1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 1986, 1988, 1991, 1993 5 * The Regents of the University of California. All rights reserved. 6 * (c) UNIX System Laboratories, Inc. 7 * All or some portions of this file are derived from material licensed 8 * to the University of California by American Telephone and Telegraph 9 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 * the permission of UNIX System Laboratories, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 3. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 * 36 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 37 */ 38 39 #include <sys/cdefs.h> 40 __FBSDID("$FreeBSD$"); 41 42 #include "opt_ddb.h" 43 #include "opt_ekcd.h" 44 #include "opt_gzio.h" 45 #include "opt_kdb.h" 46 #include "opt_panic.h" 47 #include "opt_sched.h" 48 #include "opt_watchdog.h" 49 50 #include <sys/param.h> 51 #include <sys/systm.h> 52 #include <sys/bio.h> 53 #include <sys/buf.h> 54 #include <sys/conf.h> 55 #include <sys/cons.h> 56 #include <sys/eventhandler.h> 57 #include <sys/filedesc.h> 58 #include <sys/gzio.h> 59 #include <sys/jail.h> 60 #include <sys/kdb.h> 61 #include <sys/kernel.h> 62 #include <sys/kerneldump.h> 63 #include <sys/kthread.h> 64 #include <sys/ktr.h> 65 #include <sys/malloc.h> 66 #include <sys/mount.h> 67 #include <sys/priv.h> 68 #include <sys/proc.h> 69 #include <sys/reboot.h> 70 #include <sys/resourcevar.h> 71 #include <sys/rwlock.h> 72 #include <sys/sched.h> 73 #include <sys/smp.h> 74 #include <sys/sysctl.h> 75 #include <sys/sysproto.h> 76 #include <sys/vnode.h> 77 #include <sys/watchdog.h> 78 79 #include <crypto/rijndael/rijndael-api-fst.h> 80 #include <crypto/sha2/sha256.h> 81 82 #include <ddb/ddb.h> 83 84 #include <machine/cpu.h> 85 #include <machine/dump.h> 86 #include <machine/pcb.h> 87 #include <machine/smp.h> 88 89 #include <security/mac/mac_framework.h> 90 91 #include <vm/vm.h> 92 #include <vm/vm_object.h> 93 #include <vm/vm_page.h> 94 #include <vm/vm_pager.h> 95 #include <vm/swap_pager.h> 96 97 #include <sys/signalvar.h> 98 99 static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); 100 101 #ifndef PANIC_REBOOT_WAIT_TIME 102 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 103 #endif 104 static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 105 SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 106 &panic_reboot_wait_time, 0, 107 "Seconds to wait before rebooting after a panic"); 108 109 /* 110 * Note that stdarg.h and the ANSI style va_start macro is used for both 111 * ANSI and traditional C compilers. 112 */ 113 #include <machine/stdarg.h> 114 115 #ifdef KDB 116 #ifdef KDB_UNATTENDED 117 int debugger_on_panic = 0; 118 #else 119 int debugger_on_panic = 1; 120 #endif 121 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 122 CTLFLAG_RWTUN | CTLFLAG_SECURE, 123 &debugger_on_panic, 0, "Run debugger on kernel panic"); 124 125 #ifdef KDB_TRACE 126 static int trace_on_panic = 1; 127 #else 128 static int trace_on_panic = 0; 129 #endif 130 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 131 CTLFLAG_RWTUN | CTLFLAG_SECURE, 132 &trace_on_panic, 0, "Print stack trace on kernel panic"); 133 #endif /* KDB */ 134 135 static int sync_on_panic = 0; 136 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 137 &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 138 139 static bool poweroff_on_panic = 0; 140 SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN, 141 &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic"); 142 143 static bool powercycle_on_panic = 0; 144 SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN, 145 &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic"); 146 147 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 148 "Shutdown environment"); 149 150 #ifndef DIAGNOSTIC 151 static int show_busybufs; 152 #else 153 static int show_busybufs = 1; 154 #endif 155 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 156 &show_busybufs, 0, ""); 157 158 int suspend_blocked = 0; 159 SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 160 &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 161 162 #ifdef EKCD 163 FEATURE(ekcd, "Encrypted kernel crash dumps support"); 164 165 MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); 166 167 struct kerneldumpcrypto { 168 uint8_t kdc_encryption; 169 uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; 170 keyInstance kdc_ki; 171 cipherInstance kdc_ci; 172 uint32_t kdc_dumpkeysize; 173 struct kerneldumpkey kdc_dumpkey[]; 174 }; 175 #endif 176 177 #ifdef GZIO 178 struct kerneldumpgz { 179 struct gzio_stream *kdgz_stream; 180 uint8_t *kdgz_buf; 181 size_t kdgz_resid; 182 }; 183 184 static struct kerneldumpgz *kerneldumpgz_create(struct dumperinfo *di, 185 uint8_t compression); 186 static void kerneldumpgz_destroy(struct dumperinfo *di); 187 static int kerneldumpgz_write_cb(void *cb, size_t len, off_t off, void *arg); 188 189 static int kerneldump_gzlevel = 6; 190 SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN, 191 &kerneldump_gzlevel, 0, 192 "Kernel crash dump gzip compression level"); 193 #endif /* GZIO */ 194 195 /* 196 * Variable panicstr contains argument to first call to panic; used as flag 197 * to indicate that the kernel has already called panic. 198 */ 199 const char *panicstr; 200 201 int dumping; /* system is dumping */ 202 int rebooting; /* system is rebooting */ 203 static struct dumperinfo dumper; /* our selected dumper */ 204 205 /* Context information for dump-debuggers. */ 206 static struct pcb dumppcb; /* Registers. */ 207 lwpid_t dumptid; /* Thread ID. */ 208 209 static struct cdevsw reroot_cdevsw = { 210 .d_version = D_VERSION, 211 .d_name = "reroot", 212 }; 213 214 static void poweroff_wait(void *, int); 215 static void shutdown_halt(void *junk, int howto); 216 static void shutdown_panic(void *junk, int howto); 217 static void shutdown_reset(void *junk, int howto); 218 static int kern_reroot(void); 219 220 /* register various local shutdown events */ 221 static void 222 shutdown_conf(void *unused) 223 { 224 225 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 226 SHUTDOWN_PRI_FIRST); 227 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 228 SHUTDOWN_PRI_LAST + 100); 229 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 230 SHUTDOWN_PRI_LAST + 100); 231 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 232 SHUTDOWN_PRI_LAST + 200); 233 } 234 235 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 236 237 /* 238 * The only reason this exists is to create the /dev/reroot/ directory, 239 * used by reroot code in init(8) as a mountpoint for tmpfs. 240 */ 241 static void 242 reroot_conf(void *unused) 243 { 244 int error; 245 struct cdev *cdev; 246 247 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 248 &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 249 if (error != 0) { 250 printf("%s: failed to create device node, error %d", 251 __func__, error); 252 } 253 } 254 255 SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 256 257 /* 258 * The system call that results in a reboot. 259 */ 260 /* ARGSUSED */ 261 int 262 sys_reboot(struct thread *td, struct reboot_args *uap) 263 { 264 int error; 265 266 error = 0; 267 #ifdef MAC 268 error = mac_system_check_reboot(td->td_ucred, uap->opt); 269 #endif 270 if (error == 0) 271 error = priv_check(td, PRIV_REBOOT); 272 if (error == 0) { 273 if (uap->opt & RB_REROOT) { 274 error = kern_reroot(); 275 } else { 276 mtx_lock(&Giant); 277 kern_reboot(uap->opt); 278 mtx_unlock(&Giant); 279 } 280 } 281 return (error); 282 } 283 284 /* 285 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 286 */ 287 void 288 shutdown_nice(int howto) 289 { 290 291 if (initproc != NULL) { 292 /* Send a signal to init(8) and have it shutdown the world. */ 293 PROC_LOCK(initproc); 294 if (howto & RB_POWEROFF) 295 kern_psignal(initproc, SIGUSR2); 296 else if (howto & RB_POWERCYCLE) 297 kern_psignal(initproc, SIGWINCH); 298 else if (howto & RB_HALT) 299 kern_psignal(initproc, SIGUSR1); 300 else 301 kern_psignal(initproc, SIGINT); 302 PROC_UNLOCK(initproc); 303 } else { 304 /* No init(8) running, so simply reboot. */ 305 kern_reboot(howto | RB_NOSYNC); 306 } 307 } 308 309 static void 310 print_uptime(void) 311 { 312 int f; 313 struct timespec ts; 314 315 getnanouptime(&ts); 316 printf("Uptime: "); 317 f = 0; 318 if (ts.tv_sec >= 86400) { 319 printf("%ldd", (long)ts.tv_sec / 86400); 320 ts.tv_sec %= 86400; 321 f = 1; 322 } 323 if (f || ts.tv_sec >= 3600) { 324 printf("%ldh", (long)ts.tv_sec / 3600); 325 ts.tv_sec %= 3600; 326 f = 1; 327 } 328 if (f || ts.tv_sec >= 60) { 329 printf("%ldm", (long)ts.tv_sec / 60); 330 ts.tv_sec %= 60; 331 f = 1; 332 } 333 printf("%lds\n", (long)ts.tv_sec); 334 } 335 336 int 337 doadump(boolean_t textdump) 338 { 339 boolean_t coredump; 340 int error; 341 342 error = 0; 343 if (dumping) 344 return (EBUSY); 345 if (dumper.dumper == NULL) 346 return (ENXIO); 347 348 savectx(&dumppcb); 349 dumptid = curthread->td_tid; 350 dumping++; 351 352 coredump = TRUE; 353 #ifdef DDB 354 if (textdump && textdump_pending) { 355 coredump = FALSE; 356 textdump_dumpsys(&dumper); 357 } 358 #endif 359 if (coredump) 360 error = dumpsys(&dumper); 361 362 dumping--; 363 return (error); 364 } 365 366 /* 367 * Shutdown the system cleanly to prepare for reboot, halt, or power off. 368 */ 369 void 370 kern_reboot(int howto) 371 { 372 static int once = 0; 373 374 #if defined(SMP) 375 /* 376 * Bind us to the first CPU so that all shutdown code runs there. Some 377 * systems don't shutdown properly (i.e., ACPI power off) if we 378 * run on another processor. 379 */ 380 if (!SCHEDULER_STOPPED()) { 381 thread_lock(curthread); 382 sched_bind(curthread, CPU_FIRST()); 383 thread_unlock(curthread); 384 KASSERT(PCPU_GET(cpuid) == CPU_FIRST(), 385 ("boot: not running on cpu 0")); 386 } 387 #endif 388 /* We're in the process of rebooting. */ 389 rebooting = 1; 390 391 /* We are out of the debugger now. */ 392 kdb_active = 0; 393 394 /* 395 * Do any callouts that should be done BEFORE syncing the filesystems. 396 */ 397 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 398 399 /* 400 * Now sync filesystems 401 */ 402 if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 403 once = 1; 404 bufshutdown(show_busybufs); 405 } 406 407 print_uptime(); 408 409 cngrab(); 410 411 /* 412 * Ok, now do things that assume all filesystem activity has 413 * been completed. 414 */ 415 EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 416 417 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 418 doadump(TRUE); 419 420 /* Now that we're going to really halt the system... */ 421 EVENTHANDLER_INVOKE(shutdown_final, howto); 422 423 for(;;) ; /* safety against shutdown_reset not working */ 424 /* NOTREACHED */ 425 } 426 427 /* 428 * The system call that results in changing the rootfs. 429 */ 430 static int 431 kern_reroot(void) 432 { 433 struct vnode *oldrootvnode, *vp; 434 struct mount *mp, *devmp; 435 int error; 436 437 if (curproc != initproc) 438 return (EPERM); 439 440 /* 441 * Mark the filesystem containing currently-running executable 442 * (the temporary copy of init(8)) busy. 443 */ 444 vp = curproc->p_textvp; 445 error = vn_lock(vp, LK_SHARED); 446 if (error != 0) 447 return (error); 448 mp = vp->v_mount; 449 error = vfs_busy(mp, MBF_NOWAIT); 450 if (error != 0) { 451 vfs_ref(mp); 452 VOP_UNLOCK(vp, 0); 453 error = vfs_busy(mp, 0); 454 vn_lock(vp, LK_SHARED | LK_RETRY); 455 vfs_rel(mp); 456 if (error != 0) { 457 VOP_UNLOCK(vp, 0); 458 return (ENOENT); 459 } 460 if (vp->v_iflag & VI_DOOMED) { 461 VOP_UNLOCK(vp, 0); 462 vfs_unbusy(mp); 463 return (ENOENT); 464 } 465 } 466 VOP_UNLOCK(vp, 0); 467 468 /* 469 * Remove the filesystem containing currently-running executable 470 * from the mount list, to prevent it from being unmounted 471 * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 472 * 473 * Also preserve /dev - forcibly unmounting it could cause driver 474 * reinitialization. 475 */ 476 477 vfs_ref(rootdevmp); 478 devmp = rootdevmp; 479 rootdevmp = NULL; 480 481 mtx_lock(&mountlist_mtx); 482 TAILQ_REMOVE(&mountlist, mp, mnt_list); 483 TAILQ_REMOVE(&mountlist, devmp, mnt_list); 484 mtx_unlock(&mountlist_mtx); 485 486 oldrootvnode = rootvnode; 487 488 /* 489 * Unmount everything except for the two filesystems preserved above. 490 */ 491 vfs_unmountall(); 492 493 /* 494 * Add /dev back; vfs_mountroot() will move it into its new place. 495 */ 496 mtx_lock(&mountlist_mtx); 497 TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 498 mtx_unlock(&mountlist_mtx); 499 rootdevmp = devmp; 500 vfs_rel(rootdevmp); 501 502 /* 503 * Mount the new rootfs. 504 */ 505 vfs_mountroot(); 506 507 /* 508 * Update all references to the old rootvnode. 509 */ 510 mountcheckdirs(oldrootvnode, rootvnode); 511 512 /* 513 * Add the temporary filesystem back and unbusy it. 514 */ 515 mtx_lock(&mountlist_mtx); 516 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 517 mtx_unlock(&mountlist_mtx); 518 vfs_unbusy(mp); 519 520 return (0); 521 } 522 523 /* 524 * If the shutdown was a clean halt, behave accordingly. 525 */ 526 static void 527 shutdown_halt(void *junk, int howto) 528 { 529 530 if (howto & RB_HALT) { 531 printf("\n"); 532 printf("The operating system has halted.\n"); 533 printf("Please press any key to reboot.\n\n"); 534 switch (cngetc()) { 535 case -1: /* No console, just die */ 536 cpu_halt(); 537 /* NOTREACHED */ 538 default: 539 howto &= ~RB_HALT; 540 break; 541 } 542 } 543 } 544 545 /* 546 * Check to see if the system paniced, pause and then reboot 547 * according to the specified delay. 548 */ 549 static void 550 shutdown_panic(void *junk, int howto) 551 { 552 int loop; 553 554 if (howto & RB_DUMP) { 555 if (panic_reboot_wait_time != 0) { 556 if (panic_reboot_wait_time != -1) { 557 printf("Automatic reboot in %d seconds - " 558 "press a key on the console to abort\n", 559 panic_reboot_wait_time); 560 for (loop = panic_reboot_wait_time * 10; 561 loop > 0; --loop) { 562 DELAY(1000 * 100); /* 1/10th second */ 563 /* Did user type a key? */ 564 if (cncheckc() != -1) 565 break; 566 } 567 if (!loop) 568 return; 569 } 570 } else { /* zero time specified - reboot NOW */ 571 return; 572 } 573 printf("--> Press a key on the console to reboot,\n"); 574 printf("--> or switch off the system now.\n"); 575 cngetc(); 576 } 577 } 578 579 /* 580 * Everything done, now reset 581 */ 582 static void 583 shutdown_reset(void *junk, int howto) 584 { 585 586 printf("Rebooting...\n"); 587 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 588 589 /* 590 * Acquiring smp_ipi_mtx here has a double effect: 591 * - it disables interrupts avoiding CPU0 preemption 592 * by fast handlers (thus deadlocking against other CPUs) 593 * - it avoids deadlocks against smp_rendezvous() or, more 594 * generally, threads busy-waiting, with this spinlock held, 595 * and waiting for responses by threads on other CPUs 596 * (ie. smp_tlb_shootdown()). 597 * 598 * For the !SMP case it just needs to handle the former problem. 599 */ 600 #ifdef SMP 601 mtx_lock_spin(&smp_ipi_mtx); 602 #else 603 spinlock_enter(); 604 #endif 605 606 /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 607 cpu_reset(); 608 /* NOTREACHED */ /* assuming reset worked */ 609 } 610 611 #if defined(WITNESS) || defined(INVARIANT_SUPPORT) 612 static int kassert_warn_only = 0; 613 #ifdef KDB 614 static int kassert_do_kdb = 0; 615 #endif 616 #ifdef KTR 617 static int kassert_do_ktr = 0; 618 #endif 619 static int kassert_do_log = 1; 620 static int kassert_log_pps_limit = 4; 621 static int kassert_log_mute_at = 0; 622 static int kassert_log_panic_at = 0; 623 static int kassert_warnings = 0; 624 625 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 626 627 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, CTLFLAG_RWTUN, 628 &kassert_warn_only, 0, 629 "KASSERT triggers a panic (1) or just a warning (0)"); 630 631 #ifdef KDB 632 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, CTLFLAG_RWTUN, 633 &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 634 #endif 635 636 #ifdef KTR 637 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, CTLFLAG_RWTUN, 638 &kassert_do_ktr, 0, 639 "KASSERT does a KTR, set this to the KTRMASK you want"); 640 #endif 641 642 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, CTLFLAG_RWTUN, 643 &kassert_do_log, 0, "KASSERT triggers a panic (1) or just a warning (0)"); 644 645 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RWTUN, 646 &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 647 648 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, CTLFLAG_RWTUN, 649 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 650 651 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, CTLFLAG_RWTUN, 652 &kassert_log_pps_limit, 0, "limit number of log messages per second"); 653 654 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, CTLFLAG_RWTUN, 655 &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 656 657 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 658 659 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 660 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 661 kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 662 663 static int 664 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 665 { 666 int error, i; 667 668 error = sysctl_wire_old_buffer(req, sizeof(int)); 669 if (error == 0) { 670 i = 0; 671 error = sysctl_handle_int(oidp, &i, 0, req); 672 } 673 if (error != 0 || req->newptr == NULL) 674 return (error); 675 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 676 return (0); 677 } 678 679 /* 680 * Called by KASSERT, this decides if we will panic 681 * or if we will log via printf and/or ktr. 682 */ 683 void 684 kassert_panic(const char *fmt, ...) 685 { 686 static char buf[256]; 687 va_list ap; 688 689 va_start(ap, fmt); 690 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 691 va_end(ap); 692 693 /* 694 * panic if we're not just warning, or if we've exceeded 695 * kassert_log_panic_at warnings. 696 */ 697 if (!kassert_warn_only || 698 (kassert_log_panic_at > 0 && 699 kassert_warnings >= kassert_log_panic_at)) { 700 va_start(ap, fmt); 701 vpanic(fmt, ap); 702 /* NORETURN */ 703 } 704 #ifdef KTR 705 if (kassert_do_ktr) 706 CTR0(ktr_mask, buf); 707 #endif /* KTR */ 708 /* 709 * log if we've not yet met the mute limit. 710 */ 711 if (kassert_do_log && 712 (kassert_log_mute_at == 0 || 713 kassert_warnings < kassert_log_mute_at)) { 714 static struct timeval lasterr; 715 static int curerr; 716 717 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 718 printf("KASSERT failed: %s\n", buf); 719 kdb_backtrace(); 720 } 721 } 722 #ifdef KDB 723 if (kassert_do_kdb) { 724 kdb_enter(KDB_WHY_KASSERT, buf); 725 } 726 #endif 727 atomic_add_int(&kassert_warnings, 1); 728 } 729 #endif 730 731 /* 732 * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 733 * and then reboots. If we are called twice, then we avoid trying to sync 734 * the disks as this often leads to recursive panics. 735 */ 736 void 737 panic(const char *fmt, ...) 738 { 739 va_list ap; 740 741 va_start(ap, fmt); 742 vpanic(fmt, ap); 743 } 744 745 void 746 vpanic(const char *fmt, va_list ap) 747 { 748 #ifdef SMP 749 cpuset_t other_cpus; 750 #endif 751 struct thread *td = curthread; 752 int bootopt, newpanic; 753 static char buf[256]; 754 755 spinlock_enter(); 756 757 #ifdef SMP 758 /* 759 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 760 * concurrently entering panic. Only the winner will proceed 761 * further. 762 */ 763 if (panicstr == NULL && !kdb_active) { 764 other_cpus = all_cpus; 765 CPU_CLR(PCPU_GET(cpuid), &other_cpus); 766 stop_cpus_hard(other_cpus); 767 } 768 #endif 769 770 /* 771 * Ensure that the scheduler is stopped while panicking, even if panic 772 * has been entered from kdb. 773 */ 774 td->td_stopsched = 1; 775 776 bootopt = RB_AUTOBOOT; 777 newpanic = 0; 778 if (panicstr) 779 bootopt |= RB_NOSYNC; 780 else { 781 bootopt |= RB_DUMP; 782 panicstr = fmt; 783 newpanic = 1; 784 } 785 786 if (newpanic) { 787 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 788 panicstr = buf; 789 cngrab(); 790 printf("panic: %s\n", buf); 791 } else { 792 printf("panic: "); 793 vprintf(fmt, ap); 794 printf("\n"); 795 } 796 #ifdef SMP 797 printf("cpuid = %d\n", PCPU_GET(cpuid)); 798 #endif 799 printf("time = %jd\n", (intmax_t )time_second); 800 #ifdef KDB 801 if (newpanic && trace_on_panic) 802 kdb_backtrace(); 803 if (debugger_on_panic) 804 kdb_enter(KDB_WHY_PANIC, "panic"); 805 #endif 806 /*thread_lock(td); */ 807 td->td_flags |= TDF_INPANIC; 808 /* thread_unlock(td); */ 809 if (!sync_on_panic) 810 bootopt |= RB_NOSYNC; 811 if (poweroff_on_panic) 812 bootopt |= RB_POWEROFF; 813 if (powercycle_on_panic) 814 bootopt |= RB_POWERCYCLE; 815 kern_reboot(bootopt); 816 } 817 818 /* 819 * Support for poweroff delay. 820 * 821 * Please note that setting this delay too short might power off your machine 822 * before the write cache on your hard disk has been flushed, leading to 823 * soft-updates inconsistencies. 824 */ 825 #ifndef POWEROFF_DELAY 826 # define POWEROFF_DELAY 5000 827 #endif 828 static int poweroff_delay = POWEROFF_DELAY; 829 830 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 831 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 832 833 static void 834 poweroff_wait(void *junk, int howto) 835 { 836 837 if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0) 838 return; 839 DELAY(poweroff_delay * 1000); 840 } 841 842 /* 843 * Some system processes (e.g. syncer) need to be stopped at appropriate 844 * points in their main loops prior to a system shutdown, so that they 845 * won't interfere with the shutdown process (e.g. by holding a disk buf 846 * to cause sync to fail). For each of these system processes, register 847 * shutdown_kproc() as a handler for one of shutdown events. 848 */ 849 static int kproc_shutdown_wait = 60; 850 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 851 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 852 853 void 854 kproc_shutdown(void *arg, int howto) 855 { 856 struct proc *p; 857 int error; 858 859 if (panicstr) 860 return; 861 862 p = (struct proc *)arg; 863 printf("Waiting (max %d seconds) for system process `%s' to stop... ", 864 kproc_shutdown_wait, p->p_comm); 865 error = kproc_suspend(p, kproc_shutdown_wait * hz); 866 867 if (error == EWOULDBLOCK) 868 printf("timed out\n"); 869 else 870 printf("done\n"); 871 } 872 873 void 874 kthread_shutdown(void *arg, int howto) 875 { 876 struct thread *td; 877 int error; 878 879 if (panicstr) 880 return; 881 882 td = (struct thread *)arg; 883 printf("Waiting (max %d seconds) for system thread `%s' to stop... ", 884 kproc_shutdown_wait, td->td_name); 885 error = kthread_suspend(td, kproc_shutdown_wait * hz); 886 887 if (error == EWOULDBLOCK) 888 printf("timed out\n"); 889 else 890 printf("done\n"); 891 } 892 893 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 894 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 895 dumpdevname, 0, "Device for kernel dumps"); 896 897 static int _dump_append(struct dumperinfo *di, void *virtual, 898 vm_offset_t physical, size_t length); 899 900 #ifdef EKCD 901 static struct kerneldumpcrypto * 902 kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, 903 const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) 904 { 905 struct kerneldumpcrypto *kdc; 906 struct kerneldumpkey *kdk; 907 uint32_t dumpkeysize; 908 909 dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); 910 kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); 911 912 arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); 913 914 kdc->kdc_encryption = encryption; 915 switch (kdc->kdc_encryption) { 916 case KERNELDUMP_ENC_AES_256_CBC: 917 if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) 918 goto failed; 919 break; 920 default: 921 goto failed; 922 } 923 924 kdc->kdc_dumpkeysize = dumpkeysize; 925 kdk = kdc->kdc_dumpkey; 926 kdk->kdk_encryption = kdc->kdc_encryption; 927 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 928 kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); 929 memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); 930 931 return (kdc); 932 failed: 933 explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); 934 free(kdc, M_EKCD); 935 return (NULL); 936 } 937 938 static int 939 kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) 940 { 941 uint8_t hash[SHA256_DIGEST_LENGTH]; 942 SHA256_CTX ctx; 943 struct kerneldumpkey *kdk; 944 int error; 945 946 error = 0; 947 948 if (kdc == NULL) 949 return (0); 950 951 /* 952 * When a user enters ddb it can write a crash dump multiple times. 953 * Each time it should be encrypted using a different IV. 954 */ 955 SHA256_Init(&ctx); 956 SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 957 SHA256_Final(hash, &ctx); 958 bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); 959 960 switch (kdc->kdc_encryption) { 961 case KERNELDUMP_ENC_AES_256_CBC: 962 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 963 kdc->kdc_iv) <= 0) { 964 error = EINVAL; 965 goto out; 966 } 967 break; 968 default: 969 error = EINVAL; 970 goto out; 971 } 972 973 kdk = kdc->kdc_dumpkey; 974 memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); 975 out: 976 explicit_bzero(hash, sizeof(hash)); 977 return (error); 978 } 979 980 static uint32_t 981 kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) 982 { 983 984 if (kdc == NULL) 985 return (0); 986 return (kdc->kdc_dumpkeysize); 987 } 988 #endif /* EKCD */ 989 990 #ifdef GZIO 991 static struct kerneldumpgz * 992 kerneldumpgz_create(struct dumperinfo *di, uint8_t compression) 993 { 994 struct kerneldumpgz *kdgz; 995 996 if (compression != KERNELDUMP_COMP_GZIP) 997 return (NULL); 998 kdgz = malloc(sizeof(*kdgz), M_DUMPER, M_WAITOK | M_ZERO); 999 kdgz->kdgz_stream = gzio_init(kerneldumpgz_write_cb, GZIO_DEFLATE, 1000 di->maxiosize, kerneldump_gzlevel, di); 1001 if (kdgz->kdgz_stream == NULL) { 1002 free(kdgz, M_DUMPER); 1003 return (NULL); 1004 } 1005 kdgz->kdgz_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP); 1006 return (kdgz); 1007 } 1008 1009 static void 1010 kerneldumpgz_destroy(struct dumperinfo *di) 1011 { 1012 struct kerneldumpgz *kdgz; 1013 1014 kdgz = di->kdgz; 1015 if (kdgz == NULL) 1016 return; 1017 gzio_fini(kdgz->kdgz_stream); 1018 explicit_bzero(kdgz->kdgz_buf, di->maxiosize); 1019 free(kdgz->kdgz_buf, M_DUMPER); 1020 free(kdgz, M_DUMPER); 1021 } 1022 #endif /* GZIO */ 1023 1024 /* Registration of dumpers */ 1025 int 1026 set_dumper(struct dumperinfo *di, const char *devname, struct thread *td, 1027 uint8_t compression, uint8_t encryption, const uint8_t *key, 1028 uint32_t encryptedkeysize, const uint8_t *encryptedkey) 1029 { 1030 size_t wantcopy; 1031 int error; 1032 1033 error = priv_check(td, PRIV_SETDUMPER); 1034 if (error != 0) 1035 return (error); 1036 1037 if (di == NULL) { 1038 error = 0; 1039 goto cleanup; 1040 } 1041 if (dumper.dumper != NULL) 1042 return (EBUSY); 1043 dumper = *di; 1044 dumper.blockbuf = NULL; 1045 dumper.kdc = NULL; 1046 dumper.kdgz = NULL; 1047 1048 if (encryption != KERNELDUMP_ENC_NONE) { 1049 #ifdef EKCD 1050 dumper.kdc = kerneldumpcrypto_create(di->blocksize, encryption, 1051 key, encryptedkeysize, encryptedkey); 1052 if (dumper.kdc == NULL) { 1053 error = EINVAL; 1054 goto cleanup; 1055 } 1056 #else 1057 error = EOPNOTSUPP; 1058 goto cleanup; 1059 #endif 1060 } 1061 1062 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 1063 if (wantcopy >= sizeof(dumpdevname)) { 1064 printf("set_dumper: device name truncated from '%s' -> '%s'\n", 1065 devname, dumpdevname); 1066 } 1067 1068 if (compression != KERNELDUMP_COMP_NONE) { 1069 #ifdef GZIO 1070 /* 1071 * We currently can't support simultaneous encryption and 1072 * compression. 1073 */ 1074 if (encryption != KERNELDUMP_ENC_NONE) { 1075 error = EOPNOTSUPP; 1076 goto cleanup; 1077 } 1078 dumper.kdgz = kerneldumpgz_create(&dumper, compression); 1079 if (dumper.kdgz == NULL) { 1080 error = EINVAL; 1081 goto cleanup; 1082 } 1083 #else 1084 error = EOPNOTSUPP; 1085 goto cleanup; 1086 #endif 1087 } 1088 1089 dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO); 1090 return (0); 1091 cleanup: 1092 #ifdef EKCD 1093 if (dumper.kdc != NULL) { 1094 explicit_bzero(dumper.kdc, sizeof(*dumper.kdc) + 1095 dumper.kdc->kdc_dumpkeysize); 1096 free(dumper.kdc, M_EKCD); 1097 } 1098 #endif 1099 1100 #ifdef GZIO 1101 kerneldumpgz_destroy(&dumper); 1102 #endif 1103 1104 if (dumper.blockbuf != NULL) { 1105 explicit_bzero(dumper.blockbuf, dumper.blocksize); 1106 free(dumper.blockbuf, M_DUMPER); 1107 } 1108 explicit_bzero(&dumper, sizeof(dumper)); 1109 dumpdevname[0] = '\0'; 1110 return (error); 1111 } 1112 1113 static int 1114 dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) 1115 { 1116 1117 if (length != 0 && (offset < di->mediaoffset || 1118 offset - di->mediaoffset + length > di->mediasize)) { 1119 printf("Attempt to write outside dump device boundaries.\n" 1120 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 1121 (intmax_t)offset, (intmax_t)di->mediaoffset, 1122 (uintmax_t)length, (intmax_t)di->mediasize); 1123 return (ENOSPC); 1124 } 1125 if (length % di->blocksize != 0) { 1126 printf("Attempt to write partial block of length %ju.\n", 1127 (uintmax_t)length); 1128 return (EINVAL); 1129 } 1130 if (offset % di->blocksize != 0) { 1131 printf("Attempt to write at unaligned offset %jd.\n", 1132 (intmax_t)offset); 1133 return (EINVAL); 1134 } 1135 1136 return (0); 1137 } 1138 1139 #ifdef EKCD 1140 static int 1141 dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) 1142 { 1143 1144 switch (kdc->kdc_encryption) { 1145 case KERNELDUMP_ENC_AES_256_CBC: 1146 if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 1147 8 * size, buf) <= 0) { 1148 return (EIO); 1149 } 1150 if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, 1151 buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { 1152 return (EIO); 1153 } 1154 break; 1155 default: 1156 return (EINVAL); 1157 } 1158 1159 return (0); 1160 } 1161 1162 /* Encrypt data and call dumper. */ 1163 static int 1164 dump_encrypted_write(struct dumperinfo *di, void *virtual, 1165 vm_offset_t physical, off_t offset, size_t length) 1166 { 1167 static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; 1168 struct kerneldumpcrypto *kdc; 1169 int error; 1170 size_t nbytes; 1171 1172 kdc = di->kdc; 1173 1174 while (length > 0) { 1175 nbytes = MIN(length, sizeof(buf)); 1176 bcopy(virtual, buf, nbytes); 1177 1178 if (dump_encrypt(kdc, buf, nbytes) != 0) 1179 return (EIO); 1180 1181 error = dump_write(di, buf, physical, offset, nbytes); 1182 if (error != 0) 1183 return (error); 1184 1185 offset += nbytes; 1186 virtual = (void *)((uint8_t *)virtual + nbytes); 1187 length -= nbytes; 1188 } 1189 1190 return (0); 1191 } 1192 1193 static int 1194 dump_write_key(struct dumperinfo *di, off_t offset) 1195 { 1196 struct kerneldumpcrypto *kdc; 1197 1198 kdc = di->kdc; 1199 if (kdc == NULL) 1200 return (0); 1201 return (dump_write(di, kdc->kdc_dumpkey, 0, offset, 1202 kdc->kdc_dumpkeysize)); 1203 } 1204 #endif /* EKCD */ 1205 1206 #ifdef GZIO 1207 static int 1208 kerneldumpgz_write_cb(void *base, size_t length, off_t offset, void *arg) 1209 { 1210 struct dumperinfo *di; 1211 size_t resid, rlength; 1212 int error; 1213 1214 di = arg; 1215 1216 if (length % di->blocksize != 0) { 1217 /* 1218 * This must be the final write after flushing the compression 1219 * stream. Write as many full blocks as possible and stash the 1220 * residual data in the dumper's block buffer. It will be 1221 * padded and written in dump_finish(). 1222 */ 1223 rlength = rounddown(length, di->blocksize); 1224 if (rlength != 0) { 1225 error = _dump_append(di, base, 0, rlength); 1226 if (error != 0) 1227 return (error); 1228 } 1229 resid = length - rlength; 1230 memmove(di->blockbuf, (uint8_t *)base + rlength, resid); 1231 di->kdgz->kdgz_resid = resid; 1232 return (EAGAIN); 1233 } 1234 return (_dump_append(di, base, 0, length)); 1235 } 1236 #endif /* GZIO */ 1237 1238 /* 1239 * Write a kerneldumpheader at the specified offset. The header structure is 512 1240 * bytes in size, but we must pad to the device sector size. 1241 */ 1242 static int 1243 dump_write_header(struct dumperinfo *di, struct kerneldumpheader *kdh, 1244 off_t offset) 1245 { 1246 void *buf; 1247 size_t hdrsz; 1248 1249 hdrsz = sizeof(*kdh); 1250 if (hdrsz > di->blocksize) 1251 return (ENOMEM); 1252 1253 if (hdrsz == di->blocksize) 1254 buf = kdh; 1255 else { 1256 buf = di->blockbuf; 1257 memset(buf, 0, di->blocksize); 1258 memcpy(buf, kdh, hdrsz); 1259 } 1260 1261 return (dump_write(di, buf, 0, offset, di->blocksize)); 1262 } 1263 1264 /* 1265 * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to 1266 * protect us from metadata and metadata from us. 1267 */ 1268 #define SIZEOF_METADATA (64 * 1024) 1269 1270 /* 1271 * Do some preliminary setup for a kernel dump: initialize state for encryption, 1272 * if requested, and make sure that we have enough space on the dump device. 1273 * 1274 * We set things up so that the dump ends before the last sector of the dump 1275 * device, at which the trailing header is written. 1276 * 1277 * +-----------+------+-----+----------------------------+------+ 1278 * | | lhdr | key | ... kernel dump ... | thdr | 1279 * +-----------+------+-----+----------------------------+------+ 1280 * 1 blk opt <------- dump extent --------> 1 blk 1281 * 1282 * Dumps written using dump_append() start at the beginning of the extent. 1283 * Uncompressed dumps will use the entire extent, but compressed dumps typically 1284 * will not. The true length of the dump is recorded in the leading and trailing 1285 * headers once the dump has been completed. 1286 */ 1287 int 1288 dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh) 1289 { 1290 uint64_t dumpextent; 1291 uint32_t keysize; 1292 1293 #ifdef EKCD 1294 int error = kerneldumpcrypto_init(di->kdc); 1295 if (error != 0) 1296 return (error); 1297 keysize = kerneldumpcrypto_dumpkeysize(di->kdc); 1298 #else 1299 keysize = 0; 1300 #endif 1301 1302 dumpextent = dtoh64(kdh->dumpextent); 1303 if (di->mediasize < SIZEOF_METADATA + dumpextent + 2 * di->blocksize + 1304 keysize) { 1305 #ifdef GZIO 1306 if (di->kdgz != NULL) { 1307 /* 1308 * We don't yet know how much space the compressed dump 1309 * will occupy, so try to use the whole swap partition 1310 * (minus the first 64KB) in the hope that the 1311 * compressed dump will fit. If that doesn't turn out to 1312 * be enouch, the bounds checking in dump_write() 1313 * will catch us and cause the dump to fail. 1314 */ 1315 dumpextent = di->mediasize - SIZEOF_METADATA - 1316 2 * di->blocksize - keysize; 1317 kdh->dumpextent = htod64(dumpextent); 1318 } else 1319 #endif 1320 return (E2BIG); 1321 } 1322 1323 /* The offset at which to begin writing the dump. */ 1324 di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize - 1325 dumpextent; 1326 1327 return (0); 1328 } 1329 1330 static int 1331 _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1332 size_t length) 1333 { 1334 int error; 1335 1336 #ifdef EKCD 1337 if (di->kdc != NULL) 1338 error = dump_encrypted_write(di, virtual, physical, di->dumpoff, 1339 length); 1340 else 1341 #endif 1342 error = dump_write(di, virtual, physical, di->dumpoff, length); 1343 if (error == 0) 1344 di->dumpoff += length; 1345 return (error); 1346 } 1347 1348 /* 1349 * Write to the dump device starting at dumpoff. When compression is enabled, 1350 * writes to the device will be performed using a callback that gets invoked 1351 * when the compression stream's output buffer is full. 1352 */ 1353 int 1354 dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1355 size_t length) 1356 { 1357 #ifdef GZIO 1358 void *buf; 1359 1360 if (di->kdgz != NULL) { 1361 /* Bounce through a buffer to avoid gzip CRC errors. */ 1362 if (length > di->maxiosize) 1363 return (EINVAL); 1364 buf = di->kdgz->kdgz_buf; 1365 memmove(buf, virtual, length); 1366 return (gzio_write(di->kdgz->kdgz_stream, buf, length)); 1367 } 1368 #endif 1369 return (_dump_append(di, virtual, physical, length)); 1370 } 1371 1372 /* 1373 * Write to the dump device at the specified offset. 1374 */ 1375 int 1376 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 1377 off_t offset, size_t length) 1378 { 1379 int error; 1380 1381 error = dump_check_bounds(di, offset, length); 1382 if (error != 0) 1383 return (error); 1384 return (di->dumper(di->priv, virtual, physical, offset, length)); 1385 } 1386 1387 /* 1388 * Perform kernel dump finalization: flush the compression stream, if necessary, 1389 * write the leading and trailing kernel dump headers now that we know the true 1390 * length of the dump, and optionally write the encryption key following the 1391 * leading header. 1392 */ 1393 int 1394 dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) 1395 { 1396 uint64_t extent; 1397 uint32_t keysize; 1398 int error; 1399 1400 extent = dtoh64(kdh->dumpextent); 1401 1402 #ifdef EKCD 1403 keysize = kerneldumpcrypto_dumpkeysize(di->kdc); 1404 #else 1405 keysize = 0; 1406 #endif 1407 1408 #ifdef GZIO 1409 if (di->kdgz != NULL) { 1410 error = gzio_flush(di->kdgz->kdgz_stream); 1411 if (error == EAGAIN) { 1412 /* We have residual data in di->blockbuf. */ 1413 error = dump_write(di, di->blockbuf, 0, di->dumpoff, 1414 di->blocksize); 1415 di->dumpoff += di->kdgz->kdgz_resid; 1416 di->kdgz->kdgz_resid = 0; 1417 } 1418 if (error != 0) 1419 return (error); 1420 1421 /* 1422 * We now know the size of the compressed dump, so update the 1423 * header accordingly and recompute parity. 1424 */ 1425 kdh->dumplength = htod64(di->dumpoff - 1426 (di->mediaoffset + di->mediasize - di->blocksize - extent)); 1427 kdh->parity = 0; 1428 kdh->parity = kerneldump_parity(kdh); 1429 1430 gzio_reset(di->kdgz->kdgz_stream); 1431 } 1432 #endif 1433 1434 /* 1435 * Write kerneldump headers at the beginning and end of the dump extent. 1436 * Write the key after the leading header. 1437 */ 1438 error = dump_write_header(di, kdh, 1439 di->mediaoffset + di->mediasize - 2 * di->blocksize - extent - 1440 keysize); 1441 if (error != 0) 1442 return (error); 1443 1444 #ifdef EKCD 1445 error = dump_write_key(di, 1446 di->mediaoffset + di->mediasize - di->blocksize - extent - keysize); 1447 if (error != 0) 1448 return (error); 1449 #endif 1450 1451 error = dump_write_header(di, kdh, 1452 di->mediaoffset + di->mediasize - di->blocksize); 1453 if (error != 0) 1454 return (error); 1455 1456 (void)dump_write(di, NULL, 0, 0, 0); 1457 return (0); 1458 } 1459 1460 void 1461 dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh, 1462 char *magic, uint32_t archver, uint64_t dumplen) 1463 { 1464 size_t dstsize; 1465 1466 bzero(kdh, sizeof(*kdh)); 1467 strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 1468 strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 1469 kdh->version = htod32(KERNELDUMPVERSION); 1470 kdh->architectureversion = htod32(archver); 1471 kdh->dumplength = htod64(dumplen); 1472 kdh->dumpextent = kdh->dumplength; 1473 kdh->dumptime = htod64(time_second); 1474 #ifdef EKCD 1475 kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdc)); 1476 #else 1477 kdh->dumpkeysize = 0; 1478 #endif 1479 kdh->blocksize = htod32(di->blocksize); 1480 strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 1481 dstsize = sizeof(kdh->versionstring); 1482 if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) 1483 kdh->versionstring[dstsize - 2] = '\n'; 1484 if (panicstr != NULL) 1485 strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 1486 #ifdef GZIO 1487 if (di->kdgz != NULL) 1488 kdh->compression = KERNELDUMP_COMP_GZIP; 1489 #endif 1490 kdh->parity = kerneldump_parity(kdh); 1491 } 1492 1493 #ifdef DDB 1494 DB_SHOW_COMMAND(panic, db_show_panic) 1495 { 1496 1497 if (panicstr == NULL) 1498 db_printf("panicstr not set\n"); 1499 else 1500 db_printf("panic: %s\n", panicstr); 1501 } 1502 #endif 1503