Index: head/sbin/decryptcore/decryptcore.c =================================================================== --- head/sbin/decryptcore/decryptcore.c (revision 348196) +++ head/sbin/decryptcore/decryptcore.c (revision 348197) @@ -1,392 +1,412 @@ /*- * Copyright (c) 2016 Konrad Witaszczyk * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "pjdlog.h" #define DECRYPTCORE_CRASHDIR "/var/crash" static void usage(void) { pjdlog_exitx(1, "usage: decryptcore [-fLv] -p privatekeyfile -k keyfile -e encryptedcore -c core\n" " decryptcore [-fLv] [-d crashdir] -p privatekeyfile -n dumpnr"); } static int wait_for_process(pid_t pid) { int status; if (waitpid(pid, &status, WUNTRACED | WEXITED) == -1) { pjdlog_errno(LOG_ERR, "Unable to wait for a child process"); return (1); } if (WIFEXITED(status)) return (WEXITSTATUS(status)); return (1); } static struct kerneldumpkey * read_key(int kfd) { struct kerneldumpkey *kdk; ssize_t size; size_t kdksize; PJDLOG_ASSERT(kfd >= 0); kdksize = sizeof(*kdk); kdk = calloc(1, kdksize); if (kdk == NULL) { pjdlog_errno(LOG_ERR, "Unable to allocate kernel dump key"); goto failed; } size = read(kfd, kdk, kdksize); if (size == (ssize_t)kdksize) { kdk->kdk_encryptedkeysize = dtoh32(kdk->kdk_encryptedkeysize); kdksize += (size_t)kdk->kdk_encryptedkeysize; kdk = realloc(kdk, kdksize); if (kdk == NULL) { pjdlog_errno(LOG_ERR, "Unable to reallocate kernel dump key"); goto failed; } size += read(kfd, &kdk->kdk_encryptedkey, kdk->kdk_encryptedkeysize); } if (size != (ssize_t)kdksize) { pjdlog_errno(LOG_ERR, "Unable to read key"); goto failed; } return (kdk); failed: free(kdk); return (NULL); } static bool decrypt(int ofd, const char *privkeyfile, const char *keyfile, const char *input) { - uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE]; + uint8_t buf[KERNELDUMP_BUFFER_SIZE], key[KERNELDUMP_KEY_MAX_SIZE], + chachaiv[4 * 4]; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher; FILE *fp; struct kerneldumpkey *kdk; RSA *privkey; int ifd, kfd, olen, privkeysize; ssize_t bytes; pid_t pid; PJDLOG_ASSERT(ofd >= 0); PJDLOG_ASSERT(privkeyfile != NULL); PJDLOG_ASSERT(keyfile != NULL); PJDLOG_ASSERT(input != NULL); ctx = NULL; privkey = NULL; /* * Decrypt a core dump in a child process so we can unlink a partially * decrypted core if the child process fails. */ pid = fork(); if (pid == -1) { pjdlog_errno(LOG_ERR, "Unable to create child process"); close(ofd); return (false); } if (pid > 0) { close(ofd); return (wait_for_process(pid) == 0); } kfd = open(keyfile, O_RDONLY); if (kfd == -1) { pjdlog_errno(LOG_ERR, "Unable to open %s", keyfile); goto failed; } ifd = open(input, O_RDONLY); if (ifd == -1) { pjdlog_errno(LOG_ERR, "Unable to open %s", input); goto failed; } fp = fopen(privkeyfile, "r"); if (fp == NULL) { pjdlog_errno(LOG_ERR, "Unable to open %s", privkeyfile); goto failed; } if (caph_enter() < 0) { pjdlog_errno(LOG_ERR, "Unable to enter capability mode"); goto failed; } privkey = RSA_new(); if (privkey == NULL) { pjdlog_error("Unable to allocate an RSA structure: %s", ERR_error_string(ERR_get_error(), NULL)); goto failed; } ctx = EVP_CIPHER_CTX_new(); if (ctx == NULL) goto failed; kdk = read_key(kfd); close(kfd); if (kdk == NULL) goto failed; privkey = PEM_read_RSAPrivateKey(fp, &privkey, NULL, NULL); fclose(fp); if (privkey == NULL) { pjdlog_error("Unable to read data from %s.", privkeyfile); goto failed; } privkeysize = RSA_size(privkey); if (privkeysize != (int)kdk->kdk_encryptedkeysize) { pjdlog_error("RSA modulus size mismatch: equals %db and should be %ub.", 8 * privkeysize, 8 * kdk->kdk_encryptedkeysize); goto failed; } switch (kdk->kdk_encryption) { case KERNELDUMP_ENC_AES_256_CBC: cipher = EVP_aes_256_cbc(); break; + case KERNELDUMP_ENC_CHACHA20: + cipher = EVP_chacha20(); + break; default: pjdlog_error("Invalid encryption algorithm."); goto failed; } if (RSA_private_decrypt(kdk->kdk_encryptedkeysize, kdk->kdk_encryptedkey, key, privkey, RSA_PKCS1_PADDING) != sizeof(key)) { pjdlog_error("Unable to decrypt key: %s", ERR_error_string(ERR_get_error(), NULL)); goto failed; } RSA_free(privkey); privkey = NULL; - EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv); + if (kdk->kdk_encryption == KERNELDUMP_ENC_CHACHA20) { + /* + * OpenSSL treats the IV as 4 little-endian 32 bit integers. + * + * The first two represent a 64-bit counter, where the low half + * is the first 32-bit word. + * + * Start at counter block zero... + */ + memset(chachaiv, 0, 4 * 2); + /* + * And use the IV specified by the dump. + */ + memcpy(&chachaiv[4 * 2], kdk->kdk_iv, 4 * 2); + EVP_DecryptInit_ex(ctx, cipher, NULL, key, chachaiv); + } else + EVP_DecryptInit_ex(ctx, cipher, NULL, key, kdk->kdk_iv); EVP_CIPHER_CTX_set_padding(ctx, 0); explicit_bzero(key, sizeof(key)); do { bytes = read(ifd, buf, sizeof(buf)); if (bytes < 0) { pjdlog_errno(LOG_ERR, "Unable to read data from %s", input); goto failed; } if (bytes > 0) { if (EVP_DecryptUpdate(ctx, buf, &olen, buf, bytes) == 0) { pjdlog_error("Unable to decrypt core."); goto failed; } } else { if (EVP_DecryptFinal_ex(ctx, buf, &olen) == 0) { pjdlog_error("Unable to decrypt core."); goto failed; } } if (olen > 0 && write(ofd, buf, olen) != olen) { pjdlog_errno(LOG_ERR, "Unable to write core"); goto failed; } } while (bytes > 0); explicit_bzero(buf, sizeof(buf)); EVP_CIPHER_CTX_free(ctx); exit(0); failed: explicit_bzero(key, sizeof(key)); explicit_bzero(buf, sizeof(buf)); RSA_free(privkey); if (ctx != NULL) EVP_CIPHER_CTX_free(ctx); exit(1); } int main(int argc, char **argv) { char core[PATH_MAX], encryptedcore[PATH_MAX], keyfile[PATH_MAX]; const char *crashdir, *dumpnr, *privatekey; int ch, debug, error, ofd; size_t ii; bool force, usesyslog; error = 1; pjdlog_init(PJDLOG_MODE_STD); pjdlog_prefix_set("(decryptcore) "); debug = 0; *core = '\0'; crashdir = NULL; dumpnr = NULL; *encryptedcore = '\0'; force = false; *keyfile = '\0'; privatekey = NULL; usesyslog = false; while ((ch = getopt(argc, argv, "Lc:d:e:fk:n:p:v")) != -1) { switch (ch) { case 'L': usesyslog = true; break; case 'c': if (strlcpy(core, optarg, sizeof(core)) >= sizeof(core)) pjdlog_exitx(1, "Core file path is too long."); break; case 'd': crashdir = optarg; break; case 'e': if (strlcpy(encryptedcore, optarg, sizeof(encryptedcore)) >= sizeof(encryptedcore)) { pjdlog_exitx(1, "Encrypted core file path is too long."); } break; case 'f': force = true; break; case 'k': if (strlcpy(keyfile, optarg, sizeof(keyfile)) >= sizeof(keyfile)) { pjdlog_exitx(1, "Key file path is too long."); } break; case 'n': dumpnr = optarg; break; case 'p': privatekey = optarg; break; case 'v': debug++; break; default: usage(); } } argc -= optind; argv += optind; if (argc != 0) usage(); /* Verify mutually exclusive options. */ if ((crashdir != NULL || dumpnr != NULL) && (*keyfile != '\0' || *encryptedcore != '\0' || *core != '\0')) { usage(); } /* * Set key, encryptedcore and core file names using crashdir and dumpnr. */ if (dumpnr != NULL) { for (ii = 0; ii < strnlen(dumpnr, PATH_MAX); ii++) { if (isdigit((int)dumpnr[ii]) == 0) usage(); } if (crashdir == NULL) crashdir = DECRYPTCORE_CRASHDIR; PJDLOG_VERIFY(snprintf(keyfile, sizeof(keyfile), "%s/key.%s", crashdir, dumpnr) > 0); PJDLOG_VERIFY(snprintf(core, sizeof(core), "%s/vmcore.%s", crashdir, dumpnr) > 0); PJDLOG_VERIFY(snprintf(encryptedcore, sizeof(encryptedcore), "%s/vmcore_encrypted.%s", crashdir, dumpnr) > 0); } if (privatekey == NULL || *keyfile == '\0' || *encryptedcore == '\0' || *core == '\0') { usage(); } if (usesyslog) pjdlog_mode_set(PJDLOG_MODE_SYSLOG); pjdlog_debug_set(debug); if (force && unlink(core) == -1 && errno != ENOENT) { pjdlog_errno(LOG_ERR, "Unable to remove old core"); goto out; } ofd = open(core, O_WRONLY | O_CREAT | O_EXCL, 0600); if (ofd == -1) { pjdlog_errno(LOG_ERR, "Unable to open %s", core); goto out; } if (!decrypt(ofd, privatekey, keyfile, encryptedcore)) { if (unlink(core) == -1 && errno != ENOENT) pjdlog_errno(LOG_ERR, "Unable to remove core"); goto out; } error = 0; out: pjdlog_fini(); exit(error); } Index: head/sbin/dumpon/dumpon.8 =================================================================== --- head/sbin/dumpon/dumpon.8 (revision 348196) +++ head/sbin/dumpon/dumpon.8 (revision 348197) @@ -1,448 +1,454 @@ .\" Copyright (c) 1980, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" From: @(#)swapon.8 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 21, 2019 +.Dd May 23, 2019 .Dt DUMPON 8 .Os .Sh NAME .Nm dumpon .Nd "specify a device for crash dumps" .Sh SYNOPSIS .Nm .Op Fl i Ar index .Op Fl r .Op Fl v +.Op Fl C Ar cipher .Op Fl k Ar pubkey .Op Fl Z .Op Fl z .Ar device .Nm .Op Fl i Ar index .Op Fl r .Op Fl v +.Op Fl C Ar cipher .Op Fl k Ar pubkey .Op Fl Z .Op Fl z .Op Fl g Ar gateway .Fl s Ar server .Fl c Ar client .Ar iface .Nm .Op Fl v .Cm off .Nm .Op Fl v .Fl l .Sh DESCRIPTION The .Nm utility is used to configure where the kernel can save a crash dump in the case of a panic. .Pp System administrators should typically configure .Nm in a persistent fashion using the .Xr rc.conf 5 variables .Va dumpdev and .Va dumpon_flags . For more information on this usage, see .Xr rc.conf 5 . .Pp Starting in .Fx 13.0 , .Nm can configure a series of fallback dump devices. For example, an administrator may prefer .Xr netdump 4 by default, but if the .Xr netdump 4 service cannot be reached or some other failure occurs, they might choose a local disk dump as a second choice option. .Ss General options .Bl -tag -width _k_pubkey .It Fl i Ar index Insert the specified dump configuration into the prioritized fallback dump device list at the specified index, starting at zero. .Pp If .Fl i is not specified, the configured dump device is appended to the prioritized list. .It Fl r Remove the specified dump device configuration or configurations from the fallback dump device list rather than inserting or appending it. In contrast, .Do .Nm off .Dc removes all configured devices. Conflicts with .Fl i . .It Fl k Ar pubkey Configure encrypted kernel dumps. .Pp A random, one-time symmetric key is automatically generated for bulk kernel dump encryption every time .Nm is used. The provided .Ar pubkey is used to encrypt a copy of the symmetric key. The encrypted dump contents consist of a standard dump header, the pubkey-encrypted symmetric key contents, and the symmetric key encrypted core dump contents. .Pp As a result, only someone with the corresponding private key can decrypt the symmetric key. The symmetric key is necessary to decrypt the kernel core. The goal of the mechanism is to provide confidentiality. .Pp The .Va pubkey file should be a PEM-formatted RSA key of at least 1024 bits. +.It Fl C Ar cipher +Select the symmetric algorithm used for encrypted kernel crash dump. +The default is +.Dq chacha20 +but +.Dq aes256-cbc +is also available. +(AES256-CBC mode does not work in conjunction with compression.) .It Fl l List the currently configured dump device(s), or /dev/null if no devices are configured. .It Fl v Enable verbose mode. .It Fl Z Enable compression (Zstandard). .It Fl z Enable compression (gzip). Only one compression method may be enabled at a time, so .Fl z is incompatible with .Fl Z . .Pp Zstandard provides superior compression ratio and performance. .El .Ss Netdump .Nm may also configure the kernel to dump to a remote .Xr netdumpd 8 server. (The .Xr netdumpd 8 server is available in ports.) .Xr netdump 4 eliminates the need to reserve space for crash dumps. It is especially useful in diskless environments. When .Nm is used to configure netdump, the .Ar device (or .Ar iface ) parameter should specify a network interface (e.g., .Va igb1 ) . The specified NIC must be up (online) to configure netdump. .Pp .Xr netdump 4 specific options include: .Bl -tag -width _g_gateway .It Fl c Ar client The local IP address of the .Xr netdump 4 client. .It Fl g Ar gateway The first-hop router between .Ar client and .Ar server . If the .Fl g option is not specified and the system has a default route, the default router is used as the .Xr netdump 4 gateway. If the .Fl g option is not specified and the system does not have a default route, .Ar server is assumed to be on the same link as .Ar client . .It Fl s Ar server The IP address of the .Xr netdumpd 8 server. .El .Pp All of these options can be specified in the .Xr rc.conf 5 variable .Va dumpon_flags . .Ss Minidumps The default type of kernel crash dump is the mini crash dump. Mini crash dumps hold only memory pages in use by the kernel. Alternatively, full memory dumps can be enabled by setting the .Va debug.minidump .Xr sysctl 8 variable to 0. .Ss Full dumps For systems using full memory dumps, the size of the specified dump device must be at least the size of physical memory. Even though an additional 64 kB header is added to the dump, the BIOS for a platform typically holds back some memory, so it is not usually necessary to size the dump device larger than the actual amount of RAM available in the machine. Also, when using full memory dumps, the .Nm utility will refuse to enable a dump device which is smaller than the total amount of physical memory as reported by the .Va hw.physmem .Xr sysctl 8 variable. .Sh IMPLEMENTATION NOTES Because the file system layer is already dead by the time a crash dump is taken, it is not possible to send crash dumps directly to a file. .Pp The .Xr loader 8 variable .Va dumpdev may be used to enable early kernel core dumps for system panics which occur before userspace starts. .Sh EXAMPLES In order to generate an RSA private key, a user can use the .Xr genrsa 1 tool: .Pp .Dl # openssl genrsa -out private.pem 4096 .Pp A public key can be extracted from the private key using the .Xr rsa 1 tool: .Pp .Dl # openssl rsa -in private.pem -out public.pem -pubout .Pp Once the RSA keys are created in a safe place, the public key may be moved to the untrusted netdump client machine. Now .Pa public.pem can be used by .Nm to configure encrypted kernel crash dumps: .Pp .Dl # dumpon -k public.pem /dev/ada0s1b .Pp It is recommended to test if the kernel saves encrypted crash dumps using the current configuration. The easiest way to do that is to cause a kernel panic using the .Xr ddb 4 debugger: .Pp .Dl # sysctl debug.kdb.panic=1 .Pp In the debugger the following commands should be typed to write a core dump and reboot: .Pp .Dl db> call doadump(0) .Dl db> reset .Pp After reboot .Xr savecore 8 should be able to save the core dump in the .Va Dq dumpdir directory, which is .Pa /var/crash by default: .Pp .Dl # savecore /dev/ada0s1b .Pp Three files should be created in the core directory: .Pa info.# , .Pa key.# and .Pa vmcore_encrypted.# (where .Dq # is the number of the last core dump saved by .Xr savecore 8 ) . The .Pa vmcore_encrypted.# can be decrypted using the .Xr decryptcore 8 utility: .Pp .Dl # decryptcore -p private.pem -k key.# -e vmcore_encrypted.# -c vmcore.# .Pp or shorter: .Pp .Dl # decryptcore -p private.pem -n # .Pp The .Pa vmcore.# can be now examined using .Xr kgdb 1 : .Pp .Dl # kgdb /boot/kernel/kernel vmcore.# .Pp or shorter: .Pp .Dl # kgdb -n # .Pp The core was decrypted properly if .Xr kgdb 1 does not print any errors. Note that the live kernel might be at a different path which can be examined by looking at the .Va kern.bootfile .Xr sysctl 8 . .Pp The .Nm .Xr rc 8 script runs early during boot, typically before networking is configured. This makes it unsuitable for configuring .Xr netdump when the client address is dynamic. To configure .Xr netdump when .Xr dhclient binds to a server, .Xr dhclient-script can be used to run .Xr dumpon . For example, to automatically configure .Xr netdump on the vtnet0 interface, add the following to .Pa /etc/dhclient-exit-hooks . .Bd -literal case $reason in BOUND|REBIND|REBOOT|RENEW) if [ "$interface" != vtnet0 ] || [ -n "$old_ip_address" -a \\ "$old_ip_address" = "$new_ip_address" ]; then break fi if [ -n "$new_routers" ]; then # Take the first router in the list. gateway_flag="-g ${new_routers%% *}" fi # Configure as the highest-priority dump device. dumpon -i 0 -c $new_ip_address -s $server $gateway_flag vtnet0 ;; esac .Ed .Pp Be sure to fill in the server IP address and change the interface name if needed. .Sh SEE ALSO .Xr gzip 1 , .Xr kgdb 1 , .Xr zstd 1 , .Xr ddb 4 , .Xr netdump 4 , .Xr fstab 5 , .Xr rc.conf 5 , .Xr config 8 , .Xr decryptcore 8 , .Xr init 8 , .Xr loader 8 , .Xr rc 8 , .Xr savecore 8 , .Xr swapon 8 , .Xr panic 9 .Sh HISTORY The .Nm utility appeared in .Fx 2.0.5 . .Pp Support for encrypted kernel core dumps and netdump was added in .Fx 12.0 . .Sh AUTHORS The .Nm manual page was written by .An Mark Johnston Aq Mt markj@FreeBSD.org , .An Conrad Meyer Aq Mt cem@FreeBSD.org , .An Konrad Witaszczyk Aq Mt def@FreeBSD.org , and countless others. .Sh CAVEATS To configure encrypted kernel core dumps, the running kernel must have been compiled with the .Dv EKCD option. .Pp Netdump does not automatically update the configured .Ar gateway if routing topology changes. .Pp The size of a compressed dump or a minidump is not a fixed function of RAM size. Therefore, when at least one of these options is enabled, the .Nm utility cannot verify that the .Ar device has sufficient space for a dump. .Nm is also unable to verify that a configured .Xr netdumpd 8 server has sufficient space for a dump. .Pp .Fl Z requires a kernel compiled with the .Dv ZSTDIO kernel option. Similarly, .Fl z requires the .Dv GZIO option. .Sh BUGS -It is currently not possible to configure both compression and encryption. -The encrypted dump format assumes that the kernel dump size is a multiple -of the cipher block size, which may not be true when the dump is compressed. -.Pp Netdump only supports IPv4 at this time. .Sh SECURITY CONSIDERATIONS The current encrypted kernel core dump scheme does not provide integrity nor authentication. That is, the recipient of an encrypted kernel core dump cannot know if they received an intact core dump, nor can they verify the provenance of the dump. .Pp RSA keys smaller than 1024 bits are practical to factor and therefore weak. Even 1024 bit keys may not be large enough to ensure privacy for many years, so NIST recommends a minimum of 2048 bit RSA keys. As a seatbelt, .Nm prevents users from configuring encrypted kernel dumps with extremely weak RSA keys. If you do not care for cryptographic privacy guarantees, just use .Nm without specifying a .Fl k Ar pubkey option. .Pp This process is sandboxed using .Xr capsicum 4 . Index: head/sbin/dumpon/dumpon.c =================================================================== --- head/sbin/dumpon/dumpon.c (revision 348196) +++ head/sbin/dumpon/dumpon.c (revision 348197) @@ -1,560 +1,586 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1980, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if 0 #ifndef lint static const char copyright[] = "@(#) Copyright (c) 1980, 1993\n\ The Regents of the University of California. All rights reserved.\n"; #endif /* not lint */ #ifndef lint static char sccsid[] = "From: @(#)swapon.c 8.1 (Berkeley) 6/5/93"; #endif /* not lint */ #endif #include __FBSDID("$FreeBSD$"); #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_CRYPTO #include #include #include #endif static int verbose; static void _Noreturn usage(void) { fprintf(stderr, "usage: dumpon [-i index] [-r] [-v] [-k ] [-Zz] \n" " dumpon [-i index] [-r] [-v] [-k ] [-Zz]\n" " [-g ] -s -c \n" " dumpon [-v] off\n" " dumpon [-v] -l\n"); exit(EX_USAGE); } /* * Look for a default route on the specified interface. */ static char * find_gateway(const char *ifname) { struct ifaddrs *ifa, *ifap; struct rt_msghdr *rtm; struct sockaddr *sa; struct sockaddr_dl *sdl; struct sockaddr_in *dst, *mask, *gw; char *buf, *next, *ret; size_t sz; int error, i, ifindex, mib[7]; /* First look up the interface index. */ if (getifaddrs(&ifap) != 0) err(EX_OSERR, "getifaddrs"); for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr->sa_family != AF_LINK) continue; if (strcmp(ifa->ifa_name, ifname) == 0) { sdl = (struct sockaddr_dl *)(void *)ifa->ifa_addr; ifindex = sdl->sdl_index; break; } } if (ifa == NULL) errx(1, "couldn't find interface index for '%s'", ifname); freeifaddrs(ifap); /* Now get the IPv4 routing table. */ mib[0] = CTL_NET; mib[1] = PF_ROUTE; mib[2] = 0; mib[3] = AF_INET; mib[4] = NET_RT_DUMP; mib[5] = 0; mib[6] = -1; /* FIB */ for (;;) { if (sysctl(mib, nitems(mib), NULL, &sz, NULL, 0) != 0) err(EX_OSERR, "sysctl(NET_RT_DUMP)"); buf = malloc(sz); error = sysctl(mib, nitems(mib), buf, &sz, NULL, 0); if (error == 0) break; if (errno != ENOMEM) err(EX_OSERR, "sysctl(NET_RT_DUMP)"); free(buf); } ret = NULL; for (next = buf; next < buf + sz; next += rtm->rtm_msglen) { rtm = (struct rt_msghdr *)(void *)next; if (rtm->rtm_version != RTM_VERSION) continue; if ((rtm->rtm_flags & RTF_GATEWAY) == 0 || rtm->rtm_index != ifindex) continue; dst = gw = mask = NULL; sa = (struct sockaddr *)(rtm + 1); for (i = 0; i < RTAX_MAX; i++) { if ((rtm->rtm_addrs & (1 << i)) != 0) { switch (i) { case RTAX_DST: dst = (void *)sa; break; case RTAX_GATEWAY: gw = (void *)sa; break; case RTAX_NETMASK: mask = (void *)sa; break; } } sa = (struct sockaddr *)((char *)sa + SA_SIZE(sa)); } if (dst->sin_addr.s_addr == INADDR_ANY && mask->sin_addr.s_addr == 0) { ret = inet_ntoa(gw->sin_addr); break; } } free(buf); return (ret); } static void check_size(int fd, const char *fn) { int name[] = { CTL_HW, HW_PHYSMEM }; size_t namelen = nitems(name); unsigned long physmem; size_t len; off_t mediasize; int minidump; len = sizeof(minidump); if (sysctlbyname("debug.minidump", &minidump, &len, NULL, 0) == 0 && minidump == 1) return; len = sizeof(physmem); if (sysctl(name, namelen, &physmem, &len, NULL, 0) != 0) err(EX_OSERR, "can't get memory size"); if (ioctl(fd, DIOCGMEDIASIZE, &mediasize) != 0) err(EX_OSERR, "%s: can't get size", fn); if ((uintmax_t)mediasize < (uintmax_t)physmem) { if (verbose) printf("%s is smaller than physical memory\n", fn); exit(EX_IOERR); } } #ifdef HAVE_CRYPTO static void genkey(const char *pubkeyfile, struct diocskerneldump_arg *kdap) { FILE *fp; RSA *pubkey; assert(pubkeyfile != NULL); assert(kdap != NULL); fp = NULL; pubkey = NULL; fp = fopen(pubkeyfile, "r"); if (fp == NULL) err(1, "Unable to open %s", pubkeyfile); if (caph_enter() < 0) err(1, "Unable to enter capability mode"); pubkey = RSA_new(); if (pubkey == NULL) { errx(1, "Unable to allocate an RSA structure: %s", ERR_error_string(ERR_get_error(), NULL)); } pubkey = PEM_read_RSA_PUBKEY(fp, &pubkey, NULL, NULL); fclose(fp); fp = NULL; if (pubkey == NULL) errx(1, "Unable to read data from %s.", pubkeyfile); /* * RSA keys under ~1024 bits are trivially factorable (2018). OpenSSL * provides an API for RSA keys to estimate the symmetric-cipher * "equivalent" bits of security (defined in NIST SP800-57), which as * of this writing equates a 2048-bit RSA key to 112 symmetric cipher * bits. * * Use this API as a seatbelt to avoid suggesting to users that their * privacy is protected by encryption when the key size is insufficient * to prevent compromise via factoring. * * Future work: Sanity check for weak 'e', and sanity check for absence * of 'd' (i.e., the supplied key is a public key rather than a full * keypair). */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (RSA_security_bits(pubkey) < 112) #else if (RSA_size(pubkey) * 8 < 2048) #endif errx(1, "Small RSA keys (you provided: %db) can be " "factored cheaply. Please generate a larger key.", RSA_size(pubkey) * 8); kdap->kda_encryptedkeysize = RSA_size(pubkey); if (kdap->kda_encryptedkeysize > KERNELDUMP_ENCKEY_MAX_SIZE) { errx(1, "Public key has to be at most %db long.", 8 * KERNELDUMP_ENCKEY_MAX_SIZE); } kdap->kda_encryptedkey = calloc(1, kdap->kda_encryptedkeysize); if (kdap->kda_encryptedkey == NULL) err(1, "Unable to allocate encrypted key"); - kdap->kda_encryption = KERNELDUMP_ENC_AES_256_CBC; + /* + * If no cipher was specified, choose a reasonable default. + */ + if (kdap->kda_encryption == KERNELDUMP_ENC_NONE) + kdap->kda_encryption = KERNELDUMP_ENC_CHACHA20; + else if (kdap->kda_encryption == KERNELDUMP_ENC_AES_256_CBC && + kdap->kda_compression != KERNELDUMP_COMP_NONE) + errx(EX_USAGE, "Unpadded AES256-CBC mode cannot be used " + "with compression."); + arc4random_buf(kdap->kda_key, sizeof(kdap->kda_key)); if (RSA_public_encrypt(sizeof(kdap->kda_key), kdap->kda_key, kdap->kda_encryptedkey, pubkey, RSA_PKCS1_PADDING) != (int)kdap->kda_encryptedkeysize) { errx(1, "Unable to encrypt the one-time key."); } RSA_free(pubkey); } #endif static void listdumpdev(void) { static char ip[200]; char dumpdev[PATH_MAX]; struct diocskerneldump_arg ndconf; size_t len; const char *sysctlname = "kern.shutdown.dumpdevname"; int fd; len = sizeof(dumpdev); if (sysctlbyname(sysctlname, &dumpdev, &len, NULL, 0) != 0) { if (errno == ENOMEM) { err(EX_OSERR, "Kernel returned too large of a buffer for '%s'\n", sysctlname); } else { err(EX_OSERR, "Sysctl get '%s'\n", sysctlname); } } if (strlen(dumpdev) == 0) (void)strlcpy(dumpdev, _PATH_DEVNULL, sizeof(dumpdev)); if (verbose) { char *ctx, *dd; unsigned idx; printf("kernel dumps on priority: device\n"); idx = 0; ctx = dumpdev; while ((dd = strsep(&ctx, ",")) != NULL) printf("%u: %s\n", idx++, dd); } else printf("%s\n", dumpdev); /* If netdump is enabled, print the configuration parameters. */ if (verbose) { fd = open(_PATH_NETDUMP, O_RDONLY); if (fd < 0) { if (errno != ENOENT) err(EX_OSERR, "opening %s", _PATH_NETDUMP); return; } if (ioctl(fd, DIOCGKERNELDUMP, &ndconf) != 0) { if (errno != ENXIO) err(EX_OSERR, "ioctl(DIOCGKERNELDUMP)"); (void)close(fd); return; } printf("server address: %s\n", inet_ntop(ndconf.kda_af, &ndconf.kda_server, ip, sizeof(ip))); printf("client address: %s\n", inet_ntop(ndconf.kda_af, &ndconf.kda_client, ip, sizeof(ip))); printf("gateway address: %s\n", inet_ntop(ndconf.kda_af, &ndconf.kda_gateway, ip, sizeof(ip))); (void)close(fd); } } static int opendumpdev(const char *arg, char *dumpdev) { int fd, i; if (strncmp(arg, _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0) strlcpy(dumpdev, arg, PATH_MAX); else { i = snprintf(dumpdev, PATH_MAX, "%s%s", _PATH_DEV, arg); if (i < 0) err(EX_OSERR, "%s", arg); if (i >= PATH_MAX) errc(EX_DATAERR, EINVAL, "%s", arg); } fd = open(dumpdev, O_RDONLY); if (fd < 0) err(EX_OSFILE, "%s", dumpdev); return (fd); } int main(int argc, char *argv[]) { char dumpdev[PATH_MAX]; struct diocskerneldump_arg ndconf, *kdap; struct addrinfo hints, *res; const char *dev, *pubkeyfile, *server, *client, *gateway; - int ch, error, fd; + int ch, error, fd, cipher; bool gzip, list, netdump, zstd, insert, rflag; uint8_t ins_idx; gzip = list = netdump = zstd = insert = rflag = false; kdap = NULL; pubkeyfile = NULL; server = client = gateway = NULL; ins_idx = KDA_APPEND; + cipher = KERNELDUMP_ENC_NONE; - while ((ch = getopt(argc, argv, "c:g:i:k:lrs:vZz")) != -1) + while ((ch = getopt(argc, argv, "C:c:g:i:k:lrs:vZz")) != -1) switch ((char)ch) { + case 'C': + if (strcasecmp(optarg, "chacha") == 0 || + strcasecmp(optarg, "chacha20") == 0) + cipher = KERNELDUMP_ENC_CHACHA20; + else if (strcasecmp(optarg, "aes-cbc") == 0 || + strcasecmp(optarg, "aes256-cbc") == 0) + cipher = KERNELDUMP_ENC_AES_256_CBC; + else + errx(EX_USAGE, "Unrecognized cipher algorithm " + "'%s'", optarg); + break; case 'c': client = optarg; break; case 'g': gateway = optarg; break; case 'i': { int i; i = atoi(optarg); if (i < 0 || i >= KDA_APPEND - 1) errx(EX_USAGE, "-i index must be between zero and %d.", (int)KDA_APPEND - 2); insert = true; ins_idx = i; } break; case 'k': pubkeyfile = optarg; break; case 'l': list = true; break; case 'r': rflag = true; break; case 's': server = optarg; break; case 'v': verbose = 1; break; case 'Z': zstd = true; break; case 'z': gzip = true; break; default: usage(); } if (gzip && zstd) errx(EX_USAGE, "The -z and -Z options are mutually exclusive."); if (insert && rflag) errx(EX_USAGE, "The -i and -r options are mutually exclusive."); argc -= optind; argv += optind; if (list) { listdumpdev(); exit(EX_OK); } if (argc != 1) usage(); -#ifndef HAVE_CRYPTO +#ifdef HAVE_CRYPTO + if (cipher != KERNELDUMP_ENC_NONE && pubkeyfile == NULL) + errx(EX_USAGE, "-C option requires a public key file."); +#else if (pubkeyfile != NULL) errx(EX_UNAVAILABLE,"Unable to use the public key." " Recompile dumpon with OpenSSL support."); #endif if (server != NULL && client != NULL) { dev = _PATH_NETDUMP; netdump = true; } else if (server == NULL && client == NULL && argc > 0) { if (strcmp(argv[0], "off") == 0) { rflag = true; dev = _PATH_DEVNULL; } else dev = argv[0]; netdump = false; } else usage(); fd = opendumpdev(dev, dumpdev); if (!netdump && !gzip && !rflag) check_size(fd, dumpdev); kdap = &ndconf; bzero(kdap, sizeof(*kdap)); if (rflag) kdap->kda_index = KDA_REMOVE; else kdap->kda_index = ins_idx; kdap->kda_compression = KERNELDUMP_COMP_NONE; if (zstd) kdap->kda_compression = KERNELDUMP_COMP_ZSTD; else if (gzip) kdap->kda_compression = KERNELDUMP_COMP_GZIP; if (netdump) { memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; hints.ai_protocol = IPPROTO_UDP; res = NULL; error = getaddrinfo(server, NULL, &hints, &res); if (error != 0) err(1, "%s", gai_strerror(error)); if (res == NULL) errx(1, "failed to resolve '%s'", server); server = inet_ntoa( ((struct sockaddr_in *)(void *)res->ai_addr)->sin_addr); freeaddrinfo(res); if (strlcpy(ndconf.kda_iface, argv[0], sizeof(ndconf.kda_iface)) >= sizeof(ndconf.kda_iface)) errx(EX_USAGE, "invalid interface name '%s'", argv[0]); if (inet_aton(server, &ndconf.kda_server.in4) == 0) errx(EX_USAGE, "invalid server address '%s'", server); if (inet_aton(client, &ndconf.kda_client.in4) == 0) errx(EX_USAGE, "invalid client address '%s'", client); if (gateway == NULL) { gateway = find_gateway(argv[0]); if (gateway == NULL) { if (verbose) printf( "failed to look up gateway for %s\n", server); gateway = server; } } if (inet_aton(gateway, &ndconf.kda_gateway.in4) == 0) errx(EX_USAGE, "invalid gateway address '%s'", gateway); ndconf.kda_af = AF_INET; } #ifdef HAVE_CRYPTO - if (pubkeyfile != NULL) + if (pubkeyfile != NULL) { + kdap->kda_encryption = cipher; genkey(pubkeyfile, kdap); + } #endif error = ioctl(fd, DIOCSKERNELDUMP, kdap); if (error != 0) error = errno; explicit_bzero(kdap->kda_encryptedkey, kdap->kda_encryptedkeysize); free(kdap->kda_encryptedkey); explicit_bzero(kdap, sizeof(*kdap)); if (error != 0) { if (netdump) { /* * Be slightly less user-hostile for some common * errors, especially as users don't have any great * discoverability into which NICs support netdump. */ if (error == ENXIO) errx(EX_OSERR, "Unable to configure netdump " "because the interface's link is down."); else if (error == ENODEV) errx(EX_OSERR, "Unable to configure netdump " "because the interface driver does not yet " "support netdump."); } errc(EX_OSERR, error, "ioctl(DIOCSKERNELDUMP)"); } if (verbose) listdumpdev(); exit(EX_OK); } Index: head/sys/kern/kern_shutdown.c =================================================================== --- head/sys/kern/kern_shutdown.c (revision 348196) +++ head/sys/kern/kern_shutdown.c (revision 348197) @@ -1,1717 +1,1736 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1986, 1988, 1991, 1993 * The Regents of the University of California. All rights reserved. * (c) UNIX System Laboratories, Inc. * All or some portions of this file are derived from material licensed * to the University of California by American Telephone and Telegraph * Co. or Unix System Laboratories, Inc. and are reproduced herein with * the permission of UNIX System Laboratories, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 */ #include __FBSDID("$FreeBSD$"); #include "opt_ddb.h" #include "opt_ekcd.h" #include "opt_kdb.h" #include "opt_panic.h" #include "opt_printf.h" #include "opt_sched.h" #include "opt_watchdog.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include +#include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer"); #ifndef PANIC_REBOOT_WAIT_TIME #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ #endif static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, &panic_reboot_wait_time, 0, "Seconds to wait before rebooting after a panic"); /* * Note that stdarg.h and the ANSI style va_start macro is used for both * ANSI and traditional C compilers. */ #include #ifdef KDB #ifdef KDB_UNATTENDED static int debugger_on_panic = 0; #else static int debugger_on_panic = 1; #endif SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, CTLFLAG_RWTUN | CTLFLAG_SECURE, &debugger_on_panic, 0, "Run debugger on kernel panic"); int debugger_on_trap = 0; SYSCTL_INT(_debug, OID_AUTO, debugger_on_trap, CTLFLAG_RWTUN | CTLFLAG_SECURE, &debugger_on_trap, 0, "Run debugger on kernel trap before panic"); #ifdef KDB_TRACE static int trace_on_panic = 1; static bool trace_all_panics = true; #else static int trace_on_panic = 0; static bool trace_all_panics = false; #endif SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, CTLFLAG_RWTUN | CTLFLAG_SECURE, &trace_on_panic, 0, "Print stack trace on kernel panic"); SYSCTL_BOOL(_debug, OID_AUTO, trace_all_panics, CTLFLAG_RWTUN, &trace_all_panics, 0, "Print stack traces on secondary kernel panics"); #endif /* KDB */ static int sync_on_panic = 0; SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, &sync_on_panic, 0, "Do a sync before rebooting from a panic"); static bool poweroff_on_panic = 0; SYSCTL_BOOL(_kern, OID_AUTO, poweroff_on_panic, CTLFLAG_RWTUN, &poweroff_on_panic, 0, "Do a power off instead of a reboot on a panic"); static bool powercycle_on_panic = 0; SYSCTL_BOOL(_kern, OID_AUTO, powercycle_on_panic, CTLFLAG_RWTUN, &powercycle_on_panic, 0, "Do a power cycle instead of a reboot on a panic"); static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, "Shutdown environment"); #ifndef DIAGNOSTIC static int show_busybufs; #else static int show_busybufs = 1; #endif SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, &show_busybufs, 0, ""); int suspend_blocked = 0; SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, &suspend_blocked, 0, "Block suspend due to a pending shutdown"); #ifdef EKCD FEATURE(ekcd, "Encrypted kernel crash dumps support"); MALLOC_DEFINE(M_EKCD, "ekcd", "Encrypted kernel crash dumps data"); struct kerneldumpcrypto { uint8_t kdc_encryption; uint8_t kdc_iv[KERNELDUMP_IV_MAX_SIZE]; - keyInstance kdc_ki; - cipherInstance kdc_ci; + union { + struct { + keyInstance aes_ki; + cipherInstance aes_ci; + } u_aes; + struct chacha_ctx u_chacha; + } u; +#define kdc_ki u.u_aes.aes_ki +#define kdc_ci u.u_aes.aes_ci +#define kdc_chacha u.u_chacha uint32_t kdc_dumpkeysize; struct kerneldumpkey kdc_dumpkey[]; }; #endif struct kerneldumpcomp { uint8_t kdc_format; struct compressor *kdc_stream; uint8_t *kdc_buf; size_t kdc_resid; }; static struct kerneldumpcomp *kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression); static void kerneldumpcomp_destroy(struct dumperinfo *di); static int kerneldumpcomp_write_cb(void *base, size_t len, off_t off, void *arg); static int kerneldump_gzlevel = 6; SYSCTL_INT(_kern, OID_AUTO, kerneldump_gzlevel, CTLFLAG_RWTUN, &kerneldump_gzlevel, 0, "Kernel crash dump compression level"); /* * Variable panicstr contains argument to first call to panic; used as flag * to indicate that the kernel has already called panic. */ const char *panicstr; int dumping; /* system is dumping */ int rebooting; /* system is rebooting */ /* * Used to serialize between sysctl kern.shutdown.dumpdevname and list * modifications via ioctl. */ static struct mtx dumpconf_list_lk; MTX_SYSINIT(dumper_configs, &dumpconf_list_lk, "dumper config list", MTX_DEF); /* Our selected dumper(s). */ static TAILQ_HEAD(dumpconflist, dumperinfo) dumper_configs = TAILQ_HEAD_INITIALIZER(dumper_configs); /* Context information for dump-debuggers. */ static struct pcb dumppcb; /* Registers. */ lwpid_t dumptid; /* Thread ID. */ static struct cdevsw reroot_cdevsw = { .d_version = D_VERSION, .d_name = "reroot", }; static void poweroff_wait(void *, int); static void shutdown_halt(void *junk, int howto); static void shutdown_panic(void *junk, int howto); static void shutdown_reset(void *junk, int howto); static int kern_reroot(void); /* register various local shutdown events */ static void shutdown_conf(void *unused) { EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, SHUTDOWN_PRI_FIRST); EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, SHUTDOWN_PRI_LAST + 100); EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, SHUTDOWN_PRI_LAST + 100); EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, SHUTDOWN_PRI_LAST + 200); } SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); /* * The only reason this exists is to create the /dev/reroot/ directory, * used by reroot code in init(8) as a mountpoint for tmpfs. */ static void reroot_conf(void *unused) { int error; struct cdev *cdev; error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); if (error != 0) { printf("%s: failed to create device node, error %d", __func__, error); } } SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); /* * The system call that results in a reboot. */ /* ARGSUSED */ int sys_reboot(struct thread *td, struct reboot_args *uap) { int error; error = 0; #ifdef MAC error = mac_system_check_reboot(td->td_ucred, uap->opt); #endif if (error == 0) error = priv_check(td, PRIV_REBOOT); if (error == 0) { if (uap->opt & RB_REROOT) error = kern_reroot(); else kern_reboot(uap->opt); } return (error); } static void shutdown_nice_task_fn(void *arg, int pending __unused) { int howto; howto = (uintptr_t)arg; /* Send a signal to init(8) and have it shutdown the world. */ PROC_LOCK(initproc); if (howto & RB_POWEROFF) kern_psignal(initproc, SIGUSR2); else if (howto & RB_POWERCYCLE) kern_psignal(initproc, SIGWINCH); else if (howto & RB_HALT) kern_psignal(initproc, SIGUSR1); else kern_psignal(initproc, SIGINT); PROC_UNLOCK(initproc); } static struct task shutdown_nice_task = TASK_INITIALIZER(0, &shutdown_nice_task_fn, NULL); /* * Called by events that want to shut down.. e.g on a PC */ void shutdown_nice(int howto) { if (initproc != NULL && !SCHEDULER_STOPPED()) { shutdown_nice_task.ta_context = (void *)(uintptr_t)howto; taskqueue_enqueue(taskqueue_fast, &shutdown_nice_task); } else { /* * No init(8) running, or scheduler would not allow it * to run, so simply reboot. */ kern_reboot(howto | RB_NOSYNC); } } static void print_uptime(void) { int f; struct timespec ts; getnanouptime(&ts); printf("Uptime: "); f = 0; if (ts.tv_sec >= 86400) { printf("%ldd", (long)ts.tv_sec / 86400); ts.tv_sec %= 86400; f = 1; } if (f || ts.tv_sec >= 3600) { printf("%ldh", (long)ts.tv_sec / 3600); ts.tv_sec %= 3600; f = 1; } if (f || ts.tv_sec >= 60) { printf("%ldm", (long)ts.tv_sec / 60); ts.tv_sec %= 60; f = 1; } printf("%lds\n", (long)ts.tv_sec); } int doadump(boolean_t textdump) { boolean_t coredump; int error; error = 0; if (dumping) return (EBUSY); if (TAILQ_EMPTY(&dumper_configs)) return (ENXIO); savectx(&dumppcb); dumptid = curthread->td_tid; dumping++; coredump = TRUE; #ifdef DDB if (textdump && textdump_pending) { coredump = FALSE; textdump_dumpsys(TAILQ_FIRST(&dumper_configs)); } #endif if (coredump) { struct dumperinfo *di; TAILQ_FOREACH(di, &dumper_configs, di_next) { error = dumpsys(di); if (error == 0) break; } } dumping--; return (error); } /* * Shutdown the system cleanly to prepare for reboot, halt, or power off. */ void kern_reboot(int howto) { static int once = 0; /* * Normal paths here don't hold Giant, but we can wind up here * unexpectedly with it held. Drop it now so we don't have to * drop and pick it up elsewhere. The paths it is locking will * never be returned to, and it is preferable to preclude * deadlock than to lock against code that won't ever * continue. */ while (mtx_owned(&Giant)) mtx_unlock(&Giant); #if defined(SMP) /* * Bind us to the first CPU so that all shutdown code runs there. Some * systems don't shutdown properly (i.e., ACPI power off) if we * run on another processor. */ if (!SCHEDULER_STOPPED()) { thread_lock(curthread); sched_bind(curthread, CPU_FIRST()); thread_unlock(curthread); KASSERT(PCPU_GET(cpuid) == CPU_FIRST(), ("boot: not running on cpu 0")); } #endif /* We're in the process of rebooting. */ rebooting = 1; /* We are out of the debugger now. */ kdb_active = 0; /* * Do any callouts that should be done BEFORE syncing the filesystems. */ EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); /* * Now sync filesystems */ if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { once = 1; bufshutdown(show_busybufs); } print_uptime(); cngrab(); /* * Ok, now do things that assume all filesystem activity has * been completed. */ EVENTHANDLER_INVOKE(shutdown_post_sync, howto); if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) doadump(TRUE); /* Now that we're going to really halt the system... */ EVENTHANDLER_INVOKE(shutdown_final, howto); for(;;) ; /* safety against shutdown_reset not working */ /* NOTREACHED */ } /* * The system call that results in changing the rootfs. */ static int kern_reroot(void) { struct vnode *oldrootvnode, *vp; struct mount *mp, *devmp; int error; if (curproc != initproc) return (EPERM); /* * Mark the filesystem containing currently-running executable * (the temporary copy of init(8)) busy. */ vp = curproc->p_textvp; error = vn_lock(vp, LK_SHARED); if (error != 0) return (error); mp = vp->v_mount; error = vfs_busy(mp, MBF_NOWAIT); if (error != 0) { vfs_ref(mp); VOP_UNLOCK(vp, 0); error = vfs_busy(mp, 0); vn_lock(vp, LK_SHARED | LK_RETRY); vfs_rel(mp); if (error != 0) { VOP_UNLOCK(vp, 0); return (ENOENT); } if (vp->v_iflag & VI_DOOMED) { VOP_UNLOCK(vp, 0); vfs_unbusy(mp); return (ENOENT); } } VOP_UNLOCK(vp, 0); /* * Remove the filesystem containing currently-running executable * from the mount list, to prevent it from being unmounted * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). * * Also preserve /dev - forcibly unmounting it could cause driver * reinitialization. */ vfs_ref(rootdevmp); devmp = rootdevmp; rootdevmp = NULL; mtx_lock(&mountlist_mtx); TAILQ_REMOVE(&mountlist, mp, mnt_list); TAILQ_REMOVE(&mountlist, devmp, mnt_list); mtx_unlock(&mountlist_mtx); oldrootvnode = rootvnode; /* * Unmount everything except for the two filesystems preserved above. */ vfs_unmountall(); /* * Add /dev back; vfs_mountroot() will move it into its new place. */ mtx_lock(&mountlist_mtx); TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); mtx_unlock(&mountlist_mtx); rootdevmp = devmp; vfs_rel(rootdevmp); /* * Mount the new rootfs. */ vfs_mountroot(); /* * Update all references to the old rootvnode. */ mountcheckdirs(oldrootvnode, rootvnode); /* * Add the temporary filesystem back and unbusy it. */ mtx_lock(&mountlist_mtx); TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); mtx_unlock(&mountlist_mtx); vfs_unbusy(mp); return (0); } /* * If the shutdown was a clean halt, behave accordingly. */ static void shutdown_halt(void *junk, int howto) { if (howto & RB_HALT) { printf("\n"); printf("The operating system has halted.\n"); printf("Please press any key to reboot.\n\n"); switch (cngetc()) { case -1: /* No console, just die */ cpu_halt(); /* NOTREACHED */ default: break; } } } /* * Check to see if the system paniced, pause and then reboot * according to the specified delay. */ static void shutdown_panic(void *junk, int howto) { int loop; if (howto & RB_DUMP) { if (panic_reboot_wait_time != 0) { if (panic_reboot_wait_time != -1) { printf("Automatic reboot in %d seconds - " "press a key on the console to abort\n", panic_reboot_wait_time); for (loop = panic_reboot_wait_time * 10; loop > 0; --loop) { DELAY(1000 * 100); /* 1/10th second */ /* Did user type a key? */ if (cncheckc() != -1) break; } if (!loop) return; } } else { /* zero time specified - reboot NOW */ return; } printf("--> Press a key on the console to reboot,\n"); printf("--> or switch off the system now.\n"); cngetc(); } } /* * Everything done, now reset */ static void shutdown_reset(void *junk, int howto) { printf("Rebooting...\n"); DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ /* * Acquiring smp_ipi_mtx here has a double effect: * - it disables interrupts avoiding CPU0 preemption * by fast handlers (thus deadlocking against other CPUs) * - it avoids deadlocks against smp_rendezvous() or, more * generally, threads busy-waiting, with this spinlock held, * and waiting for responses by threads on other CPUs * (ie. smp_tlb_shootdown()). * * For the !SMP case it just needs to handle the former problem. */ #ifdef SMP mtx_lock_spin(&smp_ipi_mtx); #else spinlock_enter(); #endif /* cpu_boot(howto); */ /* doesn't do anything at the moment */ cpu_reset(); /* NOTREACHED */ /* assuming reset worked */ } #if defined(WITNESS) || defined(INVARIANT_SUPPORT) static int kassert_warn_only = 0; #ifdef KDB static int kassert_do_kdb = 0; #endif #ifdef KTR static int kassert_do_ktr = 0; #endif static int kassert_do_log = 1; static int kassert_log_pps_limit = 4; static int kassert_log_mute_at = 0; static int kassert_log_panic_at = 0; static int kassert_suppress_in_panic = 0; static int kassert_warnings = 0; SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); #ifdef KASSERT_PANIC_OPTIONAL #define KASSERT_RWTUN CTLFLAG_RWTUN #else #define KASSERT_RWTUN CTLFLAG_RDTUN #endif SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, KASSERT_RWTUN, &kassert_warn_only, 0, "KASSERT triggers a panic (0) or just a warning (1)"); #ifdef KDB SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, KASSERT_RWTUN, &kassert_do_kdb, 0, "KASSERT will enter the debugger"); #endif #ifdef KTR SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, KASSERT_RWTUN, &kassert_do_ktr, 0, "KASSERT does a KTR, set this to the KTRMASK you want"); #endif SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, KASSERT_RWTUN, &kassert_do_log, 0, "If warn_only is enabled, log (1) or do not log (0) assertion violations"); SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, KASSERT_RWTUN, &kassert_warnings, 0, "number of KASSERTs that have been triggered"); SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, KASSERT_RWTUN, &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, KASSERT_RWTUN, &kassert_log_pps_limit, 0, "limit number of log messages per second"); SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, KASSERT_RWTUN, &kassert_log_mute_at, 0, "max number of KASSERTS to log"); SYSCTL_INT(_debug_kassert, OID_AUTO, suppress_in_panic, KASSERT_RWTUN, &kassert_suppress_in_panic, 0, "KASSERTs will be suppressed while handling a panic"); #undef KASSERT_RWTUN static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, kassert_sysctl_kassert, "I", "set to trigger a test kassert"); static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) { int error, i; error = sysctl_wire_old_buffer(req, sizeof(int)); if (error == 0) { i = 0; error = sysctl_handle_int(oidp, &i, 0, req); } if (error != 0 || req->newptr == NULL) return (error); KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); return (0); } #ifdef KASSERT_PANIC_OPTIONAL /* * Called by KASSERT, this decides if we will panic * or if we will log via printf and/or ktr. */ void kassert_panic(const char *fmt, ...) { static char buf[256]; va_list ap; va_start(ap, fmt); (void)vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); /* * If we are suppressing secondary panics, log the warning but do not * re-enter panic/kdb. */ if (panicstr != NULL && kassert_suppress_in_panic) { if (kassert_do_log) { printf("KASSERT failed: %s\n", buf); #ifdef KDB if (trace_all_panics && trace_on_panic) kdb_backtrace(); #endif } return; } /* * panic if we're not just warning, or if we've exceeded * kassert_log_panic_at warnings. */ if (!kassert_warn_only || (kassert_log_panic_at > 0 && kassert_warnings >= kassert_log_panic_at)) { va_start(ap, fmt); vpanic(fmt, ap); /* NORETURN */ } #ifdef KTR if (kassert_do_ktr) CTR0(ktr_mask, buf); #endif /* KTR */ /* * log if we've not yet met the mute limit. */ if (kassert_do_log && (kassert_log_mute_at == 0 || kassert_warnings < kassert_log_mute_at)) { static struct timeval lasterr; static int curerr; if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { printf("KASSERT failed: %s\n", buf); kdb_backtrace(); } } #ifdef KDB if (kassert_do_kdb) { kdb_enter(KDB_WHY_KASSERT, buf); } #endif atomic_add_int(&kassert_warnings, 1); } #endif /* KASSERT_PANIC_OPTIONAL */ #endif /* * Panic is called on unresolvable fatal errors. It prints "panic: mesg", * and then reboots. If we are called twice, then we avoid trying to sync * the disks as this often leads to recursive panics. */ void panic(const char *fmt, ...) { va_list ap; va_start(ap, fmt); vpanic(fmt, ap); } void vpanic(const char *fmt, va_list ap) { #ifdef SMP cpuset_t other_cpus; #endif struct thread *td = curthread; int bootopt, newpanic; static char buf[256]; spinlock_enter(); #ifdef SMP /* * stop_cpus_hard(other_cpus) should prevent multiple CPUs from * concurrently entering panic. Only the winner will proceed * further. */ if (panicstr == NULL && !kdb_active) { other_cpus = all_cpus; CPU_CLR(PCPU_GET(cpuid), &other_cpus); stop_cpus_hard(other_cpus); } #endif /* * Ensure that the scheduler is stopped while panicking, even if panic * has been entered from kdb. */ td->td_stopsched = 1; bootopt = RB_AUTOBOOT; newpanic = 0; if (panicstr) bootopt |= RB_NOSYNC; else { bootopt |= RB_DUMP; panicstr = fmt; newpanic = 1; } if (newpanic) { (void)vsnprintf(buf, sizeof(buf), fmt, ap); panicstr = buf; cngrab(); printf("panic: %s\n", buf); } else { printf("panic: "); vprintf(fmt, ap); printf("\n"); } #ifdef SMP printf("cpuid = %d\n", PCPU_GET(cpuid)); #endif printf("time = %jd\n", (intmax_t )time_second); #ifdef KDB if ((newpanic || trace_all_panics) && trace_on_panic) kdb_backtrace(); if (debugger_on_panic) kdb_enter(KDB_WHY_PANIC, "panic"); #endif /*thread_lock(td); */ td->td_flags |= TDF_INPANIC; /* thread_unlock(td); */ if (!sync_on_panic) bootopt |= RB_NOSYNC; if (poweroff_on_panic) bootopt |= RB_POWEROFF; if (powercycle_on_panic) bootopt |= RB_POWERCYCLE; kern_reboot(bootopt); } /* * Support for poweroff delay. * * Please note that setting this delay too short might power off your machine * before the write cache on your hard disk has been flushed, leading to * soft-updates inconsistencies. */ #ifndef POWEROFF_DELAY # define POWEROFF_DELAY 5000 #endif static int poweroff_delay = POWEROFF_DELAY; SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); static void poweroff_wait(void *junk, int howto) { if ((howto & (RB_POWEROFF | RB_POWERCYCLE)) == 0 || poweroff_delay <= 0) return; DELAY(poweroff_delay * 1000); } /* * Some system processes (e.g. syncer) need to be stopped at appropriate * points in their main loops prior to a system shutdown, so that they * won't interfere with the shutdown process (e.g. by holding a disk buf * to cause sync to fail). For each of these system processes, register * shutdown_kproc() as a handler for one of shutdown events. */ static int kproc_shutdown_wait = 60; SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); void kproc_shutdown(void *arg, int howto) { struct proc *p; int error; if (panicstr) return; p = (struct proc *)arg; printf("Waiting (max %d seconds) for system process `%s' to stop... ", kproc_shutdown_wait, p->p_comm); error = kproc_suspend(p, kproc_shutdown_wait * hz); if (error == EWOULDBLOCK) printf("timed out\n"); else printf("done\n"); } void kthread_shutdown(void *arg, int howto) { struct thread *td; int error; if (panicstr) return; td = (struct thread *)arg; printf("Waiting (max %d seconds) for system thread `%s' to stop... ", kproc_shutdown_wait, td->td_name); error = kthread_suspend(td, kproc_shutdown_wait * hz); if (error == EWOULDBLOCK) printf("timed out\n"); else printf("done\n"); } static int dumpdevname_sysctl_handler(SYSCTL_HANDLER_ARGS) { char buf[256]; struct dumperinfo *di; struct sbuf sb; int error; error = sysctl_wire_old_buffer(req, 0); if (error != 0) return (error); sbuf_new_for_sysctl(&sb, buf, sizeof(buf), req); mtx_lock(&dumpconf_list_lk); TAILQ_FOREACH(di, &dumper_configs, di_next) { if (di != TAILQ_FIRST(&dumper_configs)) sbuf_putc(&sb, ','); sbuf_cat(&sb, di->di_devname); } mtx_unlock(&dumpconf_list_lk); error = sbuf_finish(&sb); sbuf_delete(&sb); return (error); } SYSCTL_PROC(_kern_shutdown, OID_AUTO, dumpdevname, CTLTYPE_STRING | CTLFLAG_RD, &dumper_configs, 0, dumpdevname_sysctl_handler, "A", "Device(s) for kernel dumps"); static int _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, size_t length); #ifdef EKCD static struct kerneldumpcrypto * kerneldumpcrypto_create(size_t blocksize, uint8_t encryption, const uint8_t *key, uint32_t encryptedkeysize, const uint8_t *encryptedkey) { struct kerneldumpcrypto *kdc; struct kerneldumpkey *kdk; uint32_t dumpkeysize; dumpkeysize = roundup2(sizeof(*kdk) + encryptedkeysize, blocksize); kdc = malloc(sizeof(*kdc) + dumpkeysize, M_EKCD, M_WAITOK | M_ZERO); arc4rand(kdc->kdc_iv, sizeof(kdc->kdc_iv), 0); kdc->kdc_encryption = encryption; switch (kdc->kdc_encryption) { case KERNELDUMP_ENC_AES_256_CBC: if (rijndael_makeKey(&kdc->kdc_ki, DIR_ENCRYPT, 256, key) <= 0) goto failed; break; + case KERNELDUMP_ENC_CHACHA20: + chacha_keysetup(&kdc->kdc_chacha, key, 256); + break; default: goto failed; } kdc->kdc_dumpkeysize = dumpkeysize; kdk = kdc->kdc_dumpkey; kdk->kdk_encryption = kdc->kdc_encryption; memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); kdk->kdk_encryptedkeysize = htod32(encryptedkeysize); memcpy(kdk->kdk_encryptedkey, encryptedkey, encryptedkeysize); return (kdc); failed: explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize); free(kdc, M_EKCD); return (NULL); } static int kerneldumpcrypto_init(struct kerneldumpcrypto *kdc) { uint8_t hash[SHA256_DIGEST_LENGTH]; SHA256_CTX ctx; struct kerneldumpkey *kdk; int error; error = 0; if (kdc == NULL) return (0); /* * When a user enters ddb it can write a crash dump multiple times. * Each time it should be encrypted using a different IV. */ SHA256_Init(&ctx); SHA256_Update(&ctx, kdc->kdc_iv, sizeof(kdc->kdc_iv)); SHA256_Final(hash, &ctx); bcopy(hash, kdc->kdc_iv, sizeof(kdc->kdc_iv)); switch (kdc->kdc_encryption) { case KERNELDUMP_ENC_AES_256_CBC: if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, kdc->kdc_iv) <= 0) { error = EINVAL; goto out; } break; + case KERNELDUMP_ENC_CHACHA20: + chacha_ivsetup(&kdc->kdc_chacha, kdc->kdc_iv, NULL); + break; default: error = EINVAL; goto out; } kdk = kdc->kdc_dumpkey; memcpy(kdk->kdk_iv, kdc->kdc_iv, sizeof(kdk->kdk_iv)); out: explicit_bzero(hash, sizeof(hash)); return (error); } static uint32_t kerneldumpcrypto_dumpkeysize(const struct kerneldumpcrypto *kdc) { if (kdc == NULL) return (0); return (kdc->kdc_dumpkeysize); } #endif /* EKCD */ static struct kerneldumpcomp * kerneldumpcomp_create(struct dumperinfo *di, uint8_t compression) { struct kerneldumpcomp *kdcomp; int format; switch (compression) { case KERNELDUMP_COMP_GZIP: format = COMPRESS_GZIP; break; case KERNELDUMP_COMP_ZSTD: format = COMPRESS_ZSTD; break; default: return (NULL); } kdcomp = malloc(sizeof(*kdcomp), M_DUMPER, M_WAITOK | M_ZERO); kdcomp->kdc_format = compression; kdcomp->kdc_stream = compressor_init(kerneldumpcomp_write_cb, format, di->maxiosize, kerneldump_gzlevel, di); if (kdcomp->kdc_stream == NULL) { free(kdcomp, M_DUMPER); return (NULL); } kdcomp->kdc_buf = malloc(di->maxiosize, M_DUMPER, M_WAITOK | M_NODUMP); return (kdcomp); } static void kerneldumpcomp_destroy(struct dumperinfo *di) { struct kerneldumpcomp *kdcomp; kdcomp = di->kdcomp; if (kdcomp == NULL) return; compressor_fini(kdcomp->kdc_stream); explicit_bzero(kdcomp->kdc_buf, di->maxiosize); free(kdcomp->kdc_buf, M_DUMPER); free(kdcomp, M_DUMPER); } /* * Must not be present on global list. */ static void free_single_dumper(struct dumperinfo *di) { if (di == NULL) return; if (di->blockbuf != NULL) { explicit_bzero(di->blockbuf, di->blocksize); free(di->blockbuf, M_DUMPER); } kerneldumpcomp_destroy(di); #ifdef EKCD if (di->kdcrypto != NULL) { explicit_bzero(di->kdcrypto, sizeof(*di->kdcrypto) + di->kdcrypto->kdc_dumpkeysize); free(di->kdcrypto, M_EKCD); } #endif explicit_bzero(di, sizeof(*di)); free(di, M_DUMPER); } /* Registration of dumpers */ int dumper_insert(const struct dumperinfo *di_template, const char *devname, const struct diocskerneldump_arg *kda) { struct dumperinfo *newdi, *listdi; bool inserted; uint8_t index; int error; index = kda->kda_index; MPASS(index != KDA_REMOVE && index != KDA_REMOVE_DEV && index != KDA_REMOVE_ALL); error = priv_check(curthread, PRIV_SETDUMPER); if (error != 0) return (error); newdi = malloc(sizeof(*newdi) + strlen(devname) + 1, M_DUMPER, M_WAITOK | M_ZERO); memcpy(newdi, di_template, sizeof(*newdi)); newdi->blockbuf = NULL; newdi->kdcrypto = NULL; newdi->kdcomp = NULL; strcpy(newdi->di_devname, devname); if (kda->kda_encryption != KERNELDUMP_ENC_NONE) { #ifdef EKCD newdi->kdcrypto = kerneldumpcrypto_create(di_template->blocksize, kda->kda_encryption, kda->kda_key, kda->kda_encryptedkeysize, kda->kda_encryptedkey); if (newdi->kdcrypto == NULL) { error = EINVAL; goto cleanup; } #else error = EOPNOTSUPP; goto cleanup; #endif } if (kda->kda_compression != KERNELDUMP_COMP_NONE) { /* - * We currently can't support simultaneous encryption and - * compression because our only encryption mode is an unpadded - * block cipher, go figure. This is low hanging fruit to fix. + * We can't support simultaneous unpadded block cipher + * encryption and compression because there is no guarantee the + * length of the compressed result is exactly a multiple of the + * cipher block size. */ - if (kda->kda_encryption != KERNELDUMP_ENC_NONE) { + if (kda->kda_encryption == KERNELDUMP_ENC_AES_256_CBC) { error = EOPNOTSUPP; goto cleanup; } newdi->kdcomp = kerneldumpcomp_create(newdi, kda->kda_compression); if (newdi->kdcomp == NULL) { error = EINVAL; goto cleanup; } } newdi->blockbuf = malloc(newdi->blocksize, M_DUMPER, M_WAITOK | M_ZERO); /* Add the new configuration to the queue */ mtx_lock(&dumpconf_list_lk); inserted = false; TAILQ_FOREACH(listdi, &dumper_configs, di_next) { if (index == 0) { TAILQ_INSERT_BEFORE(listdi, newdi, di_next); inserted = true; break; } index--; } if (!inserted) TAILQ_INSERT_TAIL(&dumper_configs, newdi, di_next); mtx_unlock(&dumpconf_list_lk); return (0); cleanup: free_single_dumper(newdi); return (error); } static bool dumper_config_match(const struct dumperinfo *di, const char *devname, const struct diocskerneldump_arg *kda) { if (kda->kda_index == KDA_REMOVE_ALL) return (true); if (strcmp(di->di_devname, devname) != 0) return (false); /* * Allow wildcard removal of configs matching a device on g_dev_orphan. */ if (kda->kda_index == KDA_REMOVE_DEV) return (true); if (di->kdcomp != NULL) { if (di->kdcomp->kdc_format != kda->kda_compression) return (false); } else if (kda->kda_compression != KERNELDUMP_COMP_NONE) return (false); #ifdef EKCD if (di->kdcrypto != NULL) { if (di->kdcrypto->kdc_encryption != kda->kda_encryption) return (false); /* * Do we care to verify keys match to delete? It seems weird * to expect multiple fallback dump configurations on the same * device that only differ in crypto key. */ } else #endif if (kda->kda_encryption != KERNELDUMP_ENC_NONE) return (false); return (true); } int dumper_remove(const char *devname, const struct diocskerneldump_arg *kda) { struct dumperinfo *di, *sdi; bool found; int error; error = priv_check(curthread, PRIV_SETDUMPER); if (error != 0) return (error); /* * Try to find a matching configuration, and kill it. * * NULL 'kda' indicates remove any configuration matching 'devname', * which may remove multiple configurations in atypical configurations. */ found = false; mtx_lock(&dumpconf_list_lk); TAILQ_FOREACH_SAFE(di, &dumper_configs, di_next, sdi) { if (dumper_config_match(di, devname, kda)) { found = true; TAILQ_REMOVE(&dumper_configs, di, di_next); free_single_dumper(di); } } mtx_unlock(&dumpconf_list_lk); /* Only produce ENOENT if a more targeted match didn't match. */ if (!found && kda->kda_index == KDA_REMOVE) return (ENOENT); return (0); } static int dump_check_bounds(struct dumperinfo *di, off_t offset, size_t length) { if (di->mediasize > 0 && length != 0 && (offset < di->mediaoffset || offset - di->mediaoffset + length > di->mediasize)) { if (di->kdcomp != NULL && offset >= di->mediaoffset) { printf( "Compressed dump failed to fit in device boundaries.\n"); return (E2BIG); } printf("Attempt to write outside dump device boundaries.\n" "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", (intmax_t)offset, (intmax_t)di->mediaoffset, (uintmax_t)length, (intmax_t)di->mediasize); return (ENOSPC); } if (length % di->blocksize != 0) { printf("Attempt to write partial block of length %ju.\n", (uintmax_t)length); return (EINVAL); } if (offset % di->blocksize != 0) { printf("Attempt to write at unaligned offset %jd.\n", (intmax_t)offset); return (EINVAL); } return (0); } #ifdef EKCD static int dump_encrypt(struct kerneldumpcrypto *kdc, uint8_t *buf, size_t size) { switch (kdc->kdc_encryption) { case KERNELDUMP_ENC_AES_256_CBC: if (rijndael_blockEncrypt(&kdc->kdc_ci, &kdc->kdc_ki, buf, 8 * size, buf) <= 0) { return (EIO); } if (rijndael_cipherInit(&kdc->kdc_ci, MODE_CBC, buf + size - 16 /* IV size for AES-256-CBC */) <= 0) { return (EIO); } + break; + case KERNELDUMP_ENC_CHACHA20: + chacha_encrypt_bytes(&kdc->kdc_chacha, buf, buf, size); break; default: return (EINVAL); } return (0); } /* Encrypt data and call dumper. */ static int dump_encrypted_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, off_t offset, size_t length) { static uint8_t buf[KERNELDUMP_BUFFER_SIZE]; struct kerneldumpcrypto *kdc; int error; size_t nbytes; kdc = di->kdcrypto; while (length > 0) { nbytes = MIN(length, sizeof(buf)); bcopy(virtual, buf, nbytes); if (dump_encrypt(kdc, buf, nbytes) != 0) return (EIO); error = dump_write(di, buf, physical, offset, nbytes); if (error != 0) return (error); offset += nbytes; virtual = (void *)((uint8_t *)virtual + nbytes); length -= nbytes; } return (0); } #endif /* EKCD */ static int kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg) { struct dumperinfo *di; size_t resid, rlength; int error; di = arg; if (length % di->blocksize != 0) { /* * This must be the final write after flushing the compression * stream. Write as many full blocks as possible and stash the * residual data in the dumper's block buffer. It will be * padded and written in dump_finish(). */ rlength = rounddown(length, di->blocksize); if (rlength != 0) { error = _dump_append(di, base, 0, rlength); if (error != 0) return (error); } resid = length - rlength; memmove(di->blockbuf, (uint8_t *)base + rlength, resid); di->kdcomp->kdc_resid = resid; return (EAGAIN); } return (_dump_append(di, base, 0, length)); } /* * Write kernel dump headers at the beginning and end of the dump extent. * Write the kernel dump encryption key after the leading header if we were * configured to do so. */ static int dump_write_headers(struct dumperinfo *di, struct kerneldumpheader *kdh) { #ifdef EKCD struct kerneldumpcrypto *kdc; #endif void *buf, *key; size_t hdrsz; uint64_t extent; uint32_t keysize; int error; hdrsz = sizeof(*kdh); if (hdrsz > di->blocksize) return (ENOMEM); #ifdef EKCD kdc = di->kdcrypto; key = kdc->kdc_dumpkey; keysize = kerneldumpcrypto_dumpkeysize(kdc); #else key = NULL; keysize = 0; #endif /* * If the dump device has special handling for headers, let it take care * of writing them out. */ if (di->dumper_hdr != NULL) return (di->dumper_hdr(di, kdh, key, keysize)); if (hdrsz == di->blocksize) buf = kdh; else { buf = di->blockbuf; memset(buf, 0, di->blocksize); memcpy(buf, kdh, hdrsz); } extent = dtoh64(kdh->dumpextent); #ifdef EKCD if (kdc != NULL) { error = dump_write(di, kdc->kdc_dumpkey, 0, di->mediaoffset + di->mediasize - di->blocksize - extent - keysize, keysize); if (error != 0) return (error); } #endif error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize - 2 * di->blocksize - extent - keysize, di->blocksize); if (error == 0) error = dump_write(di, buf, 0, di->mediaoffset + di->mediasize - di->blocksize, di->blocksize); return (error); } /* * Don't touch the first SIZEOF_METADATA bytes on the dump device. This is to * protect us from metadata and metadata from us. */ #define SIZEOF_METADATA (64 * 1024) /* * Do some preliminary setup for a kernel dump: initialize state for encryption, * if requested, and make sure that we have enough space on the dump device. * * We set things up so that the dump ends before the last sector of the dump * device, at which the trailing header is written. * * +-----------+------+-----+----------------------------+------+ * | | lhdr | key | ... kernel dump ... | thdr | * +-----------+------+-----+----------------------------+------+ * 1 blk opt <------- dump extent --------> 1 blk * * Dumps written using dump_append() start at the beginning of the extent. * Uncompressed dumps will use the entire extent, but compressed dumps typically * will not. The true length of the dump is recorded in the leading and trailing * headers once the dump has been completed. * * The dump device may provide a callback, in which case it will initialize * dumpoff and take care of laying out the headers. */ int dump_start(struct dumperinfo *di, struct kerneldumpheader *kdh) { uint64_t dumpextent, span; uint32_t keysize; int error; #ifdef EKCD error = kerneldumpcrypto_init(di->kdcrypto); if (error != 0) return (error); keysize = kerneldumpcrypto_dumpkeysize(di->kdcrypto); #else error = 0; keysize = 0; #endif if (di->dumper_start != NULL) { error = di->dumper_start(di); } else { dumpextent = dtoh64(kdh->dumpextent); span = SIZEOF_METADATA + dumpextent + 2 * di->blocksize + keysize; if (di->mediasize < span) { if (di->kdcomp == NULL) return (E2BIG); /* * We don't yet know how much space the compressed dump * will occupy, so try to use the whole swap partition * (minus the first 64KB) in the hope that the * compressed dump will fit. If that doesn't turn out to * be enough, the bounds checking in dump_write() * will catch us and cause the dump to fail. */ dumpextent = di->mediasize - span + dumpextent; kdh->dumpextent = htod64(dumpextent); } /* * The offset at which to begin writing the dump. */ di->dumpoff = di->mediaoffset + di->mediasize - di->blocksize - dumpextent; } di->origdumpoff = di->dumpoff; return (error); } static int _dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, size_t length) { int error; #ifdef EKCD if (di->kdcrypto != NULL) error = dump_encrypted_write(di, virtual, physical, di->dumpoff, length); else #endif error = dump_write(di, virtual, physical, di->dumpoff, length); if (error == 0) di->dumpoff += length; return (error); } /* * Write to the dump device starting at dumpoff. When compression is enabled, * writes to the device will be performed using a callback that gets invoked * when the compression stream's output buffer is full. */ int dump_append(struct dumperinfo *di, void *virtual, vm_offset_t physical, size_t length) { void *buf; if (di->kdcomp != NULL) { /* Bounce through a buffer to avoid CRC errors. */ if (length > di->maxiosize) return (EINVAL); buf = di->kdcomp->kdc_buf; memmove(buf, virtual, length); return (compressor_write(di->kdcomp->kdc_stream, buf, length)); } return (_dump_append(di, virtual, physical, length)); } /* * Write to the dump device at the specified offset. */ int dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, off_t offset, size_t length) { int error; error = dump_check_bounds(di, offset, length); if (error != 0) return (error); return (di->dumper(di->priv, virtual, physical, offset, length)); } /* * Perform kernel dump finalization: flush the compression stream, if necessary, * write the leading and trailing kernel dump headers now that we know the true * length of the dump, and optionally write the encryption key following the * leading header. */ int dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) { int error; if (di->kdcomp != NULL) { error = compressor_flush(di->kdcomp->kdc_stream); if (error == EAGAIN) { /* We have residual data in di->blockbuf. */ error = dump_write(di, di->blockbuf, 0, di->dumpoff, di->blocksize); di->dumpoff += di->kdcomp->kdc_resid; di->kdcomp->kdc_resid = 0; } if (error != 0) return (error); /* * We now know the size of the compressed dump, so update the * header accordingly and recompute parity. */ kdh->dumplength = htod64(di->dumpoff - di->origdumpoff); kdh->parity = 0; kdh->parity = kerneldump_parity(kdh); compressor_reset(di->kdcomp->kdc_stream); } error = dump_write_headers(di, kdh); if (error != 0) return (error); (void)dump_write(di, NULL, 0, 0, 0); return (0); } void dump_init_header(const struct dumperinfo *di, struct kerneldumpheader *kdh, char *magic, uint32_t archver, uint64_t dumplen) { size_t dstsize; bzero(kdh, sizeof(*kdh)); strlcpy(kdh->magic, magic, sizeof(kdh->magic)); strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); kdh->version = htod32(KERNELDUMPVERSION); kdh->architectureversion = htod32(archver); kdh->dumplength = htod64(dumplen); kdh->dumpextent = kdh->dumplength; kdh->dumptime = htod64(time_second); #ifdef EKCD kdh->dumpkeysize = htod32(kerneldumpcrypto_dumpkeysize(di->kdcrypto)); #else kdh->dumpkeysize = 0; #endif kdh->blocksize = htod32(di->blocksize); strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); dstsize = sizeof(kdh->versionstring); if (strlcpy(kdh->versionstring, version, dstsize) >= dstsize) kdh->versionstring[dstsize - 2] = '\n'; if (panicstr != NULL) strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); if (di->kdcomp != NULL) kdh->compression = di->kdcomp->kdc_format; kdh->parity = kerneldump_parity(kdh); } #ifdef DDB DB_SHOW_COMMAND(panic, db_show_panic) { if (panicstr == NULL) db_printf("panicstr not set\n"); else db_printf("panic: %s\n", panicstr); } #endif Index: head/sys/sys/kerneldump.h =================================================================== --- head/sys/sys/kerneldump.h (revision 348196) +++ head/sys/sys/kerneldump.h (revision 348197) @@ -1,157 +1,158 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 2002 Poul-Henning Kamp * Copyright (c) 2002 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by Poul-Henning Kamp * and NAI Labs, the Security Research Division of Network Associates, Inc. * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the * DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The names of the authors may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _SYS_KERNELDUMP_H #define _SYS_KERNELDUMP_H #include #include #include #if BYTE_ORDER == LITTLE_ENDIAN #define dtoh32(x) __bswap32(x) #define dtoh64(x) __bswap64(x) #define htod32(x) __bswap32(x) #define htod64(x) __bswap64(x) #elif BYTE_ORDER == BIG_ENDIAN #define dtoh32(x) (x) #define dtoh64(x) (x) #define htod32(x) (x) #define htod64(x) (x) #endif #define KERNELDUMP_COMP_NONE 0 #define KERNELDUMP_COMP_GZIP 1 #define KERNELDUMP_COMP_ZSTD 2 #define KERNELDUMP_ENC_NONE 0 #define KERNELDUMP_ENC_AES_256_CBC 1 +#define KERNELDUMP_ENC_CHACHA20 2 #define KERNELDUMP_BUFFER_SIZE 4096 #define KERNELDUMP_IV_MAX_SIZE 32 #define KERNELDUMP_KEY_MAX_SIZE 64 #define KERNELDUMP_ENCKEY_MAX_SIZE (16384 / 8) /* * All uintX_t fields are in dump byte order, which is the same as * network byte order. Use the macros defined above to read or * write the fields. */ struct kerneldumpheader { char magic[20]; #define KERNELDUMPMAGIC "FreeBSD Kernel Dump" #define TEXTDUMPMAGIC "FreeBSD Text Dump" #define KERNELDUMPMAGIC_CLEARED "Cleared Kernel Dump" char architecture[12]; uint32_t version; #define KERNELDUMPVERSION 4 #define KERNELDUMP_TEXT_VERSION 4 uint32_t architectureversion; #define KERNELDUMP_AARCH64_VERSION 1 #define KERNELDUMP_AMD64_VERSION 2 #define KERNELDUMP_ARM_VERSION 1 #define KERNELDUMP_I386_VERSION 2 #define KERNELDUMP_MIPS_VERSION 1 #define KERNELDUMP_POWERPC_VERSION 1 #define KERNELDUMP_RISCV_VERSION 1 #define KERNELDUMP_SPARC64_VERSION 1 uint64_t dumplength; /* excl headers */ uint64_t dumptime; uint32_t dumpkeysize; uint32_t blocksize; char hostname[64]; char versionstring[192]; char panicstring[175]; uint8_t compression; uint64_t dumpextent; char unused[4]; uint32_t parity; }; struct kerneldumpkey { uint8_t kdk_encryption; uint8_t kdk_iv[KERNELDUMP_IV_MAX_SIZE]; uint32_t kdk_encryptedkeysize; uint8_t kdk_encryptedkey[]; } __packed; /* * Parity calculation is endian insensitive. */ static __inline u_int32_t kerneldump_parity(struct kerneldumpheader *kdhp) { uint32_t *up, parity; u_int i; up = (uint32_t *)kdhp; parity = 0; for (i = 0; i < sizeof *kdhp; i += sizeof *up) parity ^= *up++; return (parity); } #ifdef _KERNEL struct dump_pa { vm_paddr_t pa_start; vm_paddr_t pa_size; }; int dumpsys_generic(struct dumperinfo *); void dumpsys_map_chunk(vm_paddr_t, size_t, void **); typedef int dumpsys_callback_t(struct dump_pa *, int, void *); int dumpsys_foreach_chunk(dumpsys_callback_t, void *); int dumpsys_cb_dumpdata(struct dump_pa *, int, void *); int dumpsys_buf_seek(struct dumperinfo *, size_t); int dumpsys_buf_write(struct dumperinfo *, char *, size_t); int dumpsys_buf_flush(struct dumperinfo *); void dumpsys_gen_pa_init(void); struct dump_pa *dumpsys_gen_pa_next(struct dump_pa *); void dumpsys_gen_wbinv_all(void); void dumpsys_gen_unmap_chunk(vm_paddr_t, size_t, void *); int dumpsys_gen_write_aux_headers(struct dumperinfo *); extern int do_minidump; #endif #endif /* _SYS_KERNELDUMP_H */