91d39e457bSPoul-Henning Kamp #include <machine/pcb.h> 92752dff3dSJake Burkholder #include <machine/smp.h> 93ad4240feSJulian Elischer 94aed55708SRobert Watson #include <security/mac/mac_framework.h> 95aed55708SRobert Watson 960909f38aSPawel Jakub Dawidek #include <vm/vm.h> 970909f38aSPawel Jakub Dawidek #include <vm/vm_object.h> 980909f38aSPawel Jakub Dawidek #include <vm/vm_page.h> 990909f38aSPawel Jakub Dawidek #include <vm/vm_pager.h> 1000909f38aSPawel Jakub Dawidek #include <vm/swap_pager.h> 1010909f38aSPawel Jakub Dawidek 102ad4240feSJulian Elischer #include <sys/signalvar.h> 103ad4240feSJulian Elischer 1045dc5dab6SConrad Meyer static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); 1055dc5dab6SConrad Meyer 106ad4240feSJulian Elischer #ifndef PANIC_REBOOT_WAIT_TIME 107ad4240feSJulian Elischer #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 108ad4240feSJulian Elischer #endif 1093b251028SColin Percival static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 110af3b2549SHans Petter Selasky SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 1111cdbb9edSColin Percival &panic_reboot_wait_time, 0, 1121cdbb9edSColin Percival "Seconds to wait before rebooting after a panic"); 113ad4240feSJulian Elischer 114ad4240feSJulian Elischer /* 115ad4240feSJulian Elischer * Note that stdarg.h and the ANSI style va_start macro is used for both 116ad4240feSJulian Elischer * ANSI and traditional C compilers. 117ad4240feSJulian Elischer */ 118ad4240feSJulian Elischer #include <machine/stdarg.h> 119ad4240feSJulian Elischer 1202d50560aSMarcel Moolenaar #ifdef KDB 1212d50560aSMarcel Moolenaar #ifdef KDB_UNATTENDED 122b317cfd4SJohn Baldwin static int debugger_on_panic = 0; 123ad4240feSJulian Elischer #else 124b317cfd4SJohn Baldwin static int debugger_on_panic = 1; 125ad4240feSJulian Elischer #endif 1263d7618d8SDavid E. O'Brien SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 127af3b2549SHans Petter Selasky CTLFLAG_RWTUN | CTLFLAG_SECURE, 1281c5151f3SDavid E. O'Brien &debugger_on_panic, 0, "Run debugger on kernel panic"); 129e485b64bSJohn Baldwin 130b317cfd4SJohn Baldwin int debugger_on_trap = 0; 131b317cfd4SJohn Baldwin SYSCTL_INT(_debug, OID_AUTO, debugger_on_trap, 132b317cfd4SJohn Baldwin CTLFLAG_RWTUN | CTLFLAG_SECURE, 133b317cfd4SJohn Baldwin &debugger_on_trap, 0, "Run debugger on kernel trap before panic"); 134b317cfd4SJohn Baldwin 1352d50560aSMarcel Moolenaar #ifdef KDB_TRACE 13608a9c205SAndriy Gapon static int trace_on_panic = 1; 137ad1fc315SConrad Meyer static bool trace_all_panics = true; 138e485b64bSJohn Baldwin #else 13908a9c205SAndriy Gapon static int trace_on_panic = 0; 140ad1fc315SConrad Meyer static bool trace_all_panics = false; 141e485b64bSJohn Baldwin #endif 1423d7618d8SDavid E. O'Brien SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 143af3b2549SHans Petter Selasky CTLFLAG_RWTUN | CTLFLAG_SECURE, 1441c5151f3SDavid E. O'Brien &trace_on_panic, 0, "Print stack trace on kernel panic"); 145ad1fc315SConrad Meyer SYSCTL_BOOL(_debug, OID_AUTO, trace_all_panics, CTLFLAG_RWTUN, 146ad1fc315SConrad Meyer &trace_all_panics, 0, "Print stack traces on secondary kernel panics"); 1472d50560aSMarcel Moolenaar #endif /* KDB */ 148ad4240feSJulian Elischer 14908a9c205SAndriy Gapon static int sync_on_panic = 0; 150af3b2549SHans Petter Selasky SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 151259ed917SPeter Wemm &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 152259ed917SPeter Wemm 15348f1a492SWarner Losh static bool poweroff_on_panic = 0; 15448f1a492SWarner Losh SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN, 15548f1a492SWarner Losh &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic"); 15648f1a492SWarner Losh 15748f1a492SWarner Losh static bool powercycle_on_panic = 0; 15848f1a492SWarner Losh SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN, 15948f1a492SWarner Losh &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic"); 16048f1a492SWarner Losh 1616472ac3dSEd Schouten static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 1626472ac3dSEd Schouten "Shutdown environment"); 163db82a982SMike Smith 164fa2b39a1SAttilio Rao #ifndef DIAGNOSTIC 165fa2b39a1SAttilio Rao static int show_busybufs; 166fa2b39a1SAttilio Rao #else 167fa2b39a1SAttilio Rao static int show_busybufs = 1; 168fa2b39a1SAttilio Rao #endif 169fa2b39a1SAttilio Rao SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 170fa2b39a1SAttilio Rao &show_busybufs, 0, ""); 171fa2b39a1SAttilio Rao 1722eb0015aSColin Percival int suspend_blocked = 0; 1732eb0015aSColin Percival SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 1742eb0015aSColin Percival &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 1752eb0015aSColin Percival 176480f31c2SKonrad Witaszczyk #ifdef EKCD 177480f31c2SKonrad Witaszczyk FEATURE(ekcd, "Encrypted kernel crash dumps support"); 178480f31c2SKonrad Witaszczyk 179480f31c2SKonrad Witaszczyk MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); 180480f31c2SKonrad Witaszczyk 181480f31c2SKonrad Witaszczyk struct kerneldumpcrypto { 182480f31c2SKonrad Witaszczyk uint8_t kdc_encryption; 183480f31c2SKonrad Witaszczyk uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; 18482985292SConrad Meyer union { 18582985292SConrad Meyer struct { 18682985292SConrad Meyer keyInstance aes_ki; 18782985292SConrad Meyer cipherInstance aes_ci; 18882985292SConrad Meyer } u_aes; 18982985292SConrad Meyer struct chacha_ctx u_chacha; 19082985292SConrad Meyer } u; 19182985292SConrad Meyer #define kdc_ki u.u_aes.aes_ki 19282985292SConrad Meyer #define kdc_ci u.u_aes.aes_ci 19382985292SConrad Meyer #define kdc_chacha u.u_chacha 194480f31c2SKonrad Witaszczyk uint32_t kdc_dumpkeysize; 195480f31c2SKonrad Witaszczyk struct kerneldumpkey kdc_dumpkey[]; 196480f31c2SKonrad Witaszczyk }; 197480f31c2SKonrad Witaszczyk #endif 198480f31c2SKonrad Witaszczyk 19978f57a9cSMark Johnston struct kerneldumpcomp { 2006026dcd7SMark Johnston uint8_t kdc_format; 20178f57a9cSMark Johnston struct compressor *kdc_stream; 20278f57a9cSMark Johnston uint8_t *kdc_buf; 20378f57a9cSMark Johnston size_t kdc_resid; 20464a16434SMark Johnston }; 20564a16434SMark Johnston 20678f57a9cSMark Johnston static struct kerneldumpcomp *kerneldumpcomp_create(struct dumperinfo *di, 20764a16434SMark Johnston uint8_t compression); 20878f57a9cSMark Johnston static void kerneldumpcomp_destroy(struct dumperinfo *di); 20978f57a9cSMark Johnston static int kerneldumpcomp_write_cb(void *base, size_t len, off_t off, void *arg); 21064a16434SMark Johnston 21164a16434SMark Johnston static int kerneldump_gzlevel = 6; 21264a16434SMark Johnston SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN, 21364a16434SMark Johnston &kerneldump_gzlevel, 0, 21478f57a9cSMark Johnston "Kernel crash dump compression level"); 21564a16434SMark Johnston 2165230cfd2SJulian Elischer /* 217ad4240feSJulian Elischer * Variable panicstr contains argument to first call to panic; used as flag 218ad4240feSJulian Elischer * to indicate that the kernel has already called panic. 219ad4240feSJulian Elischer */ 22061322a0aSAlexander Motin const char __read_mostly *panicstr; 221ad4240feSJulian Elischer 22261322a0aSAlexander Motin int __read_mostly dumping; /* system is dumping */ 22336a52c3cSJeff Roberson int rebooting; /* system is rebooting */ 2246b6e2954SConrad Meyer /* 2256b6e2954SConrad Meyer * Used to serialize between sysctl kern.shutdown.dumpdevname and list 2266b6e2954SConrad Meyer * modifications via ioctl. 2276b6e2954SConrad Meyer */ 2286b6e2954SConrad Meyer static struct mtx dumpconf_list_lk; 2296b6e2954SConrad Meyer MTX_SYSINIT(dumper_configs, &dumpconf_list_lk, "dumper config list", MTX_DEF); 2306b6e2954SConrad Meyer 2316b6e2954SConrad Meyer /* Our selected dumper(s). */ 2326b6e2954SConrad Meyer static TAILQ_HEAD(dumpconflist, dumperinfo) dumper_configs = 2336b6e2954SConrad Meyer TAILQ_HEAD_INITIALIZER(dumper_configs); 2342d50560aSMarcel Moolenaar 2352d50560aSMarcel Moolenaar /* Context information for dump-debuggers. */ 2362d50560aSMarcel Moolenaar static struct pcb dumppcb; /* Registers. */ 237ac6e25ecSHartmut Brandt lwpid_t dumptid; /* Thread ID. */ 23816a011f9SPaul Saab 2390d3d0cc3SEdward Tomasz Napierala static struct cdevsw reroot_cdevsw = { 2400d3d0cc3SEdward Tomasz Napierala .d_version = D_VERSION, 2410d3d0cc3SEdward Tomasz Napierala .d_name = "reroot", 2420d3d0cc3SEdward Tomasz Napierala }; 2430d3d0cc3SEdward Tomasz Napierala 24482acbcf5SPeter Wemm static void poweroff_wait(void *, int); 24582acbcf5SPeter Wemm static void shutdown_halt(void *junk, int howto); 24682acbcf5SPeter Wemm static void shutdown_panic(void *junk, int howto); 24782acbcf5SPeter Wemm static void shutdown_reset(void *junk, int howto); 2480d3d0cc3SEdward Tomasz Napierala static int kern_reroot(void); 249f06a54f0SPoul-Henning Kamp 250fcb893a8SMike Smith /* register various local shutdown events */ 251fcb893a8SMike Smith static void 252fcb893a8SMike Smith shutdown_conf(void *unused) 253fcb893a8SMike Smith { 254e95499bdSAlfred Perlstein 255e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 256fd104c15SRebecca Cran SHUTDOWN_PRI_FIRST); 257e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 258e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 100); 259e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 260e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 100); 261e95499bdSAlfred Perlstein EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 262e95499bdSAlfred Perlstein SHUTDOWN_PRI_LAST + 200); 263fcb893a8SMike Smith } 264ad4240feSJulian Elischer 265237fdd78SRobert Watson SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 266fcb893a8SMike Smith 267ad4240feSJulian Elischer /* 2680d3d0cc3SEdward Tomasz Napierala * The only reason this exists is to create the /dev/reroot/ directory, 2690d3d0cc3SEdward Tomasz Napierala * used by reroot code in init(8) as a mountpoint for tmpfs. 2700d3d0cc3SEdward Tomasz Napierala */ 2710d3d0cc3SEdward Tomasz Napierala static void 2720d3d0cc3SEdward Tomasz Napierala reroot_conf(void *unused) 2730d3d0cc3SEdward Tomasz Napierala { 2740d3d0cc3SEdward Tomasz Napierala int error; 2750d3d0cc3SEdward Tomasz Napierala struct cdev *cdev; 2760d3d0cc3SEdward Tomasz Napierala 2770d3d0cc3SEdward Tomasz Napierala error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 2780d3d0cc3SEdward Tomasz Napierala &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 2790d3d0cc3SEdward Tomasz Napierala if (error != 0) { 2800d3d0cc3SEdward Tomasz Napierala printf("%s: failed to create device node, error %d", 2810d3d0cc3SEdward Tomasz Napierala __func__, error); 2820d3d0cc3SEdward Tomasz Napierala } 2830d3d0cc3SEdward Tomasz Napierala } 2840d3d0cc3SEdward Tomasz Napierala 2850d3d0cc3SEdward Tomasz Napierala SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 2860d3d0cc3SEdward Tomasz Napierala 2870d3d0cc3SEdward Tomasz Napierala /* 2880c14ff0eSRobert Watson * The system call that results in a reboot. 289ad4240feSJulian Elischer */ 290835a82eeSMatthew Dillon /* ARGSUSED */ 291ad4240feSJulian Elischer int 2928451d0ddSKip Macy sys_reboot(struct thread *td, struct reboot_args *uap) 293ad4240feSJulian Elischer { 294ad4240feSJulian Elischer int error; 295ad4240feSJulian Elischer 296a2ecb9b7SRobert Watson error = 0; 297a2ecb9b7SRobert Watson #ifdef MAC 29830d239bcSRobert Watson error = mac_system_check_reboot(td->td_ucred, uap->opt); 299a2ecb9b7SRobert Watson #endif 300a2ecb9b7SRobert Watson if (error == 0) 301acd3428bSRobert Watson error = priv_check(td, PRIV_REBOOT); 302a2ecb9b7SRobert Watson if (error == 0) { 303d5292812SWarner Losh if (uap->opt & RB_REROOT) 3040d3d0cc3SEdward Tomasz Napierala error = kern_reroot(); 305d5292812SWarner Losh else 30676e18b25SMarcel Moolenaar kern_reboot(uap->opt); 3070d3d0cc3SEdward Tomasz Napierala } 308835a82eeSMatthew Dillon return (error); 309ad4240feSJulian Elischer } 310ad4240feSJulian Elischer 311c3982007SKonstantin Belousov static void 312c3982007SKonstantin Belousov shutdown_nice_task_fn(void *arg, int pending __unused) 313ad4240feSJulian Elischer { 314c3982007SKonstantin Belousov int howto; 315e95499bdSAlfred Perlstein 316c3982007SKonstantin Belousov howto = (uintptr_t)arg; 317912d5937SEd Schouten /* Send a signal to init(8) and have it shutdown the world. */ 31887729a2bSJohn Baldwin PROC_LOCK(initproc); 319912d5937SEd Schouten if (howto & RB_POWEROFF) 320912d5937SEd Schouten kern_psignal(initproc, SIGUSR2); 3217d41b6f0SWarner Losh else if (howto & RB_POWERCYCLE) 3227d41b6f0SWarner Losh kern_psignal(initproc, SIGWINCH); 323912d5937SEd Schouten else if (howto & RB_HALT) 324912d5937SEd Schouten kern_psignal(initproc, SIGUSR1); 325912d5937SEd Schouten else 3268451d0ddSKip Macy kern_psignal(initproc, SIGINT); 32787729a2bSJohn Baldwin PROC_UNLOCK(initproc); 328c3982007SKonstantin Belousov } 329c3982007SKonstantin Belousov 330c3982007SKonstantin Belousov static struct task shutdown_nice_task = TASK_INITIALIZER(0, 331c3982007SKonstantin Belousov &shutdown_nice_task_fn, NULL); 332c3982007SKonstantin Belousov 333c3982007SKonstantin Belousov /* 334c3982007SKonstantin Belousov * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 335c3982007SKonstantin Belousov */ 336c3982007SKonstantin Belousov void 337c3982007SKonstantin Belousov shutdown_nice(int howto) 338c3982007SKonstantin Belousov { 339c3982007SKonstantin Belousov 340c3982007SKonstantin Belousov if (initproc != NULL && !SCHEDULER_STOPPED()) { 341c3982007SKonstantin Belousov shutdown_nice_task.ta_context = (void *)(uintptr_t)howto; 342c3982007SKonstantin Belousov taskqueue_enqueue(taskqueue_fast, &shutdown_nice_task); 343ad4240feSJulian Elischer } else { 344c3982007SKonstantin Belousov /* 345c3982007SKonstantin Belousov * No init(8) running, or scheduler would not allow it 346c3982007SKonstantin Belousov * to run, so simply reboot. 347c3982007SKonstantin Belousov */ 3488f5b107bSEd Schouten kern_reboot(howto | RB_NOSYNC); 349ad4240feSJulian Elischer } 350ad4240feSJulian Elischer } 351ad4240feSJulian Elischer 35272dfe7a3SPoul-Henning Kamp static void 35382acbcf5SPeter Wemm print_uptime(void) 35472dfe7a3SPoul-Henning Kamp { 35572dfe7a3SPoul-Henning Kamp int f; 35672dfe7a3SPoul-Henning Kamp struct timespec ts; 35772dfe7a3SPoul-Henning Kamp 35872dfe7a3SPoul-Henning Kamp getnanouptime(&ts); 35972dfe7a3SPoul-Henning Kamp printf("Uptime: "); 36072dfe7a3SPoul-Henning Kamp f = 0; 36172dfe7a3SPoul-Henning Kamp if (ts.tv_sec >= 86400) { 3624a6404dfSJohn Baldwin printf("%ldd", (long)ts.tv_sec / 86400); 36372dfe7a3SPoul-Henning Kamp ts.tv_sec %= 86400; 36472dfe7a3SPoul-Henning Kamp f = 1; 36572dfe7a3SPoul-Henning Kamp } 36672dfe7a3SPoul-Henning Kamp if (f || ts.tv_sec >= 3600) { 3674a6404dfSJohn Baldwin printf("%ldh", (long)ts.tv_sec / 3600); 36872dfe7a3SPoul-Henning Kamp ts.tv_sec %= 3600; 36972dfe7a3SPoul-Henning Kamp f = 1; 37072dfe7a3SPoul-Henning Kamp } 37172dfe7a3SPoul-Henning Kamp if (f || ts.tv_sec >= 60) { 3724a6404dfSJohn Baldwin printf("%ldm", (long)ts.tv_sec / 60); 37372dfe7a3SPoul-Henning Kamp ts.tv_sec %= 60; 37472dfe7a3SPoul-Henning Kamp f = 1; 37572dfe7a3SPoul-Henning Kamp } 3764a6404dfSJohn Baldwin printf("%lds\n", (long)ts.tv_sec); 37772dfe7a3SPoul-Henning Kamp } 37872dfe7a3SPoul-Henning Kamp 379299cceefSMarcel Moolenaar int 380299cceefSMarcel Moolenaar doadump(boolean_t textdump) 381d39e457bSPoul-Henning Kamp { 382299cceefSMarcel Moolenaar boolean_t coredump; 383f6b4f5caSGavin Atkinson int error; 384e95499bdSAlfred Perlstein 385f6b4f5caSGavin Atkinson error = 0; 386299cceefSMarcel Moolenaar if (dumping) 387299cceefSMarcel Moolenaar return (EBUSY); 3886b6e2954SConrad Meyer if (TAILQ_EMPTY(&dumper_configs)) 389299cceefSMarcel Moolenaar return (ENXIO); 390f6449d9dSJulian Elischer 391d39e457bSPoul-Henning Kamp savectx(&dumppcb); 3922d50560aSMarcel Moolenaar dumptid = curthread->td_tid; 393d39e457bSPoul-Henning Kamp dumping++; 394299cceefSMarcel Moolenaar 395299cceefSMarcel Moolenaar coredump = TRUE; 396618c7db3SRobert Watson #ifdef DDB 397299cceefSMarcel Moolenaar if (textdump && textdump_pending) { 398299cceefSMarcel Moolenaar coredump = FALSE; 3996b6e2954SConrad Meyer textdump_dumpsys(TAILQ_FIRST(&dumper_configs)); 400299cceefSMarcel Moolenaar } 401618c7db3SRobert Watson #endif 4026b6e2954SConrad Meyer if (coredump) { 4036b6e2954SConrad Meyer struct dumperinfo *di; 4046b6e2954SConrad Meyer 4056b6e2954SConrad Meyer TAILQ_FOREACH(di, &dumper_configs, di_next) { 4066b6e2954SConrad Meyer error = dumpsys(di); 4076b6e2954SConrad Meyer if (error == 0) 4086b6e2954SConrad Meyer break; 4096b6e2954SConrad Meyer } 4106b6e2954SConrad Meyer } 411299cceefSMarcel Moolenaar 4129e473363SRuslan Ermilov dumping--; 413f6b4f5caSGavin Atkinson return (error); 414d39e457bSPoul-Henning Kamp } 415d39e457bSPoul-Henning Kamp 416ad4240feSJulian Elischer /* 41770ce93f4SNate Lawson * Shutdown the system cleanly to prepare for reboot, halt, or power off. 418ad4240feSJulian Elischer */ 41976e18b25SMarcel Moolenaar void 42076e18b25SMarcel Moolenaar kern_reboot(int howto) 421ad4240feSJulian Elischer { 42298082691SJeff Roberson static int once = 0; 423ad4240feSJulian Elischer 424f0d847afSWarner Losh /* 425f0d847afSWarner Losh * Normal paths here don't hold Giant, but we can wind up here 426f0d847afSWarner Losh * unexpectedly with it held. Drop it now so we don't have to 427f0d847afSWarner Losh * drop and pick it up elsewhere. The paths it is locking will 428f0d847afSWarner Losh * never be returned to, and it is preferable to preclude 429f0d847afSWarner Losh * deadlock than to lock against code that won't ever 430f0d847afSWarner Losh * continue. 431f0d847afSWarner Losh */ 432f0d847afSWarner Losh while (mtx_owned(&Giant)) 433f0d847afSWarner Losh mtx_unlock(&Giant); 434f0d847afSWarner Losh 435f7ebc7ceSMarcel Moolenaar #if defined(SMP) 43670ce93f4SNate Lawson /* 437efe67753SNathan Whitehorn * Bind us to the first CPU so that all shutdown code runs there. Some 43870ce93f4SNate Lawson * systems don't shutdown properly (i.e., ACPI power off) if we 43970ce93f4SNate Lawson * run on another processor. 44070ce93f4SNate Lawson */ 44135370593SAndriy Gapon if (!SCHEDULER_STOPPED()) { 442982d11f8SJeff Roberson thread_lock(curthread); 443efe67753SNathan Whitehorn sched_bind(curthread, CPU_FIRST()); 444982d11f8SJeff Roberson thread_unlock(curthread); 445efe67753SNathan Whitehorn KASSERT(PCPU_GET(cpuid) == CPU_FIRST(), 446efe67753SNathan Whitehorn ("boot: not running on cpu 0")); 44735370593SAndriy Gapon } 44820e25d7dSPeter Wemm #endif 44936a52c3cSJeff Roberson /* We're in the process of rebooting. */ 45036a52c3cSJeff Roberson rebooting = 1; 45120e25d7dSPeter Wemm 45261e96500SJohn Baldwin /* We are out of the debugger now. */ 4532d50560aSMarcel Moolenaar kdb_active = 0; 45461e96500SJohn Baldwin 4555230cfd2SJulian Elischer /* 4565230cfd2SJulian Elischer * Do any callouts that should be done BEFORE syncing the filesystems. 4575230cfd2SJulian Elischer */ 458fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 4595230cfd2SJulian Elischer 4605230cfd2SJulian Elischer /* 4615230cfd2SJulian Elischer * Now sync filesystems 4625230cfd2SJulian Elischer */ 46398082691SJeff Roberson if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 46498082691SJeff Roberson once = 1; 46598082691SJeff Roberson bufshutdown(show_busybufs); 466ad4240feSJulian Elischer } 4675230cfd2SJulian Elischer 46872dfe7a3SPoul-Henning Kamp print_uptime(); 46972dfe7a3SPoul-Henning Kamp 470bf8696b4SAndriy Gapon cngrab(); 471bf8696b4SAndriy Gapon 4725230cfd2SJulian Elischer /* 4735230cfd2SJulian Elischer * Ok, now do things that assume all filesystem activity has 4745230cfd2SJulian Elischer * been completed. 4755230cfd2SJulian Elischer */ 476fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 47770ce93f4SNate Lawson 478f6449d9dSJulian Elischer if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 479299cceefSMarcel Moolenaar doadump(TRUE); 4802cfa0a03SJustin T. Gibbs 4812cfa0a03SJustin T. Gibbs /* Now that we're going to really halt the system... */ 482fcb893a8SMike Smith EVENTHANDLER_INVOKE(shutdown_final, howto); 4832cfa0a03SJustin T. Gibbs 484fcb893a8SMike Smith for(;;) ; /* safety against shutdown_reset not working */ 485fcb893a8SMike Smith /* NOTREACHED */ 486fcb893a8SMike Smith } 487fcb893a8SMike Smith 488fcb893a8SMike Smith /* 4890d3d0cc3SEdward Tomasz Napierala * The system call that results in changing the rootfs. 4900d3d0cc3SEdward Tomasz Napierala */ 4910d3d0cc3SEdward Tomasz Napierala static int 4920d3d0cc3SEdward Tomasz Napierala kern_reroot(void) 4930d3d0cc3SEdward Tomasz Napierala { 4940d3d0cc3SEdward Tomasz Napierala struct vnode *oldrootvnode, *vp; 4950d3d0cc3SEdward Tomasz Napierala struct mount *mp, *devmp; 4960d3d0cc3SEdward Tomasz Napierala int error; 4970d3d0cc3SEdward Tomasz Napierala 4980d3d0cc3SEdward Tomasz Napierala if (curproc != initproc) 4990d3d0cc3SEdward Tomasz Napierala return (EPERM); 5000d3d0cc3SEdward Tomasz Napierala 5010d3d0cc3SEdward Tomasz Napierala /* 5020d3d0cc3SEdward Tomasz Napierala * Mark the filesystem containing currently-running executable 5030d3d0cc3SEdward Tomasz Napierala * (the temporary copy of init(8)) busy. 5040d3d0cc3SEdward Tomasz Napierala */ 5050d3d0cc3SEdward Tomasz Napierala vp = curproc->p_textvp; 5060d3d0cc3SEdward Tomasz Napierala error = vn_lock(vp, LK_SHARED); 5070d3d0cc3SEdward Tomasz Napierala if (error != 0) 5080d3d0cc3SEdward Tomasz Napierala return (error); 5090d3d0cc3SEdward Tomasz Napierala mp = vp->v_mount; 5100d3d0cc3SEdward Tomasz Napierala error = vfs_busy(mp, MBF_NOWAIT); 5110d3d0cc3SEdward Tomasz Napierala if (error != 0) { 5120d3d0cc3SEdward Tomasz Napierala vfs_ref(mp); 5130d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 5140d3d0cc3SEdward Tomasz Napierala error = vfs_busy(mp, 0); 5150d3d0cc3SEdward Tomasz Napierala vn_lock(vp, LK_SHARED | LK_RETRY); 5160d3d0cc3SEdward Tomasz Napierala vfs_rel(mp); 5170d3d0cc3SEdward Tomasz Napierala if (error != 0) { 5180d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 5190d3d0cc3SEdward Tomasz Napierala return (ENOENT); 5200d3d0cc3SEdward Tomasz Napierala } 521*abd80ddbSMateusz Guzik if (VN_IS_DOOMED(vp)) { 5220d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 5230d3d0cc3SEdward Tomasz Napierala vfs_unbusy(mp); 5240d3d0cc3SEdward Tomasz Napierala return (ENOENT); 5250d3d0cc3SEdward Tomasz Napierala } 5260d3d0cc3SEdward Tomasz Napierala } 5270d3d0cc3SEdward Tomasz Napierala VOP_UNLOCK(vp, 0); 5280d3d0cc3SEdward Tomasz Napierala 5290d3d0cc3SEdward Tomasz Napierala /* 5300d3d0cc3SEdward Tomasz Napierala * Remove the filesystem containing currently-running executable 5310d3d0cc3SEdward Tomasz Napierala * from the mount list, to prevent it from being unmounted 5320d3d0cc3SEdward Tomasz Napierala * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 5330d3d0cc3SEdward Tomasz Napierala * 5340d3d0cc3SEdward Tomasz Napierala * Also preserve /dev - forcibly unmounting it could cause driver 5350d3d0cc3SEdward Tomasz Napierala * reinitialization. 5360d3d0cc3SEdward Tomasz Napierala */ 5370d3d0cc3SEdward Tomasz Napierala 5380d3d0cc3SEdward Tomasz Napierala vfs_ref(rootdevmp); 5390d3d0cc3SEdward Tomasz Napierala devmp = rootdevmp; 5400d3d0cc3SEdward Tomasz Napierala rootdevmp = NULL; 5410d3d0cc3SEdward Tomasz Napierala 5420d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 5430d3d0cc3SEdward Tomasz Napierala TAILQ_REMOVE(&mountlist, mp, mnt_list); 5440d3d0cc3SEdward Tomasz Napierala TAILQ_REMOVE(&mountlist, devmp, mnt_list); 5450d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 5460d3d0cc3SEdward Tomasz Napierala 5470d3d0cc3SEdward Tomasz Napierala oldrootvnode = rootvnode; 5480d3d0cc3SEdward Tomasz Napierala 5490d3d0cc3SEdward Tomasz Napierala /* 5500d3d0cc3SEdward Tomasz Napierala * Unmount everything except for the two filesystems preserved above. 5510d3d0cc3SEdward Tomasz Napierala */ 5520d3d0cc3SEdward Tomasz Napierala vfs_unmountall(); 5530d3d0cc3SEdward Tomasz Napierala 5540d3d0cc3SEdward Tomasz Napierala /* 5550d3d0cc3SEdward Tomasz Napierala * Add /dev back; vfs_mountroot() will move it into its new place. 5560d3d0cc3SEdward Tomasz Napierala */ 5570d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 5580d3d0cc3SEdward Tomasz Napierala TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 5590d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 5600d3d0cc3SEdward Tomasz Napierala rootdevmp = devmp; 5610d3d0cc3SEdward Tomasz Napierala vfs_rel(rootdevmp); 5620d3d0cc3SEdward Tomasz Napierala 5630d3d0cc3SEdward Tomasz Napierala /* 5640d3d0cc3SEdward Tomasz Napierala * Mount the new rootfs. 5650d3d0cc3SEdward Tomasz Napierala */ 5660d3d0cc3SEdward Tomasz Napierala vfs_mountroot(); 5670d3d0cc3SEdward Tomasz Napierala 5680d3d0cc3SEdward Tomasz Napierala /* 5690d3d0cc3SEdward Tomasz Napierala * Update all references to the old rootvnode. 5700d3d0cc3SEdward Tomasz Napierala */ 5710d3d0cc3SEdward Tomasz Napierala mountcheckdirs(oldrootvnode, rootvnode); 5720d3d0cc3SEdward Tomasz Napierala 5730d3d0cc3SEdward Tomasz Napierala /* 5740d3d0cc3SEdward Tomasz Napierala * Add the temporary filesystem back and unbusy it. 5750d3d0cc3SEdward Tomasz Napierala */ 5760d3d0cc3SEdward Tomasz Napierala mtx_lock(&mountlist_mtx); 5770d3d0cc3SEdward Tomasz Napierala TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 5780d3d0cc3SEdward Tomasz Napierala mtx_unlock(&mountlist_mtx); 5790d3d0cc3SEdward Tomasz Napierala vfs_unbusy(mp); 5800d3d0cc3SEdward Tomasz Napierala 5810d3d0cc3SEdward Tomasz Napierala return (0); 5820d3d0cc3SEdward Tomasz Napierala } 5830d3d0cc3SEdward Tomasz Napierala 5840d3d0cc3SEdward Tomasz Napierala /* 585fcb893a8SMike Smith * If the shutdown was a clean halt, behave accordingly. 586fcb893a8SMike Smith */ 587fcb893a8SMike Smith static void 588fcb893a8SMike Smith shutdown_halt(void *junk, int howto) 589fcb893a8SMike Smith { 590e95499bdSAlfred Perlstein 591ad4240feSJulian Elischer if (howto & RB_HALT) { 592ad4240feSJulian Elischer printf("\n"); 593ad4240feSJulian Elischer printf("The operating system has halted.\n"); 594ad4240feSJulian Elischer printf("Please press any key to reboot.\n\n"); 595387df3b8SAndriy Gapon 596387df3b8SAndriy Gapon wdog_kern_pat(WD_TO_NEVER); 597387df3b8SAndriy Gapon 598d13d3630SJulian Elischer switch (cngetc()) { 599d13d3630SJulian Elischer case -1: /* No console, just die */ 600d13d3630SJulian Elischer cpu_halt(); 601d13d3630SJulian Elischer /* NOTREACHED */ 602d13d3630SJulian Elischer default: 603d13d3630SJulian Elischer break; 604d13d3630SJulian Elischer } 605fcb893a8SMike Smith } 606fcb893a8SMike Smith } 607ad4240feSJulian Elischer 608fcb893a8SMike Smith /* 609fcb893a8SMike Smith * Check to see if the system paniced, pause and then reboot 610fcb893a8SMike Smith * according to the specified delay. 611fcb893a8SMike Smith */ 612fcb893a8SMike Smith static void 613fcb893a8SMike Smith shutdown_panic(void *junk, int howto) 614fcb893a8SMike Smith { 615fcb893a8SMike Smith int loop; 616fcb893a8SMike Smith 617fcb893a8SMike Smith if (howto & RB_DUMP) { 6181cdbb9edSColin Percival if (panic_reboot_wait_time != 0) { 6191cdbb9edSColin Percival if (panic_reboot_wait_time != -1) { 6202cfa0a03SJustin T. Gibbs printf("Automatic reboot in %d seconds - " 6212cfa0a03SJustin T. Gibbs "press a key on the console to abort\n", 6221cdbb9edSColin Percival panic_reboot_wait_time); 6231cdbb9edSColin Percival for (loop = panic_reboot_wait_time * 10; 6242cfa0a03SJustin T. Gibbs loop > 0; --loop) { 625ad4240feSJulian Elischer DELAY(1000 * 100); /* 1/10th second */ 626a7f8f2abSBruce Evans /* Did user type a key? */ 627a7f8f2abSBruce Evans if (cncheckc() != -1) 628ad4240feSJulian Elischer break; 629ad4240feSJulian Elischer } 630ad4240feSJulian Elischer if (!loop) 631fcb893a8SMike Smith return; 632ad4240feSJulian Elischer } 633ad4240feSJulian Elischer } else { /* zero time specified - reboot NOW */ 634fcb893a8SMike Smith return; 635ad4240feSJulian Elischer } 636422702e9SNik Clayton printf("--> Press a key on the console to reboot,\n"); 637422702e9SNik Clayton printf("--> or switch off the system now.\n"); 638ad4240feSJulian Elischer cngetc(); 639ad4240feSJulian Elischer } 640fcb893a8SMike Smith } 641fcb893a8SMike Smith 642fcb893a8SMike Smith /* 643fcb893a8SMike Smith * Everything done, now reset 644fcb893a8SMike Smith */ 645fcb893a8SMike Smith static void 646fcb893a8SMike Smith shutdown_reset(void *junk, int howto) 647fcb893a8SMike Smith { 648e95499bdSAlfred Perlstein 649ad4240feSJulian Elischer printf("Rebooting...\n"); 650ad4240feSJulian Elischer DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 651248bb937SAttilio Rao 652248bb937SAttilio Rao /* 653248bb937SAttilio Rao * Acquiring smp_ipi_mtx here has a double effect: 654248bb937SAttilio Rao * - it disables interrupts avoiding CPU0 preemption 655248bb937SAttilio Rao * by fast handlers (thus deadlocking against other CPUs) 656248bb937SAttilio Rao * - it avoids deadlocks against smp_rendezvous() or, more 657248bb937SAttilio Rao * generally, threads busy-waiting, with this spinlock held, 658248bb937SAttilio Rao * and waiting for responses by threads on other CPUs 659248bb937SAttilio Rao * (ie. smp_tlb_shootdown()). 6600a2d5feaSAttilio Rao * 6610a2d5feaSAttilio Rao * For the !SMP case it just needs to handle the former problem. 662248bb937SAttilio Rao */ 6630a2d5feaSAttilio Rao #ifdef SMP 664248bb937SAttilio Rao mtx_lock_spin(&smp_ipi_mtx); 6650a2d5feaSAttilio Rao #else 6660a2d5feaSAttilio Rao spinlock_enter(); 6670a2d5feaSAttilio Rao #endif 668248bb937SAttilio Rao 669269fb9d7SJulian Elischer /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 670ad4240feSJulian Elischer cpu_reset(); 671fcb893a8SMike Smith /* NOTREACHED */ /* assuming reset worked */ 672ad4240feSJulian Elischer } 673ad4240feSJulian Elischer 674a0d20ecbSGleb Smirnoff #if defined(WITNESS) || defined(INVARIANT_SUPPORT) 6753945a964SAlfred Perlstein static int kassert_warn_only = 0; 676a94053baSAlfred Perlstein #ifdef KDB 677a94053baSAlfred Perlstein static int kassert_do_kdb = 0; 678a94053baSAlfred Perlstein #endif 6793945a964SAlfred Perlstein #ifdef KTR 6803945a964SAlfred Perlstein static int kassert_do_ktr = 0; 6813945a964SAlfred Perlstein #endif 6823945a964SAlfred Perlstein static int kassert_do_log = 1; 6833945a964SAlfred Perlstein static int kassert_log_pps_limit = 4; 6843945a964SAlfred Perlstein static int kassert_log_mute_at = 0; 6853945a964SAlfred Perlstein static int kassert_log_panic_at = 0; 68618959b69SJonathan T. Looney static int kassert_suppress_in_panic = 0; 6873945a964SAlfred Perlstein static int kassert_warnings = 0; 6883945a964SAlfred Perlstein 6893945a964SAlfred Perlstein SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 6903945a964SAlfred Perlstein 6914ca8c1efSConrad Meyer #ifdef KASSERT_PANIC_OPTIONAL 6924ca8c1efSConrad Meyer #define KASSERT_RWTUN CTLFLAG_RWTUN 6934ca8c1efSConrad Meyer #else 6944ca8c1efSConrad Meyer #define KASSERT_RWTUN CTLFLAG_RDTUN 6954ca8c1efSConrad Meyer #endif 6964ca8c1efSConrad Meyer 6974ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, KASSERT_RWTUN, 6983945a964SAlfred Perlstein &kassert_warn_only, 0, 6994ca8c1efSConrad Meyer "KASSERT triggers a panic (0) or just a warning (1)"); 7003945a964SAlfred Perlstein 701a94053baSAlfred Perlstein #ifdef KDB 7024ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, KASSERT_RWTUN, 703a94053baSAlfred Perlstein &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 704a94053baSAlfred Perlstein #endif 705a94053baSAlfred Perlstein 7063945a964SAlfred Perlstein #ifdef KTR 7074ca8c1efSConrad Meyer SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, KASSERT_RWTUN, 7083945a964SAlfred Perlstein &kassert_do_ktr, 0, 7093945a964SAlfred Perlstein "KASSERT does a KTR, set this to the KTRMASK you want"); 7103945a964SAlfred Perlstein #endif 7113945a964SAlfred Perlstein 7124ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, KASSERT_RWTUN, 71307aa6ea6SConrad Meyer &kassert_do_log, 0, 71407aa6ea6SConrad Meyer "If warn_only is enabled, log (1) or do not log (0) assertion violations"); 7153945a964SAlfred Perlstein 7163ad1ce46SAndriy Gapon SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RD | CTLFLAG_STATS, 7173945a964SAlfred Perlstein &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 7183945a964SAlfred Perlstein 7194ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, KASSERT_RWTUN, 7203945a964SAlfred Perlstein &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 7213945a964SAlfred Perlstein 7224ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, KASSERT_RWTUN, 7233945a964SAlfred Perlstein &kassert_log_pps_limit, 0, "limit number of log messages per second"); 7243945a964SAlfred Perlstein 7254ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, KASSERT_RWTUN, 7263945a964SAlfred Perlstein &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 7273945a964SAlfred Perlstein 7284ca8c1efSConrad Meyer SYSCTL_INT(_debug_kassert, OID_AUTO, suppress_in_panic, KASSERT_RWTUN, 72944b71282SJonathan T. Looney &kassert_suppress_in_panic, 0, 73044b71282SJonathan T. Looney "KASSERTs will be suppressed while handling a panic"); 7314ca8c1efSConrad Meyer #undef KASSERT_RWTUN 73244b71282SJonathan T. Looney 7333945a964SAlfred Perlstein static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 7343945a964SAlfred Perlstein 7353945a964SAlfred Perlstein SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 7363945a964SAlfred Perlstein CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 7373945a964SAlfred Perlstein kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 7383945a964SAlfred Perlstein 7393945a964SAlfred Perlstein static int 7403945a964SAlfred Perlstein kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 7413945a964SAlfred Perlstein { 7423945a964SAlfred Perlstein int error, i; 7433945a964SAlfred Perlstein 7443945a964SAlfred Perlstein error = sysctl_wire_old_buffer(req, sizeof(int)); 7453945a964SAlfred Perlstein if (error == 0) { 7463945a964SAlfred Perlstein i = 0; 7473945a964SAlfred Perlstein error = sysctl_handle_int(oidp, &i, 0, req); 7483945a964SAlfred Perlstein } 7493945a964SAlfred Perlstein if (error != 0 || req->newptr == NULL) 7503945a964SAlfred Perlstein return (error); 7513945a964SAlfred Perlstein KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 7523945a964SAlfred Perlstein return (0); 7533945a964SAlfred Perlstein } 7543945a964SAlfred Perlstein 7554ca8c1efSConrad Meyer #ifdef KASSERT_PANIC_OPTIONAL 7563945a964SAlfred Perlstein /* 7573945a964SAlfred Perlstein * Called by KASSERT, this decides if we will panic 7583945a964SAlfred Perlstein * or if we will log via printf and/or ktr. 7593945a964SAlfred Perlstein */ 7603945a964SAlfred Perlstein void 7613945a964SAlfred Perlstein kassert_panic(const char *fmt, ...) 7623945a964SAlfred Perlstein { 7633945a964SAlfred Perlstein static char buf[256]; 7643945a964SAlfred Perlstein va_list ap; 7653945a964SAlfred Perlstein 7663945a964SAlfred Perlstein va_start(ap, fmt); 7673945a964SAlfred Perlstein (void)vsnprintf(buf, sizeof(buf), fmt, ap); 7683945a964SAlfred Perlstein va_end(ap); 7693945a964SAlfred Perlstein 7703945a964SAlfred Perlstein /* 77165df1248SConrad Meyer * If we are suppressing secondary panics, log the warning but do not 77265df1248SConrad Meyer * re-enter panic/kdb. 77365df1248SConrad Meyer */ 77465df1248SConrad Meyer if (panicstr != NULL && kassert_suppress_in_panic) { 77565df1248SConrad Meyer if (kassert_do_log) { 77665df1248SConrad Meyer printf("KASSERT failed: %s\n", buf); 77765df1248SConrad Meyer #ifdef KDB 77865df1248SConrad Meyer if (trace_all_panics && trace_on_panic) 77965df1248SConrad Meyer kdb_backtrace(); 78065df1248SConrad Meyer #endif 78165df1248SConrad Meyer } 78265df1248SConrad Meyer return; 78365df1248SConrad Meyer } 78465df1248SConrad Meyer 78565df1248SConrad Meyer /* 7863945a964SAlfred Perlstein * panic if we're not just warning, or if we've exceeded 7873945a964SAlfred Perlstein * kassert_log_panic_at warnings. 7883945a964SAlfred Perlstein */ 7893945a964SAlfred Perlstein if (!kassert_warn_only || 7903945a964SAlfred Perlstein (kassert_log_panic_at > 0 && 7913945a964SAlfred Perlstein kassert_warnings >= kassert_log_panic_at)) { 7923945a964SAlfred Perlstein va_start(ap, fmt); 7933945a964SAlfred Perlstein vpanic(fmt, ap); 7943945a964SAlfred Perlstein /* NORETURN */ 7953945a964SAlfred Perlstein } 7963945a964SAlfred Perlstein #ifdef KTR 7973945a964SAlfred Perlstein if (kassert_do_ktr) 7983945a964SAlfred Perlstein CTR0(ktr_mask, buf); 7993945a964SAlfred Perlstein #endif /* KTR */ 8003945a964SAlfred Perlstein /* 8013945a964SAlfred Perlstein * log if we've not yet met the mute limit. 8023945a964SAlfred Perlstein */ 8033945a964SAlfred Perlstein if (kassert_do_log && 8043945a964SAlfred Perlstein (kassert_log_mute_at == 0 || 8053945a964SAlfred Perlstein kassert_warnings < kassert_log_mute_at)) { 8063945a964SAlfred Perlstein static struct timeval lasterr; 8073945a964SAlfred Perlstein static int curerr; 8083945a964SAlfred Perlstein 8093945a964SAlfred Perlstein if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 8103945a964SAlfred Perlstein printf("KASSERT failed: %s\n", buf); 8113945a964SAlfred Perlstein kdb_backtrace(); 8123945a964SAlfred Perlstein } 8133945a964SAlfred Perlstein } 814a94053baSAlfred Perlstein #ifdef KDB 815a94053baSAlfred Perlstein if (kassert_do_kdb) { 816a94053baSAlfred Perlstein kdb_enter(KDB_WHY_KASSERT, buf); 817a94053baSAlfred Perlstein } 818a94053baSAlfred Perlstein #endif 8193945a964SAlfred Perlstein atomic_add_int(&kassert_warnings, 1); 8203945a964SAlfred Perlstein } 8214ca8c1efSConrad Meyer #endif /* KASSERT_PANIC_OPTIONAL */ 8223945a964SAlfred Perlstein #endif 8233945a964SAlfred Perlstein 824ad4240feSJulian Elischer /* 825ad4240feSJulian Elischer * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 826ad4240feSJulian Elischer * and then reboots. If we are called twice, then we avoid trying to sync 827ad4240feSJulian Elischer * the disks as this often leads to recursive panics. 828ad4240feSJulian Elischer */ 829ad4240feSJulian Elischer void 8309a6dc4b6SPoul-Henning Kamp panic(const char *fmt, ...) 831ad4240feSJulian Elischer { 8323945a964SAlfred Perlstein va_list ap; 8333945a964SAlfred Perlstein 8343945a964SAlfred Perlstein va_start(ap, fmt); 8353945a964SAlfred Perlstein vpanic(fmt, ap); 8363945a964SAlfred Perlstein } 8373945a964SAlfred Perlstein 838da10a603SMark Johnston void 8393945a964SAlfred Perlstein vpanic(const char *fmt, va_list ap) 8403945a964SAlfred Perlstein { 84164dd590eSAndriy Gapon #ifdef SMP 84235370593SAndriy Gapon cpuset_t other_cpus; 84364dd590eSAndriy Gapon #endif 844fe799533SAndrew Gallatin struct thread *td = curthread; 845e485b64bSJohn Baldwin int bootopt, newpanic; 84699237364SAndrey A. Chernov static char buf[256]; 847ad4240feSJulian Elischer 84835370593SAndriy Gapon spinlock_enter(); 84935370593SAndriy Gapon 8500384fff8SJason Evans #ifdef SMP 8511a5333c3SJohn Baldwin /* 8526898bee9SAndriy Gapon * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 8536898bee9SAndriy Gapon * concurrently entering panic. Only the winner will proceed 8546898bee9SAndriy Gapon * further. 8551a5333c3SJohn Baldwin */ 85635370593SAndriy Gapon if (panicstr == NULL && !kdb_active) { 85735370593SAndriy Gapon other_cpus = all_cpus; 85835370593SAndriy Gapon CPU_CLR(PCPU_GET(cpuid), &other_cpus); 85935370593SAndriy Gapon stop_cpus_hard(other_cpus); 86035370593SAndriy Gapon } 86142d33c1fSMark Johnston #endif 86235370593SAndriy Gapon 86335370593SAndriy Gapon /* 8649ad64f27SMark Johnston * Ensure that the scheduler is stopped while panicking, even if panic 8659ad64f27SMark Johnston * has been entered from kdb. 86635370593SAndriy Gapon */ 8675d7380f8SAttilio Rao td->td_stopsched = 1; 8680384fff8SJason Evans 869e3adb685SAttilio Rao bootopt = RB_AUTOBOOT; 870e485b64bSJohn Baldwin newpanic = 0; 871ad4240feSJulian Elischer if (panicstr) 872ad4240feSJulian Elischer bootopt |= RB_NOSYNC; 873e485b64bSJohn Baldwin else { 874e3adb685SAttilio Rao bootopt |= RB_DUMP; 875ad4240feSJulian Elischer panicstr = fmt; 876e485b64bSJohn Baldwin newpanic = 1; 877e485b64bSJohn Baldwin } 878ad4240feSJulian Elischer 8794f1b4577SIan Dowse if (newpanic) { 8802127f260SArchie Cobbs (void)vsnprintf(buf, sizeof(buf), fmt, ap); 88199237364SAndrey A. Chernov panicstr = buf; 882bf8696b4SAndriy Gapon cngrab(); 8839a6dc4b6SPoul-Henning Kamp printf("panic: %s\n", buf); 8844f1b4577SIan Dowse } else { 8854f1b4577SIan Dowse printf("panic: "); 8864f1b4577SIan Dowse vprintf(fmt, ap); 8879a6dc4b6SPoul-Henning Kamp printf("\n"); 8884f1b4577SIan Dowse } 88947d81897SSteve Passe #ifdef SMP 89055c45354SJohn Baldwin printf("cpuid = %d\n", PCPU_GET(cpuid)); 8912bcc63c5SJohn Baldwin #endif 8926cf0c1dbSGleb Smirnoff printf("time = %jd\n", (intmax_t )time_second); 8932d50560aSMarcel Moolenaar #ifdef KDB 894ad1fc315SConrad Meyer if ((newpanic || trace_all_panics) && trace_on_panic) 8952d50560aSMarcel Moolenaar kdb_backtrace(); 896ad4240feSJulian Elischer if (debugger_on_panic) 8973de213ccSRobert Watson kdb_enter(KDB_WHY_PANIC, "panic"); 8981432aa0cSJohn Baldwin #endif 899982d11f8SJeff Roberson /*thread_lock(td); */ 900fe799533SAndrew Gallatin td->td_flags |= TDF_INPANIC; 901982d11f8SJeff Roberson /* thread_unlock(td); */ 902259ed917SPeter Wemm if (!sync_on_panic) 903259ed917SPeter Wemm bootopt |= RB_NOSYNC; 90448f1a492SWarner Losh if (poweroff_on_panic) 90548f1a492SWarner Losh bootopt |= RB_POWEROFF; 90648f1a492SWarner Losh if (powercycle_on_panic) 90748f1a492SWarner Losh bootopt |= RB_POWERCYCLE; 90876e18b25SMarcel Moolenaar kern_reboot(bootopt); 909ad4240feSJulian Elischer } 910ad4240feSJulian Elischer 911e0d898b4SJulian Elischer /* 912db82a982SMike Smith * Support for poweroff delay. 913b22692bdSNick Hibma * 914b22692bdSNick Hibma * Please note that setting this delay too short might power off your machine 915b22692bdSNick Hibma * before the write cache on your hard disk has been flushed, leading to 916b22692bdSNick Hibma * soft-updates inconsistencies. 917db82a982SMike Smith */ 9189eec6969SMike Smith #ifndef POWEROFF_DELAY 9199eec6969SMike Smith # define POWEROFF_DELAY 5000 9209eec6969SMike Smith #endif 9219eec6969SMike Smith static int poweroff_delay = POWEROFF_DELAY; 9229eec6969SMike Smith 923db82a982SMike Smith SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 9243eb9ab52SEitan Adler &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 925db82a982SMike Smith 926fcb893a8SMike Smith static void 927fcb893a8SMike Smith poweroff_wait(void *junk, int howto) 928db82a982SMike Smith { 929e95499bdSAlfred Perlstein 9307d41b6f0SWarner Losh if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0) 931db82a982SMike Smith return; 932db82a982SMike Smith DELAY(poweroff_delay * 1000); 933db82a982SMike Smith } 9345e950839SLuoqi Chen 9355e950839SLuoqi Chen /* 9365e950839SLuoqi Chen * Some system processes (e.g. syncer) need to be stopped at appropriate 9375e950839SLuoqi Chen * points in their main loops prior to a system shutdown, so that they 9385e950839SLuoqi Chen * won't interfere with the shutdown process (e.g. by holding a disk buf 9395e950839SLuoqi Chen * to cause sync to fail). For each of these system processes, register 9405e950839SLuoqi Chen * shutdown_kproc() as a handler for one of shutdown events. 9415e950839SLuoqi Chen */ 9425e950839SLuoqi Chen static int kproc_shutdown_wait = 60; 9435e950839SLuoqi Chen SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 9443eb9ab52SEitan Adler &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 9455e950839SLuoqi Chen 9465e950839SLuoqi Chen void 947ffc831daSJohn Baldwin kproc_shutdown(void *arg, int howto) 9485e950839SLuoqi Chen { 9495e950839SLuoqi Chen struct proc *p; 9505e950839SLuoqi Chen int error; 9515e950839SLuoqi Chen 9525e950839SLuoqi Chen if (panicstr) 9535e950839SLuoqi Chen return; 9545e950839SLuoqi Chen 9555e950839SLuoqi Chen p = (struct proc *)arg; 956b1c81391SNate Lawson printf("Waiting (max %d seconds) for system process `%s' to stop... ", 9574f9d48e4SJohn Baldwin kproc_shutdown_wait, p->p_comm); 9583745c395SJulian Elischer error = kproc_suspend(p, kproc_shutdown_wait * hz); 9595e950839SLuoqi Chen 9605e950839SLuoqi Chen if (error == EWOULDBLOCK) 961b1c81391SNate Lawson printf("timed out\n"); 9625e950839SLuoqi Chen else 963b1c81391SNate Lawson printf("done\n"); 9645e950839SLuoqi Chen } 96581661c94SPoul-Henning Kamp 9667ab24ea3SJulian Elischer void 9677ab24ea3SJulian Elischer kthread_shutdown(void *arg, int howto) 9687ab24ea3SJulian Elischer { 9697ab24ea3SJulian Elischer struct thread *td; 9707ab24ea3SJulian Elischer int error; 9717ab24ea3SJulian Elischer 9727ab24ea3SJulian Elischer if (panicstr) 9737ab24ea3SJulian Elischer return; 9747ab24ea3SJulian Elischer 9757ab24ea3SJulian Elischer td = (struct thread *)arg; 9767ab24ea3SJulian Elischer printf("Waiting (max %d seconds) for system thread `%s' to stop... ", 9774f9d48e4SJohn Baldwin kproc_shutdown_wait, td->td_name); 9787ab24ea3SJulian Elischer error = kthread_suspend(td, kproc_shutdown_wait * hz); 9797ab24ea3SJulian Elischer 9807ab24ea3SJulian Elischer if (error == EWOULDBLOCK) 9817ab24ea3SJulian Elischer printf("timed out\n"); 9827ab24ea3SJulian Elischer else 9837ab24ea3SJulian Elischer printf("done\n"); 9847ab24ea3SJulian Elischer } 9857ab24ea3SJulian Elischer 9866b6e2954SConrad Meyer static int 9876b6e2954SConrad Meyer dumpdevname_sysctl_handler(SYSCTL_HANDLER_ARGS) 9886b6e2954SConrad Meyer { 9896b6e2954SConrad Meyer char buf[256]; 9906b6e2954SConrad Meyer struct dumperinfo *di; 9916b6e2954SConrad Meyer struct sbuf sb; 9926b6e2954SConrad Meyer int error; 9936b6e2954SConrad Meyer 9946b6e2954SConrad Meyer error = sysctl_wire_old_buffer(req, 0); 9956b6e2954SConrad Meyer if (error != 0) 9966b6e2954SConrad Meyer return (error); 9976b6e2954SConrad Meyer 9986b6e2954SConrad Meyer sbuf_new_for_sysctl(&sb, buf, sizeof(buf), req); 9996b6e2954SConrad Meyer 10006b6e2954SConrad Meyer mtx_lock(&dumpconf_list_lk); 10016b6e2954SConrad Meyer TAILQ_FOREACH(di, &dumper_configs, di_next) { 10026b6e2954SConrad Meyer if (di != TAILQ_FIRST(&dumper_configs)) 10036b6e2954SConrad Meyer sbuf_putc(&sb, ','); 10046b6e2954SConrad Meyer sbuf_cat(&sb, di->di_devname); 10056b6e2954SConrad Meyer } 10066b6e2954SConrad Meyer mtx_unlock(&dumpconf_list_lk); 10076b6e2954SConrad Meyer 10086b6e2954SConrad Meyer error = sbuf_finish(&sb); 10096b6e2954SConrad Meyer sbuf_delete(&sb); 10106b6e2954SConrad Meyer return (error); 10116b6e2954SConrad Meyer } 10126b6e2954SConrad Meyer SYSCTL_PROC(_kern_shutdown, OID_AUTO, dumpdevname, CTLTYPE_STRING | CTLFLAG_RD, 10136b6e2954SConrad Meyer &dumper_configs, 0, dumpdevname_sysctl_handler, "A", 10146b6e2954SConrad Meyer "Device(s) for kernel dumps"); 1015bad7e7f3SAlfred Perlstein 101664a16434SMark Johnston static int _dump_append(struct dumperinfo *di, void *virtual, 101764a16434SMark Johnston vm_offset_t physical, size_t length); 101864a16434SMark Johnston 1019480f31c2SKonrad Witaszczyk #ifdef EKCD 1020480f31c2SKonrad Witaszczyk static struct kerneldumpcrypto * 1021480f31c2SKonrad Witaszczyk kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, 1022480f31c2SKonrad Witaszczyk const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) 1023480f31c2SKonrad Witaszczyk { 1024480f31c2SKonrad Witaszczyk struct kerneldumpcrypto *kdc; 1025480f31c2SKonrad Witaszczyk struct kerneldumpkey *kdk; 1026480f31c2SKonrad Witaszczyk uint32_t dumpkeysize; 1027480f31c2SKonrad Witaszczyk 1028480f31c2SKonrad Witaszczyk dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); 1029480f31c2SKonrad Witaszczyk kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); 1030480f31c2SKonrad Witaszczyk 1031480f31c2SKonrad Witaszczyk arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); 1032480f31c2SKonrad Witaszczyk 1033480f31c2SKonrad Witaszczyk kdc->kdc_encryption = encryption; 1034480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 1035480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 1036480f31c2SKonrad Witaszczyk if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) 1037480f31c2SKonrad Witaszczyk goto failed; 1038480f31c2SKonrad Witaszczyk break; 103982985292SConrad Meyer case KERNELDUMP_ENC_CHACHA20: 104082985292SConrad Meyer chacha_keysetup(&kdc->kdc_chacha, key, 256); 104182985292SConrad Meyer break; 1042480f31c2SKonrad Witaszczyk default: 1043480f31c2SKonrad Witaszczyk goto failed; 1044480f31c2SKonrad Witaszczyk } 1045480f31c2SKonrad Witaszczyk 1046480f31c2SKonrad Witaszczyk kdc->kdc_dumpkeysize = dumpkeysize; 1047480f31c2SKonrad Witaszczyk kdk = kdc->kdc_dumpkey; 1048480f31c2SKonrad Witaszczyk kdk->kdk_encryption = kdc->kdc_encryption; 1049480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 1050480f31c2SKonrad Witaszczyk kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); 1051480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); 1052480f31c2SKonrad Witaszczyk 1053480f31c2SKonrad Witaszczyk return (kdc); 1054480f31c2SKonrad Witaszczyk failed: 1055480f31c2SKonrad Witaszczyk explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); 1056480f31c2SKonrad Witaszczyk free(kdc, M_EKCD); 1057480f31c2SKonrad Witaszczyk return (NULL); 1058480f31c2SKonrad Witaszczyk } 1059480f31c2SKonrad Witaszczyk 106050ef60daSMark Johnston static int 1061480f31c2SKonrad Witaszczyk kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) 1062480f31c2SKonrad Witaszczyk { 1063480f31c2SKonrad Witaszczyk uint8_t hash[SHA256_DIGEST_LENGTH]; 1064480f31c2SKonrad Witaszczyk SHA256_CTX ctx; 1065480f31c2SKonrad Witaszczyk struct kerneldumpkey *kdk; 1066480f31c2SKonrad Witaszczyk int error; 1067480f31c2SKonrad Witaszczyk 1068480f31c2SKonrad Witaszczyk error = 0; 1069480f31c2SKonrad Witaszczyk 1070480f31c2SKonrad Witaszczyk if (kdc == NULL) 1071480f31c2SKonrad Witaszczyk return (0); 1072480f31c2SKonrad Witaszczyk 1073480f31c2SKonrad Witaszczyk /* 1074480f31c2SKonrad Witaszczyk * When a user enters ddb it can write a crash dump multiple times. 1075480f31c2SKonrad Witaszczyk * Each time it should be encrypted using a different IV. 1076480f31c2SKonrad Witaszczyk */ 1077480f31c2SKonrad Witaszczyk SHA256_Init(&ctx); 1078480f31c2SKonrad Witaszczyk SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1079480f31c2SKonrad Witaszczyk SHA256_Final(hash, &ctx); 1080480f31c2SKonrad Witaszczyk bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 1081480f31c2SKonrad Witaszczyk 1082480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 1083480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 1084480f31c2SKonrad Witaszczyk if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1085480f31c2SKonrad Witaszczyk kdc->kdc_iv) <= 0) { 1086480f31c2SKonrad Witaszczyk error = EINVAL; 1087480f31c2SKonrad Witaszczyk goto out; 1088480f31c2SKonrad Witaszczyk } 1089480f31c2SKonrad Witaszczyk break; 109082985292SConrad Meyer case KERNELDUMP_ENC_CHACHA20: 109182985292SConrad Meyer chacha_ivsetup(&kdc->kdc_chacha, kdc->kdc_iv, NULL); 109282985292SConrad Meyer break; 1093480f31c2SKonrad Witaszczyk default: 1094480f31c2SKonrad Witaszczyk error = EINVAL; 1095480f31c2SKonrad Witaszczyk goto out; 1096480f31c2SKonrad Witaszczyk } 1097480f31c2SKonrad Witaszczyk 1098480f31c2SKonrad Witaszczyk kdk = kdc->kdc_dumpkey; 1099480f31c2SKonrad Witaszczyk memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 1100480f31c2SKonrad Witaszczyk out: 1101480f31c2SKonrad Witaszczyk explicit_bzero(hash, sizeof(hash)); 1102480f31c2SKonrad Witaszczyk return (error); 1103480f31c2SKonrad Witaszczyk } 1104480f31c2SKonrad Witaszczyk 110501938d36SMark Johnston static uint32_t 1106480f31c2SKonrad Witaszczyk kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) 1107480f31c2SKonrad Witaszczyk { 1108480f31c2SKonrad Witaszczyk 1109480f31c2SKonrad Witaszczyk if (kdc == NULL) 1110480f31c2SKonrad Witaszczyk return (0); 1111480f31c2SKonrad Witaszczyk return (kdc->kdc_dumpkeysize); 1112480f31c2SKonrad Witaszczyk } 111301938d36SMark Johnston #endif /* EKCD */ 1114480f31c2SKonrad Witaszczyk 111578f57a9cSMark Johnston static struct kerneldumpcomp * 111678f57a9cSMark Johnston kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression) 111764a16434SMark Johnston { 111878f57a9cSMark Johnston struct kerneldumpcomp *kdcomp; 11196026dcd7SMark Johnston int format; 112064a16434SMark Johnston 11216026dcd7SMark Johnston switch (compression) { 11226026dcd7SMark Johnston case KERNELDUMP_COMP_GZIP: 11236026dcd7SMark Johnston format = COMPRESS_GZIP; 11246026dcd7SMark Johnston break; 11256026dcd7SMark Johnston case KERNELDUMP_COMP_ZSTD: 11266026dcd7SMark Johnston format = COMPRESS_ZSTD; 11276026dcd7SMark Johnston break; 11286026dcd7SMark Johnston default: 112964a16434SMark Johnston return (NULL); 11306026dcd7SMark Johnston } 11316026dcd7SMark Johnston 113278f57a9cSMark Johnston kdcomp = malloc(sizeof(*kdcomp), M_DUMPER, M_WAITOK | M_ZERO); 11336026dcd7SMark Johnston kdcomp->kdc_format = compression; 113478f57a9cSMark Johnston kdcomp->kdc_stream = compressor_init(kerneldumpcomp_write_cb, 11356026dcd7SMark Johnston format, di->maxiosize, kerneldump_gzlevel, di); 113678f57a9cSMark Johnston if (kdcomp->kdc_stream == NULL) { 113778f57a9cSMark Johnston free(kdcomp, M_DUMPER); 113864a16434SMark Johnston return (NULL); 113964a16434SMark Johnston } 114078f57a9cSMark Johnston kdcomp->kdc_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP); 114178f57a9cSMark Johnston return (kdcomp); 114264a16434SMark Johnston } 114364a16434SMark Johnston 114464a16434SMark Johnston static void 114578f57a9cSMark Johnston kerneldumpcomp_destroy(struct dumperinfo *di) 114664a16434SMark Johnston { 114778f57a9cSMark Johnston struct kerneldumpcomp *kdcomp; 114864a16434SMark Johnston 114978f57a9cSMark Johnston kdcomp = di->kdcomp; 115078f57a9cSMark Johnston if (kdcomp == NULL) 115164a16434SMark Johnston return; 115278f57a9cSMark Johnston compressor_fini(kdcomp->kdc_stream); 115378f57a9cSMark Johnston explicit_bzero(kdcomp->kdc_buf, di->maxiosize); 115478f57a9cSMark Johnston free(kdcomp->kdc_buf, M_DUMPER); 115578f57a9cSMark Johnston free(kdcomp, M_DUMPER); 115664a16434SMark Johnston } 115764a16434SMark Johnston 11586b6e2954SConrad Meyer /* 11596b6e2954SConrad Meyer * Must not be present on global list. 11606b6e2954SConrad Meyer */ 11616b6e2954SConrad Meyer static void 11626b6e2954SConrad Meyer free_single_dumper(struct dumperinfo *di) 11636b6e2954SConrad Meyer { 11646b6e2954SConrad Meyer 11656b6e2954SConrad Meyer if (di == NULL) 11666b6e2954SConrad Meyer return; 11676b6e2954SConrad Meyer 11686b6e2954SConrad Meyer if (di->blockbuf != NULL) { 11696b6e2954SConrad Meyer explicit_bzero(di->blockbuf, di->blocksize); 11706b6e2954SConrad Meyer free(di->blockbuf, M_DUMPER); 11716b6e2954SConrad Meyer } 11726b6e2954SConrad Meyer 11736b6e2954SConrad Meyer kerneldumpcomp_destroy(di); 11746b6e2954SConrad Meyer 11756b6e2954SConrad Meyer #ifdef EKCD 11766b6e2954SConrad Meyer if (di->kdcrypto != NULL) { 11776b6e2954SConrad Meyer explicit_bzero(di->kdcrypto, sizeof(*di->kdcrypto) + 11786b6e2954SConrad Meyer di->kdcrypto->kdc_dumpkeysize); 11796b6e2954SConrad Meyer free(di->kdcrypto, M_EKCD); 11806b6e2954SConrad Meyer } 11816b6e2954SConrad Meyer #endif 11826b6e2954SConrad Meyer 11836b6e2954SConrad Meyer explicit_bzero(di, sizeof(*di)); 11846b6e2954SConrad Meyer free(di, M_DUMPER); 11856b6e2954SConrad Meyer } 11866b6e2954SConrad Meyer 118781661c94SPoul-Henning Kamp /* Registration of dumpers */ 118881661c94SPoul-Henning Kamp int 11896b6e2954SConrad Meyer dumper_insert(const struct dumperinfo *di_template, const char *devname, 11906b6e2954SConrad Meyer const struct diocskerneldump_arg *kda) 119181661c94SPoul-Henning Kamp { 11926b6e2954SConrad Meyer struct dumperinfo *newdi, *listdi; 11936b6e2954SConrad Meyer bool inserted; 11946b6e2954SConrad Meyer uint8_t index; 11955ebb15b9SPawel Jakub Dawidek int error; 11965ebb15b9SPawel Jakub Dawidek 11976b6e2954SConrad Meyer index = kda->kda_index; 11986b6e2954SConrad Meyer MPASS(index != KDA_REMOVE && index != KDA_REMOVE_DEV && 11996b6e2954SConrad Meyer index != KDA_REMOVE_ALL); 12006b6e2954SConrad Meyer 12016b6e2954SConrad Meyer error = priv_check(curthread, PRIV_SETDUMPER); 12025ebb15b9SPawel Jakub Dawidek if (error != 0) 12035ebb15b9SPawel Jakub Dawidek return (error); 1204e95499bdSAlfred Perlstein 12056b6e2954SConrad Meyer newdi = malloc(sizeof(*newdi) + strlen(devname) + 1, M_DUMPER, M_WAITOK 12066b6e2954SConrad Meyer | M_ZERO); 12076b6e2954SConrad Meyer memcpy(newdi, di_template, sizeof(*newdi)); 12086b6e2954SConrad Meyer newdi->blockbuf = NULL; 12096b6e2954SConrad Meyer newdi->kdcrypto = NULL; 12106b6e2954SConrad Meyer newdi->kdcomp = NULL; 12116b6e2954SConrad Meyer strcpy(newdi->di_devname, devname); 1212480f31c2SKonrad Witaszczyk 12136b6e2954SConrad Meyer if (kda->kda_encryption != KERNELDUMP_ENC_NONE) { 1214480f31c2SKonrad Witaszczyk #ifdef EKCD 12156b6e2954SConrad Meyer newdi->kdcrypto = kerneldumpcrypto_create(di_template->blocksize, 12166b6e2954SConrad Meyer kda->kda_encryption, kda->kda_key, 12176b6e2954SConrad Meyer kda->kda_encryptedkeysize, kda->kda_encryptedkey); 12186b6e2954SConrad Meyer if (newdi->kdcrypto == NULL) { 1219480f31c2SKonrad Witaszczyk error = EINVAL; 1220480f31c2SKonrad Witaszczyk goto cleanup; 1221480f31c2SKonrad Witaszczyk } 1222480f31c2SKonrad Witaszczyk #else 1223480f31c2SKonrad Witaszczyk error = EOPNOTSUPP; 1224480f31c2SKonrad Witaszczyk goto cleanup; 1225480f31c2SKonrad Witaszczyk #endif 1226480f31c2SKonrad Witaszczyk } 12276b6e2954SConrad Meyer if (kda->kda_compression != KERNELDUMP_COMP_NONE) { 122864a16434SMark Johnston /* 122982985292SConrad Meyer * We can't support simultaneous unpadded block cipher 123082985292SConrad Meyer * encryption and compression because there is no guarantee the 123182985292SConrad Meyer * length of the compressed result is exactly a multiple of the 123282985292SConrad Meyer * cipher block size. 123364a16434SMark Johnston */ 123482985292SConrad Meyer if (kda->kda_encryption == KERNELDUMP_ENC_AES_256_CBC) { 123564a16434SMark Johnston error = EOPNOTSUPP; 123664a16434SMark Johnston goto cleanup; 123764a16434SMark Johnston } 12386b6e2954SConrad Meyer newdi->kdcomp = kerneldumpcomp_create(newdi, 12396b6e2954SConrad Meyer kda->kda_compression); 12406b6e2954SConrad Meyer if (newdi->kdcomp == NULL) { 124164a16434SMark Johnston error = EINVAL; 124264a16434SMark Johnston goto cleanup; 124364a16434SMark Johnston } 124464a16434SMark Johnston } 124564a16434SMark Johnston 12466b6e2954SConrad Meyer newdi->blockbuf = malloc(newdi->blocksize, M_DUMPER, M_WAITOK | M_ZERO); 12476b6e2954SConrad Meyer 12486b6e2954SConrad Meyer /* Add the new configuration to the queue */ 12496b6e2954SConrad Meyer mtx_lock(&dumpconf_list_lk); 12506b6e2954SConrad Meyer inserted = false; 12516b6e2954SConrad Meyer TAILQ_FOREACH(listdi, &dumper_configs, di_next) { 12526b6e2954SConrad Meyer if (index == 0) { 12536b6e2954SConrad Meyer TAILQ_INSERT_BEFORE(listdi, newdi, di_next); 12546b6e2954SConrad Meyer inserted = true; 12556b6e2954SConrad Meyer break; 12566b6e2954SConrad Meyer } 12576b6e2954SConrad Meyer index--; 12586b6e2954SConrad Meyer } 12596b6e2954SConrad Meyer if (!inserted) 12606b6e2954SConrad Meyer TAILQ_INSERT_TAIL(&dumper_configs, newdi, di_next); 12616b6e2954SConrad Meyer mtx_unlock(&dumpconf_list_lk); 12626b6e2954SConrad Meyer 126381661c94SPoul-Henning Kamp return (0); 1264bd92e6b6SMark Johnston 1265480f31c2SKonrad Witaszczyk cleanup: 12666b6e2954SConrad Meyer free_single_dumper(newdi); 1267bd92e6b6SMark Johnston return (error); 1268bd92e6b6SMark Johnston } 1269bd92e6b6SMark Johnston 1270addccb8cSConrad Meyer #ifdef DDB 1271addccb8cSConrad Meyer void 1272addccb8cSConrad Meyer dumper_ddb_insert(struct dumperinfo *newdi) 1273addccb8cSConrad Meyer { 1274addccb8cSConrad Meyer TAILQ_INSERT_HEAD(&dumper_configs, newdi, di_next); 1275addccb8cSConrad Meyer } 1276addccb8cSConrad Meyer 1277addccb8cSConrad Meyer void 1278addccb8cSConrad Meyer dumper_ddb_remove(struct dumperinfo *di) 1279addccb8cSConrad Meyer { 1280addccb8cSConrad Meyer TAILQ_REMOVE(&dumper_configs, di, di_next); 1281addccb8cSConrad Meyer } 1282addccb8cSConrad Meyer #endif 1283addccb8cSConrad Meyer 12846b6e2954SConrad Meyer static bool 12856b6e2954SConrad Meyer dumper_config_match(const struct dumperinfo *di, const char *devname, 12866b6e2954SConrad Meyer const struct diocskerneldump_arg *kda) 12876b6e2954SConrad Meyer { 12886b6e2954SConrad Meyer if (kda->kda_index == KDA_REMOVE_ALL) 12896b6e2954SConrad Meyer return (true); 12906b6e2954SConrad Meyer 12916b6e2954SConrad Meyer if (strcmp(di->di_devname, devname) != 0) 12926b6e2954SConrad Meyer return (false); 12936b6e2954SConrad Meyer 12946b6e2954SConrad Meyer /* 12956b6e2954SConrad Meyer * Allow wildcard removal of configs matching a device on g_dev_orphan. 12966b6e2954SConrad Meyer */ 12976b6e2954SConrad Meyer if (kda->kda_index == KDA_REMOVE_DEV) 12986b6e2954SConrad Meyer return (true); 12996b6e2954SConrad Meyer 13006b6e2954SConrad Meyer if (di->kdcomp != NULL) { 13016b6e2954SConrad Meyer if (di->kdcomp->kdc_format != kda->kda_compression) 13026b6e2954SConrad Meyer return (false); 13036b6e2954SConrad Meyer } else if (kda->kda_compression != KERNELDUMP_COMP_NONE) 13046b6e2954SConrad Meyer return (false); 13056b6e2954SConrad Meyer #ifdef EKCD 13066b6e2954SConrad Meyer if (di->kdcrypto != NULL) { 13076b6e2954SConrad Meyer if (di->kdcrypto->kdc_encryption != kda->kda_encryption) 13086b6e2954SConrad Meyer return (false); 13096b6e2954SConrad Meyer /* 13106b6e2954SConrad Meyer * Do we care to verify keys match to delete? It seems weird 13116b6e2954SConrad Meyer * to expect multiple fallback dump configurations on the same 13126b6e2954SConrad Meyer * device that only differ in crypto key. 13136b6e2954SConrad Meyer */ 13146b6e2954SConrad Meyer } else 13156b6e2954SConrad Meyer #endif 13166b6e2954SConrad Meyer if (kda->kda_encryption != KERNELDUMP_ENC_NONE) 13176b6e2954SConrad Meyer return (false); 13186b6e2954SConrad Meyer 13196b6e2954SConrad Meyer return (true); 13206b6e2954SConrad Meyer } 13216b6e2954SConrad Meyer 1322bd92e6b6SMark Johnston int 13236b6e2954SConrad Meyer dumper_remove(const char *devname, const struct diocskerneldump_arg *kda) 1324bd92e6b6SMark Johnston { 13256b6e2954SConrad Meyer struct dumperinfo *di, *sdi; 13266b6e2954SConrad Meyer bool found; 1327bd92e6b6SMark Johnston int error; 1328bd92e6b6SMark Johnston 13296b6e2954SConrad Meyer error = priv_check(curthread, PRIV_SETDUMPER); 1330bd92e6b6SMark Johnston if (error != 0) 1331bd92e6b6SMark Johnston return (error); 1332bd92e6b6SMark Johnston 13336b6e2954SConrad Meyer /* 13346b6e2954SConrad Meyer * Try to find a matching configuration, and kill it. 13356b6e2954SConrad Meyer * 13366b6e2954SConrad Meyer * NULL 'kda' indicates remove any configuration matching 'devname', 13376b6e2954SConrad Meyer * which may remove multiple configurations in atypical configurations. 13386b6e2954SConrad Meyer */ 13396b6e2954SConrad Meyer found = false; 13406b6e2954SConrad Meyer mtx_lock(&dumpconf_list_lk); 13416b6e2954SConrad Meyer TAILQ_FOREACH_SAFE(di, &dumper_configs, di_next, sdi) { 13426b6e2954SConrad Meyer if (dumper_config_match(di, devname, kda)) { 13436b6e2954SConrad Meyer found = true; 13446b6e2954SConrad Meyer TAILQ_REMOVE(&dumper_configs, di, di_next); 13456b6e2954SConrad Meyer free_single_dumper(di); 1346480f31c2SKonrad Witaszczyk } 1347480f31c2SKonrad Witaszczyk } 13486b6e2954SConrad Meyer mtx_unlock(&dumpconf_list_lk); 13496b6e2954SConrad Meyer 13506b6e2954SConrad Meyer /* Only produce ENOENT if a more targeted match didn't match. */ 13516b6e2954SConrad Meyer if (!found && kda->kda_index == KDA_REMOVE) 13526b6e2954SConrad Meyer return (ENOENT); 1353bd92e6b6SMark Johnston return (0); 135481661c94SPoul-Henning Kamp } 135581661c94SPoul-Henning Kamp 1356480f31c2SKonrad Witaszczyk static int 1357480f31c2SKonrad Witaszczyk dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) 1358007b1b7bSRuslan Ermilov { 1359007b1b7bSRuslan Ermilov 1360bd92e6b6SMark Johnston if (di->mediasize > 0 && length != 0 && (offset < di->mediaoffset || 1361007b1b7bSRuslan Ermilov offset - di->mediaoffset + length > di->mediasize)) { 1362bde3b1e1SMark Johnston if (di->kdcomp != NULL && offset >= di->mediaoffset) { 1363bde3b1e1SMark Johnston printf( 1364bde3b1e1SMark Johnston "Compressed dump failed to fit in device boundaries.\n"); 1365bde3b1e1SMark Johnston return (E2BIG); 1366bde3b1e1SMark Johnston } 1367bde3b1e1SMark Johnston 136858379067SAttilio Rao printf("Attempt to write outside dump device boundaries.\n" 136958379067SAttilio Rao "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 137058379067SAttilio Rao (intmax_t)offset, (intmax_t)di->mediaoffset, 137158379067SAttilio Rao (uintmax_t)length, (intmax_t)di->mediasize); 137258379067SAttilio Rao return (ENOSPC); 1373007b1b7bSRuslan Ermilov } 137446fcd1afSMark Johnston if (length % di->blocksize != 0) { 137546fcd1afSMark Johnston printf("Attempt to write partial block of length %ju.\n", 137646fcd1afSMark Johnston (uintmax_t)length); 137746fcd1afSMark Johnston return (EINVAL); 137846fcd1afSMark Johnston } 137946fcd1afSMark Johnston if (offset % di->blocksize != 0) { 138046fcd1afSMark Johnston printf("Attempt to write at unaligned offset %jd.\n", 138146fcd1afSMark Johnston (intmax_t)offset); 138246fcd1afSMark Johnston return (EINVAL); 1383480f31c2SKonrad Witaszczyk } 1384480f31c2SKonrad Witaszczyk 138546fcd1afSMark Johnston return (0); 138601938d36SMark Johnston } 138701938d36SMark Johnston 1388480f31c2SKonrad Witaszczyk #ifdef EKCD 1389480f31c2SKonrad Witaszczyk static int 1390480f31c2SKonrad Witaszczyk dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) 1391480f31c2SKonrad Witaszczyk { 1392480f31c2SKonrad Witaszczyk 1393480f31c2SKonrad Witaszczyk switch (kdc->kdc_encryption) { 1394480f31c2SKonrad Witaszczyk case KERNELDUMP_ENC_AES_256_CBC: 1395480f31c2SKonrad Witaszczyk if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 1396480f31c2SKonrad Witaszczyk 8 * size, buf) <= 0) { 1397480f31c2SKonrad Witaszczyk return (EIO); 1398480f31c2SKonrad Witaszczyk } 1399480f31c2SKonrad Witaszczyk if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1400480f31c2SKonrad Witaszczyk buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { 1401480f31c2SKonrad Witaszczyk return (EIO); 1402480f31c2SKonrad Witaszczyk } 1403480f31c2SKonrad Witaszczyk break; 140482985292SConrad Meyer case KERNELDUMP_ENC_CHACHA20: 140582985292SConrad Meyer chacha_encrypt_bytes(&kdc->kdc_chacha, buf, buf, size); 140682985292SConrad Meyer break; 1407480f31c2SKonrad Witaszczyk default: 1408480f31c2SKonrad Witaszczyk return (EINVAL); 1409480f31c2SKonrad Witaszczyk } 1410480f31c2SKonrad Witaszczyk 1411480f31c2SKonrad Witaszczyk return (0); 1412480f31c2SKonrad Witaszczyk } 1413480f31c2SKonrad Witaszczyk 1414480f31c2SKonrad Witaszczyk /* Encrypt data and call dumper. */ 1415480f31c2SKonrad Witaszczyk static int 141646fcd1afSMark Johnston dump_encrypted_write(struct dumperinfo *di, void *virtual, 141746fcd1afSMark Johnston vm_offset_t physical, off_t offset, size_t length) 1418480f31c2SKonrad Witaszczyk { 1419480f31c2SKonrad Witaszczyk static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; 1420480f31c2SKonrad Witaszczyk struct kerneldumpcrypto *kdc; 1421480f31c2SKonrad Witaszczyk int error; 1422480f31c2SKonrad Witaszczyk size_t nbytes; 1423480f31c2SKonrad Witaszczyk 142478f57a9cSMark Johnston kdc = di->kdcrypto; 1425480f31c2SKonrad Witaszczyk 1426480f31c2SKonrad Witaszczyk while (length > 0) { 1427480f31c2SKonrad Witaszczyk nbytes = MIN(length, sizeof(buf)); 1428480f31c2SKonrad Witaszczyk bcopy(virtual, buf, nbytes); 1429480f31c2SKonrad Witaszczyk 1430480f31c2SKonrad Witaszczyk if (dump_encrypt(kdc, buf, nbytes) != 0) 1431480f31c2SKonrad Witaszczyk return (EIO); 1432480f31c2SKonrad Witaszczyk 143346fcd1afSMark Johnston error = dump_write(di, buf, physical, offset, nbytes); 1434480f31c2SKonrad Witaszczyk if (error != 0) 1435480f31c2SKonrad Witaszczyk return (error); 1436480f31c2SKonrad Witaszczyk 1437480f31c2SKonrad Witaszczyk offset += nbytes; 1438480f31c2SKonrad Witaszczyk virtual = (void *)((uint8_t *)virtual + nbytes); 1439480f31c2SKonrad Witaszczyk length -= nbytes; 1440480f31c2SKonrad Witaszczyk } 1441480f31c2SKonrad Witaszczyk 1442480f31c2SKonrad Witaszczyk return (0); 1443480f31c2SKonrad Witaszczyk } 144401938d36SMark Johnston #endif /* EKCD */ 1445007b1b7bSRuslan Ermilov 144664a16434SMark Johnston static int 144778f57a9cSMark Johnston kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg) 144864a16434SMark Johnston { 144964a16434SMark Johnston struct dumperinfo *di; 145064a16434SMark Johnston size_t resid, rlength; 145164a16434SMark Johnston int error; 145264a16434SMark Johnston 145364a16434SMark Johnston di = arg; 145464a16434SMark Johnston 145564a16434SMark Johnston if (length % di->blocksize != 0) { 145664a16434SMark Johnston /* 145764a16434SMark Johnston * This must be the final write after flushing the compression 145864a16434SMark Johnston * stream. Write as many full blocks as possible and stash the 145964a16434SMark Johnston * residual data in the dumper's block buffer. It will be 146064a16434SMark Johnston * padded and written in dump_finish(). 146164a16434SMark Johnston */ 146264a16434SMark Johnston rlength = rounddown(length, di->blocksize); 146364a16434SMark Johnston if (rlength != 0) { 146464a16434SMark Johnston error = _dump_append(di, base, 0, rlength); 146564a16434SMark Johnston if (error != 0) 146664a16434SMark Johnston return (error); 146764a16434SMark Johnston } 146864a16434SMark Johnston resid = length - rlength; 146964a16434SMark Johnston memmove(di->blockbuf, (uint8_t *)base + rlength, resid); 147078f57a9cSMark Johnston di->kdcomp->kdc_resid = resid; 147164a16434SMark Johnston return (EAGAIN); 147264a16434SMark Johnston } 147364a16434SMark Johnston return (_dump_append(di, base, 0, length)); 147464a16434SMark Johnston } 147564a16434SMark Johnston 147664a16434SMark Johnston /* 1477bd92e6b6SMark Johnston * Write kernel dump headers at the beginning and end of the dump extent. 1478bd92e6b6SMark Johnston * Write the kernel dump encryption key after the leading header if we were 1479bd92e6b6SMark Johnston * configured to do so. 148064a16434SMark Johnston */ 1481480f31c2SKonrad Witaszczyk static int 1482bd92e6b6SMark Johnston dump_write_headers(struct dumperinfo *di, struct kerneldumpheader *kdh) 1483480f31c2SKonrad Witaszczyk { 1484bd92e6b6SMark Johnston #ifdef EKCD 1485bd92e6b6SMark Johnston struct kerneldumpcrypto *kdc; 1486bd92e6b6SMark Johnston #endif 1487bd92e6b6SMark Johnston void *buf, *key; 1488e9666bf6SMark Johnston size_t hdrsz; 1489bd92e6b6SMark Johnston uint64_t extent; 1490bd92e6b6SMark Johnston uint32_t keysize; 1491bd92e6b6SMark Johnston int error; 1492480f31c2SKonrad Witaszczyk 1493e9666bf6SMark Johnston hdrsz = sizeof(*kdh); 1494e9666bf6SMark Johnston if (hdrsz > di->blocksize) 1495e9666bf6SMark Johnston return (ENOMEM); 1496e9666bf6SMark Johnston 1497bd92e6b6SMark Johnston #ifdef EKCD 1498bd92e6b6SMark Johnston kdc = di->kdcrypto; 1499bd92e6b6SMark Johnston key = kdc->kdc_dumpkey; 1500bd92e6b6SMark Johnston keysize = kerneldumpcrypto_dumpkeysize(kdc); 1501bd92e6b6SMark Johnston #else 1502bd92e6b6SMark Johnston key = NULL; 1503bd92e6b6SMark Johnston keysize = 0; 1504bd92e6b6SMark Johnston #endif 1505bd92e6b6SMark Johnston 1506bd92e6b6SMark Johnston /* 1507bd92e6b6SMark Johnston * If the dump device has special handling for headers, let it take care 1508bd92e6b6SMark Johnston * of writing them out. 1509bd92e6b6SMark Johnston */ 1510bd92e6b6SMark Johnston if (di->dumper_hdr != NULL) 1511bd92e6b6SMark Johnston return (di->dumper_hdr(di, kdh, key, keysize)); 1512bd92e6b6SMark Johnston 1513e9666bf6SMark Johnston if (hdrsz == di->blocksize) 1514e9666bf6SMark Johnston buf = kdh; 1515e9666bf6SMark Johnston else { 1516e9666bf6SMark Johnston buf = di->blockbuf; 1517e9666bf6SMark Johnston memset(buf, 0, di->blocksize); 1518e9666bf6SMark Johnston memcpy(buf, kdh, hdrsz); 1519e9666bf6SMark Johnston } 1520e9666bf6SMark Johnston 1521bd92e6b6SMark Johnston extent = dtoh64(kdh->dumpextent); 1522bd92e6b6SMark Johnston #ifdef EKCD 1523bd92e6b6SMark Johnston if (kdc != NULL) { 1524bd92e6b6SMark Johnston error = dump_write(di, kdc->kdc_dumpkey, 0, 1525bd92e6b6SMark Johnston di->mediaoffset + di->mediasize - di->blocksize - extent - 1526bd92e6b6SMark Johnston keysize, keysize); 1527bd92e6b6SMark Johnston if (error != 0) 1528bd92e6b6SMark Johnston return (error); 1529bd92e6b6SMark Johnston } 1530bd92e6b6SMark Johnston #endif 1531bd92e6b6SMark Johnston 1532bd92e6b6SMark Johnston error = dump_write(di, buf, 0, 1533bd92e6b6SMark Johnston di->mediaoffset + di->mediasize - 2 * di->blocksize - extent - 1534bd92e6b6SMark Johnston keysize, di->blocksize); 1535bd92e6b6SMark Johnston if (error == 0) 1536bd92e6b6SMark Johnston error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize - 1537bd92e6b6SMark Johnston di->blocksize, di->blocksize); 1538bd92e6b6SMark Johnston return (error); 15395dc5dab6SConrad Meyer } 15405dc5dab6SConrad Meyer 154150ef60daSMark Johnston /* 154250ef60daSMark Johnston * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to 154350ef60daSMark Johnston * protect us from metadata and metadata from us. 154450ef60daSMark Johnston */ 154550ef60daSMark Johnston #define SIZEOF_METADATA (64 * 1024) 154650ef60daSMark Johnston 154750ef60daSMark Johnston /* 154864a16434SMark Johnston * Do some preliminary setup for a kernel dump: initialize state for encryption, 154964a16434SMark Johnston * if requested, and make sure that we have enough space on the dump device. 155064a16434SMark Johnston * 155164a16434SMark Johnston * We set things up so that the dump ends before the last sector of the dump 155264a16434SMark Johnston * device, at which the trailing header is written. 155364a16434SMark Johnston * 155464a16434SMark Johnston * +-----------+------+-----+----------------------------+------+ 155564a16434SMark Johnston * | | lhdr | key | ... kernel dump ... | thdr | 155664a16434SMark Johnston * +-----------+------+-----+----------------------------+------+ 155764a16434SMark Johnston * 1 blk opt <------- dump extent --------> 1 blk 155864a16434SMark Johnston * 155964a16434SMark Johnston * Dumps written using dump_append() start at the beginning of the extent. 156064a16434SMark Johnston * Uncompressed dumps will use the entire extent, but compressed dumps typically 156164a16434SMark Johnston * will not. The true length of the dump is recorded in the leading and trailing 156264a16434SMark Johnston * headers once the dump has been completed. 1563bd92e6b6SMark Johnston * 1564bd92e6b6SMark Johnston * The dump device may provide a callback, in which case it will initialize 1565bd92e6b6SMark Johnston * dumpoff and take care of laying out the headers. 156650ef60daSMark Johnston */ 156750ef60daSMark Johnston int 156846fcd1afSMark Johnston dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh) 156950ef60daSMark Johnston { 1570bd92e6b6SMark Johnston uint64_t dumpextent, span; 157101938d36SMark Johnston uint32_t keysize; 1572bd92e6b6SMark Johnston int error; 157350ef60daSMark Johnston 157401938d36SMark Johnston #ifdef EKCD 1575bd92e6b6SMark Johnston error = kerneldumpcrypto_init(di->kdcrypto); 157650ef60daSMark Johnston if (error != 0) 157750ef60daSMark Johnston return (error); 157878f57a9cSMark Johnston keysize = kerneldumpcrypto_dumpkeysize(di->kdcrypto); 157901938d36SMark Johnston #else 1580bd92e6b6SMark Johnston error = 0; 158101938d36SMark Johnston keysize = 0; 158201938d36SMark Johnston #endif 158350ef60daSMark Johnston 1584bd92e6b6SMark Johnston if (di->dumper_start != NULL) { 1585bd92e6b6SMark Johnston error = di->dumper_start(di); 1586bd92e6b6SMark Johnston } else { 158764a16434SMark Johnston dumpextent = dtoh64(kdh->dumpextent); 1588bd92e6b6SMark Johnston span = SIZEOF_METADATA + dumpextent + 2 * di->blocksize + 1589bd92e6b6SMark Johnston keysize; 1590bd92e6b6SMark Johnston if (di->mediasize < span) { 1591bd92e6b6SMark Johnston if (di->kdcomp == NULL) 1592bd92e6b6SMark Johnston return (E2BIG); 1593bd92e6b6SMark Johnston 159464a16434SMark Johnston /* 159564a16434SMark Johnston * We don't yet know how much space the compressed dump 159664a16434SMark Johnston * will occupy, so try to use the whole swap partition 159764a16434SMark Johnston * (minus the first 64KB) in the hope that the 159864a16434SMark Johnston * compressed dump will fit. If that doesn't turn out to 15996026dcd7SMark Johnston * be enough, the bounds checking in dump_write() 160064a16434SMark Johnston * will catch us and cause the dump to fail. 160164a16434SMark Johnston */ 1602bd92e6b6SMark Johnston dumpextent = di->mediasize - span + dumpextent; 160364a16434SMark Johnston kdh->dumpextent = htod64(dumpextent); 160464a16434SMark Johnston } 160564a16434SMark Johnston 1606bd92e6b6SMark Johnston /* 1607bd92e6b6SMark Johnston * The offset at which to begin writing the dump. 1608bd92e6b6SMark Johnston */ 160964a16434SMark Johnston di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize - 161064a16434SMark Johnston dumpextent; 1611bd92e6b6SMark Johnston } 1612bd92e6b6SMark Johnston di->origdumpoff = di->dumpoff; 1613bd92e6b6SMark Johnston return (error); 161450ef60daSMark Johnston } 161550ef60daSMark Johnston 161664a16434SMark Johnston static int 161764a16434SMark Johnston _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 161846fcd1afSMark Johnston size_t length) 161946fcd1afSMark Johnston { 162046fcd1afSMark Johnston int error; 162146fcd1afSMark Johnston 162246fcd1afSMark Johnston #ifdef EKCD 162378f57a9cSMark Johnston if (di->kdcrypto != NULL) 162446fcd1afSMark Johnston error = dump_encrypted_write(di, virtual, physical, di->dumpoff, 162546fcd1afSMark Johnston length); 162646fcd1afSMark Johnston else 162746fcd1afSMark Johnston #endif 162846fcd1afSMark Johnston error = dump_write(di, virtual, physical, di->dumpoff, length); 162946fcd1afSMark Johnston if (error == 0) 163046fcd1afSMark Johnston di->dumpoff += length; 163146fcd1afSMark Johnston return (error); 163246fcd1afSMark Johnston } 163346fcd1afSMark Johnston 163464a16434SMark Johnston /* 163564a16434SMark Johnston * Write to the dump device starting at dumpoff. When compression is enabled, 163664a16434SMark Johnston * writes to the device will be performed using a callback that gets invoked 163764a16434SMark Johnston * when the compression stream's output buffer is full. 163864a16434SMark Johnston */ 163964a16434SMark Johnston int 164064a16434SMark Johnston dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 164164a16434SMark Johnston size_t length) 164264a16434SMark Johnston { 164364a16434SMark Johnston void *buf; 164464a16434SMark Johnston 164578f57a9cSMark Johnston if (di->kdcomp != NULL) { 164678f57a9cSMark Johnston /* Bounce through a buffer to avoid CRC errors. */ 164764a16434SMark Johnston if (length > di->maxiosize) 164864a16434SMark Johnston return (EINVAL); 164978f57a9cSMark Johnston buf = di->kdcomp->kdc_buf; 165064a16434SMark Johnston memmove(buf, virtual, length); 165178f57a9cSMark Johnston return (compressor_write(di->kdcomp->kdc_stream, buf, length)); 165264a16434SMark Johnston } 165364a16434SMark Johnston return (_dump_append(di, virtual, physical, length)); 165464a16434SMark Johnston } 165564a16434SMark Johnston 165664a16434SMark Johnston /* 165764a16434SMark Johnston * Write to the dump device at the specified offset. 165864a16434SMark Johnston */ 165946fcd1afSMark Johnston int 166046fcd1afSMark Johnston dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 166146fcd1afSMark Johnston off_t offset, size_t length) 166246fcd1afSMark Johnston { 166346fcd1afSMark Johnston int error; 166446fcd1afSMark Johnston 166546fcd1afSMark Johnston error = dump_check_bounds(di, offset, length); 166646fcd1afSMark Johnston if (error != 0) 166746fcd1afSMark Johnston return (error); 166846fcd1afSMark Johnston return (di->dumper(di->priv, virtual, physical, offset, length)); 166946fcd1afSMark Johnston } 167046fcd1afSMark Johnston 167150ef60daSMark Johnston /* 167264a16434SMark Johnston * Perform kernel dump finalization: flush the compression stream, if necessary, 167364a16434SMark Johnston * write the leading and trailing kernel dump headers now that we know the true 167464a16434SMark Johnston * length of the dump, and optionally write the encryption key following the 167564a16434SMark Johnston * leading header. 167650ef60daSMark Johnston */ 167750ef60daSMark Johnston int 167846fcd1afSMark Johnston dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) 167950ef60daSMark Johnston { 168050ef60daSMark Johnston int error; 168150ef60daSMark Johnston 168278f57a9cSMark Johnston if (di->kdcomp != NULL) { 168378f57a9cSMark Johnston error = compressor_flush(di->kdcomp->kdc_stream); 168464a16434SMark Johnston if (error == EAGAIN) { 168564a16434SMark Johnston /* We have residual data in di->blockbuf. */ 168664a16434SMark Johnston error = dump_write(di, di->blockbuf, 0, di->dumpoff, 168764a16434SMark Johnston di->blocksize); 168878f57a9cSMark Johnston di->dumpoff += di->kdcomp->kdc_resid; 168978f57a9cSMark Johnston di->kdcomp->kdc_resid = 0; 169064a16434SMark Johnston } 169164a16434SMark Johnston if (error != 0) 169264a16434SMark Johnston return (error); 169364a16434SMark Johnston 169464a16434SMark Johnston /* 169564a16434SMark Johnston * We now know the size of the compressed dump, so update the 169664a16434SMark Johnston * header accordingly and recompute parity. 169764a16434SMark Johnston */ 1698bd92e6b6SMark Johnston kdh->dumplength = htod64(di->dumpoff - di->origdumpoff); 169964a16434SMark Johnston kdh->parity = 0; 170064a16434SMark Johnston kdh->parity = kerneldump_parity(kdh); 170164a16434SMark Johnston 170278f57a9cSMark Johnston compressor_reset(di->kdcomp->kdc_stream); 170364a16434SMark Johnston } 170464a16434SMark Johnston 1705bd92e6b6SMark Johnston error = dump_write_headers(di, kdh); 170650ef60daSMark Johnston if (error != 0) 170750ef60daSMark Johnston return (error); 170850ef60daSMark Johnston 170950ef60daSMark Johnston (void)dump_write(di, NULL, 0, 0, 0); 171050ef60daSMark Johnston return (0); 171150ef60daSMark Johnston } 171250ef60daSMark Johnston 1713e6592ee5SPeter Wemm void 171401938d36SMark Johnston dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh, 171501938d36SMark Johnston char *magic, uint32_t archver, uint64_t dumplen) 1716e6592ee5SPeter Wemm { 1717ab384d75SMark Johnston size_t dstsize; 1718e6592ee5SPeter Wemm 1719e6592ee5SPeter Wemm bzero(kdh, sizeof(*kdh)); 17207a9c38e6SAlan Somers strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 17217a9c38e6SAlan Somers strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 1722e6592ee5SPeter Wemm kdh->version = htod32(KERNELDUMPVERSION); 1723e6592ee5SPeter Wemm kdh->architectureversion = htod32(archver); 1724e6592ee5SPeter Wemm kdh->dumplength = htod64(dumplen); 172564a16434SMark Johnston kdh->dumpextent = kdh->dumplength; 1726e6592ee5SPeter Wemm kdh->dumptime = htod64(time_second); 172701938d36SMark Johnston #ifdef EKCD 172878f57a9cSMark Johnston kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdcrypto)); 172901938d36SMark Johnston #else 173001938d36SMark Johnston kdh->dumpkeysize = 0; 173101938d36SMark Johnston #endif 173201938d36SMark Johnston kdh->blocksize = htod32(di->blocksize); 17337a9c38e6SAlan Somers strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 1734ab384d75SMark Johnston dstsize = sizeof(kdh->versionstring); 1735ab384d75SMark Johnston if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) 1736ab384d75SMark Johnston kdh->versionstring[dstsize - 2] = '\n'; 1737e6592ee5SPeter Wemm if (panicstr != NULL) 17387a9c38e6SAlan Somers strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 173978f57a9cSMark Johnston if (di->kdcomp != NULL) 17406026dcd7SMark Johnston kdh->compression = di->kdcomp->kdc_format; 1741e6592ee5SPeter Wemm kdh->parity = kerneldump_parity(kdh); 1742e6592ee5SPeter Wemm } 17433af72c11SBjoern A. Zeeb 17443af72c11SBjoern A. Zeeb #ifdef DDB 17453af72c11SBjoern A. Zeeb DB_SHOW_COMMAND(panic, db_show_panic) 17463af72c11SBjoern A. Zeeb { 17473af72c11SBjoern A. Zeeb 17483af72c11SBjoern A. Zeeb if (panicstr == NULL) 17493af72c11SBjoern A. Zeeb db_printf("panicstr not set\n"); 17503af72c11SBjoern A. Zeeb else 17513af72c11SBjoern A. Zeeb db_printf("panic: %s\n", panicstr); 17523af72c11SBjoern A. Zeeb } 17533af72c11SBjoern A. Zeeb #endif 1754