freebsd-src/sbin/savecore/savecore.c

/*-
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Copyright (c) 2002 Poul-Henning Kamp
 * Copyright (c) 2002 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
 * and NAI Labs, the Security Research Division of Network Associates, Inc.
 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
 * DARPA CHATS research program.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The names of the authors may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * Copyright (c) 1986, 1992, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include <sys/param.h>
#include <sys/disk.h>
#include <sys/kerneldump.h>
#include <sys/memrange.h>
#include <sys/mount.h>
#include <sys/stat.h>

#include <capsicum_helpers.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <fstab.h>
#include <paths.h>
#include <signal.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
#include <unistd.h>
#define	Z_SOLO
#include <zlib.h>
#include <zstd.h>

#include <libcasper.h>
#include <casper/cap_fileargs.h>
#include <casper/cap_syslog.h>

#include <libxo/xo.h>

/* The size of the buffer used for I/O. */
#define	BUFFERSIZE	(1024*1024)

#define	STATUS_BAD	0
#define	STATUS_GOOD	1
#define	STATUS_UNKNOWN	2

static cap_channel_t *capsyslog;
static fileargs_t *capfa;
static bool checkfor, compress, uncompress, clear, force, keep;	/* flags */
static bool livecore;	/* flags cont. */
static int verbose;
static int nfound, nsaved, nerr;			/* statistics */
static int maxdumps;
static uint8_t comp_desired;

extern FILE *zdopen(int, const char *);

static sig_atomic_t got_siginfo;
static void infohandler(int);

static void
logmsg(int pri, const char *fmt, ...)
{
	va_list ap;

	va_start(ap, fmt);
	if (capsyslog != NULL)
		cap_vsyslog(capsyslog, pri, fmt, ap);
	else
		vsyslog(pri, fmt, ap);
	va_end(ap);
}

static FILE *
xfopenat(int dirfd, const char *path, int flags, const char *modestr, ...)
{
	va_list ap;
	FILE *fp;
	mode_t mode;
	int error, fd;

	if ((flags & O_CREAT) == O_CREAT) {
		va_start(ap, modestr);
		mode = (mode_t)va_arg(ap, int);
		va_end(ap);
	} else
		mode = 0;

	fd = openat(dirfd, path, flags, mode);
	if (fd < 0)
		return (NULL);
	fp = fdopen(fd, modestr);
	if (fp == NULL) {
		error = errno;
		(void)close(fd);
		errno = error;
	}
	return (fp);
}

static void
printheader(xo_handle_t *xo, const struct kerneldumpheader *h,
    const char *device, int bounds, const int status)
{
	uint64_t dumplen;
	time_t t;
	struct tm tm;
	char time_str[64];
	const char *stat_str;
	const char *comp_str;

	xo_flush_h(xo);
	xo_emit_h(xo, "{Lwc:Dump header from device}{:dump_device/%s}\n",
	    device);
	xo_emit_h(xo, "{P:  }{Lwc:Architecture}{:architecture/%s}\n",
	    h->architecture);
	xo_emit_h(xo,
	    "{P:  }{Lwc:Architecture Version}{:architecture_version/%u}\n",
	    dtoh32(h->architectureversion));
	dumplen = dtoh64(h->dumplength);
	xo_emit_h(xo, "{P:  }{Lwc:Dump Length}{:dump_length_bytes/%lld}\n",
	    (long long)dumplen);
	xo_emit_h(xo, "{P:  }{Lwc:Blocksize}{:blocksize/%d}\n",
	    dtoh32(h->blocksize));
	switch (h->compression) {
	case KERNELDUMP_COMP_NONE:
		comp_str = "none";
		break;
	case KERNELDUMP_COMP_GZIP:
		comp_str = "gzip";
		break;
	case KERNELDUMP_COMP_ZSTD:
		comp_str = "zstd";
		break;
	default:
		comp_str = "???";
		break;
	}
	xo_emit_h(xo, "{P:  }{Lwc:Compression}{:compression/%s}\n", comp_str);
	t = dtoh64(h->dumptime);
	localtime_r(&t, &tm);
	if (strftime(time_str, sizeof(time_str), "%F %T %z", &tm) == 0)
		time_str[0] = '\0';
	xo_emit_h(xo, "{P:  }{Lwc:Dumptime}{:dumptime/%s}\n", time_str);
	xo_emit_h(xo, "{P:  }{Lwc:Hostname}{:hostname/%s}\n", h->hostname);
	xo_emit_h(xo, "{P:  }{Lwc:Magic}{:magic/%s}\n", h->magic);
	xo_emit_h(xo, "{P:  }{Lwc:Version String}{:version_string/%s}",
	    h->versionstring);
	xo_emit_h(xo, "{P:  }{Lwc:Panic String}{:panic_string/%s}\n",
	    h->panicstring);
	xo_emit_h(xo, "{P:  }{Lwc:Dump Parity}{:dump_parity/%u}\n", h->parity);
	xo_emit_h(xo, "{P:  }{Lwc:Bounds}{:bounds/%d}\n", bounds);

	switch (status) {
	case STATUS_BAD:
		stat_str = "bad";
		break;
	case STATUS_GOOD:
		stat_str = "good";
		break;
	default:
		stat_str = "unknown";
		break;
	}
	xo_emit_h(xo, "{P:  }{Lwc:Dump Status}{:dump_status/%s}\n", stat_str);
	xo_flush_h(xo);
}

static int
getbounds(int savedirfd)
{
	FILE *fp;
	char buf[6];
	int ret;

	/*
	 * If we are just checking, then we haven't done a chdir to the dump
	 * directory and we should not try to read a bounds file.
	 */
	if (checkfor)
		return (0);

	ret = 0;

	if ((fp = xfopenat(savedirfd, "bounds", O_RDONLY, "r")) == NULL) {
		if (verbose)
			printf("unable to open bounds file, using 0\n");
		return (ret);
	}
	if (fgets(buf, sizeof(buf), fp) == NULL) {
		if (feof(fp))
			logmsg(LOG_WARNING, "bounds file is empty, using 0");
		else
			logmsg(LOG_WARNING, "bounds file: %s", strerror(errno));
		fclose(fp);
		return (ret);
	}

	errno = 0;
	ret = (int)strtol(buf, NULL, 10);
	if (ret == 0 && (errno == EINVAL || errno == ERANGE))
		logmsg(LOG_WARNING, "invalid value found in bounds, using 0");
	if (maxdumps > 0 && ret == maxdumps)
		ret = 0;
	fclose(fp);
	return (ret);
}

static void
writebounds(int savedirfd, int bounds)
{
	FILE *fp;

	if ((fp = xfopenat(savedirfd, "bounds", O_WRONLY | O_CREAT | O_TRUNC,
	    "w", 0644)) == NULL) {
		logmsg(LOG_WARNING, "unable to write to bounds file: %m");
		return;
	}

	if (verbose)
		printf("bounds number: %d\n", bounds);

	fprintf(fp, "%d\n", bounds);
	fclose(fp);
}

static bool
writekey(int savedirfd, const char *keyname, uint8_t *dumpkey,
    uint32_t dumpkeysize)
{
	int fd;

	fd = openat(savedirfd, keyname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
	if (fd == -1) {
		logmsg(LOG_ERR, "Unable to open %s to write the key: %m.",
		    keyname);
		return (false);
	}

	if (write(fd, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
		logmsg(LOG_ERR, "Unable to write the key to %s: %m.", keyname);
		close(fd);
		return (false);
	}

	close(fd);
	return (true);
}

static int
write_header_info(xo_handle_t *xostdout, const struct kerneldumpheader *kdh,
    int savedirfd, const char *infoname, const char *device, int bounds,
    int status)
{
	xo_handle_t *xoinfo;
	FILE *info;

	/*
	 * Create or overwrite any existing dump header files.
	 */
	if ((info = xfopenat(savedirfd, infoname,
	    O_WRONLY | O_CREAT | O_TRUNC, "w", 0600)) == NULL) {
		logmsg(LOG_ERR, "open(%s): %m", infoname);
		return (-1);
	}

	xoinfo = xo_create_to_file(info, xo_get_style(NULL), 0);
	if (xoinfo == NULL) {
		logmsg(LOG_ERR, "%s: %m", infoname);
		fclose(info);
		return (-1);
	}
	xo_open_container_h(xoinfo, "crashdump");

	if (verbose)
		printheader(xostdout, kdh, device, bounds, status);

	printheader(xoinfo, kdh, device, bounds, status);
	xo_close_container_h(xoinfo, "crashdump");
	xo_flush_h(xoinfo);
	if (xo_finish_h(xoinfo) < 0)
		xo_err(EXIT_FAILURE, "stdout");
	fclose(info);

	return (0);
}

static off_t
file_size(int savedirfd, const char *path)
{
	struct stat sb;

	/* Ignore all errors, this file may not exist. */
	if (fstatat(savedirfd, path, &sb, 0) == -1)
		return (0);
	return (sb.st_size);
}

static off_t
saved_dump_size(int savedirfd, int bounds)
{
	char path[32];
	off_t dumpsize;

	dumpsize = 0;

	(void)snprintf(path, sizeof(path), "info.%d", bounds);
	dumpsize += file_size(savedirfd, path);
	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
	dumpsize += file_size(savedirfd, path);
	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
	dumpsize += file_size(savedirfd, path);
	(void)snprintf(path, sizeof(path), "vmcore.%d.zst", bounds);
	dumpsize += file_size(savedirfd, path);
	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
	dumpsize += file_size(savedirfd, path);
	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
	dumpsize += file_size(savedirfd, path);

	return (dumpsize);
}

static void
saved_dump_remove(int savedirfd, int bounds)
{
	char path[32];

	(void)snprintf(path, sizeof(path), "info.%d", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "vmcore.%d", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "vmcore.%d.gz", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "vmcore.%d.zst", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "textdump.tar.%d", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "textdump.tar.%d.gz", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "livecore.%d", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "livecore.%d.gz", bounds);
	(void)unlinkat(savedirfd, path, 0);
	(void)snprintf(path, sizeof(path), "livecore.%d.zst", bounds);
	(void)unlinkat(savedirfd, path, 0);
}

static void
symlinks_remove(int savedirfd)
{

	(void)unlinkat(savedirfd, "info.last", 0);
	(void)unlinkat(savedirfd, "key.last", 0);
	(void)unlinkat(savedirfd, "vmcore.last", 0);
	(void)unlinkat(savedirfd, "vmcore.last.gz", 0);
	(void)unlinkat(savedirfd, "vmcore.last.zst", 0);
	(void)unlinkat(savedirfd, "vmcore_encrypted.last", 0);
	(void)unlinkat(savedirfd, "vmcore_encrypted.last.gz", 0);
	(void)unlinkat(savedirfd, "textdump.tar.last", 0);
	(void)unlinkat(savedirfd, "textdump.tar.last.gz", 0);
	(void)unlinkat(savedirfd, "livecore.last", 0);
	(void)unlinkat(savedirfd, "livecore.last.gz", 0);
	(void)unlinkat(savedirfd, "livecore.last.zst", 0);
}

/*
 * Check that sufficient space is available on the disk that holds the
 * save directory.
 */
static int
check_space(const char *savedir, int savedirfd, off_t dumpsize, int bounds)
{
	char buf[100];
	struct statfs fsbuf;
	FILE *fp;
	off_t available, minfree, spacefree, totfree, needed;

	if (fstatfs(savedirfd, &fsbuf) < 0) {
		logmsg(LOG_ERR, "%s: %m", savedir);
		exit(EXIT_FAILURE);
	}
	spacefree = ((off_t) fsbuf.f_bavail * fsbuf.f_bsize) / 1024;
	totfree = ((off_t) fsbuf.f_bfree * fsbuf.f_bsize) / 1024;

	if ((fp = xfopenat(savedirfd, "minfree", O_RDONLY, "r")) == NULL)
		minfree = 0;
	else {
		if (fgets(buf, sizeof(buf), fp) == NULL)
			minfree = 0;
		else {
			char *endp;

			errno = 0;
			minfree = strtoll(buf, &endp, 10);
			if (minfree == 0 && errno != 0)
				minfree = -1;
			else {
				while (*endp != '\0' && isspace(*endp))
					endp++;
				if (*endp != '\0' || minfree < 0)
					minfree = -1;
			}
			if (minfree < 0)
				logmsg(LOG_WARNING,
				    "`minfree` didn't contain a valid size "
				    "(`%s`). Defaulting to 0", buf);
		}
		(void)fclose(fp);
	}

	available = minfree > 0 ? spacefree - minfree : totfree;
	needed = dumpsize / 1024 + 2;	/* 2 for info file */
	needed -= saved_dump_size(savedirfd, bounds);
	if (available < needed) {
		logmsg(LOG_WARNING,
		    "no dump: not enough free space on device (need at least "
		    "%jdkB for dump; %jdkB available; %jdkB reserved)",
		    (intmax_t)needed,
		    (intmax_t)available + minfree,
		    (intmax_t)minfree);
		return (0);
	}
	if (spacefree - needed < 0)
		logmsg(LOG_WARNING,
		    "dump performed, but free space threshold crossed");
	return (1);
}

static bool
compare_magic(const struct kerneldumpheader *kdh, const char *magic)
{

	return (strncmp(kdh->magic, magic, sizeof(kdh->magic)) == 0);
}

#define BLOCKSIZE (1<<12)
#define BLOCKMASK (~(BLOCKSIZE-1))

static size_t
sparsefwrite(const char *buf, size_t nr, FILE *fp)
{
	size_t nw, he, hs;

	for (nw = 0; nw < nr; nw = he) {
		/* find a contiguous block of zeroes */
		for (hs = nw; hs < nr; hs += BLOCKSIZE) {
			for (he = hs; he < nr && buf[he] == 0; ++he)
				/* nothing */ ;
			/* is the hole long enough to matter? */
			if (he >= hs + BLOCKSIZE)
				break;
		}

		/* back down to a block boundary */
		he &= BLOCKMASK;

		/*
		 * 1) Don't go beyond the end of the buffer.
		 * 2) If the end of the buffer is less than
		 *    BLOCKSIZE bytes away, we're at the end
		 *    of the file, so just grab what's left.
		 */
		if (hs + BLOCKSIZE > nr)
			hs = he = nr;

		/*
		 * At this point, we have a partial ordering:
		 *     nw <= hs <= he <= nr
		 * If hs > nw, buf[nw..hs] contains non-zero
		 * data. If he > hs, buf[hs..he] is all zeroes.
		 */
		if (hs > nw)
			if (fwrite(buf + nw, hs - nw, 1, fp) != 1)
				break;
		if (he > hs)
			if (fseeko(fp, he - hs, SEEK_CUR) == -1)
				break;
	}

	return (nw);
}

static char *zbuf;
static size_t zbufsize;

static ssize_t
GunzipWrite(z_stream *z, char *in, size_t insize, FILE *fp)
{
	static bool firstblock = true;		/* XXX not re-entrable/usable */
	const size_t hdrlen = 10;
	size_t nw = 0, w;
	int rv;

	z->next_in = in;
	z->avail_in = insize;
	/*
	 * Since contrib/zlib for some reason is compiled
	 * without GUNZIP define, we need to skip the gzip
	 * header manually.  Kernel puts minimal 10 byte
	 * header, see sys/kern/subr_compressor.c:gz_reset().
	 */
	if (firstblock) {
		z->next_in += hdrlen;
		z->avail_in -= hdrlen;
		firstblock = false;
	}
	do {
		z->next_out = zbuf;
		z->avail_out = zbufsize;
		rv = inflate(z, Z_NO_FLUSH);
		if (rv != Z_OK && rv != Z_STREAM_END) {
			logmsg(LOG_ERR, "decompression failed: %s", z->msg);
			return (-1);
		}
		w = sparsefwrite(zbuf, zbufsize - z->avail_out, fp);
		if (w < zbufsize - z->avail_out)
			return (-1);
		nw += w;
	} while (z->avail_in > 0 && rv != Z_STREAM_END);

	return (nw);
}

static ssize_t
ZstdWrite(ZSTD_DCtx *Zctx, char *in, size_t insize, FILE *fp)
{
	ZSTD_inBuffer Zin;
	ZSTD_outBuffer Zout;
	size_t nw = 0, w;
	int rv;

	Zin.src = in;
	Zin.size = insize;
	Zin.pos = 0;
	do {
		Zout.dst = zbuf;
		Zout.size = zbufsize;
		Zout.pos = 0;
		rv = ZSTD_decompressStream(Zctx, &Zout, &Zin);
		if (ZSTD_isError(rv)) {
			logmsg(LOG_ERR, "decompression failed: %s",
			    ZSTD_getErrorName(rv));
			return (-1);
		}
		w = sparsefwrite(zbuf, Zout.pos, fp);
		if (w < Zout.pos)
			return (-1);
		nw += w;
	} while (Zin.pos < Zin.size && rv != 0);

	return (nw);
}

static int
DoRegularFile(int fd, off_t dumpsize, u_int sectorsize, bool sparse,
    uint8_t compression, char *buf, const char *device,
    const char *filename, FILE *fp)
{
	size_t nr, wl;
	ssize_t nw;
	off_t dmpcnt, origsize;
	z_stream z;		/* gzip */
	ZSTD_DCtx *Zctx;	/* zstd */

	dmpcnt = 0;
	origsize = dumpsize;
	if (compression == KERNELDUMP_COMP_GZIP) {
		memset(&z, 0, sizeof(z));
		z.zalloc = Z_NULL;
		z.zfree = Z_NULL;
		if (inflateInit2(&z, -MAX_WBITS) != Z_OK) {
			logmsg(LOG_ERR, "failed to initialize zlib: %s", z.msg);
			return (-1);
		}
		zbufsize = BUFFERSIZE;
	} else if (compression == KERNELDUMP_COMP_ZSTD) {
		if ((Zctx = ZSTD_createDCtx()) == NULL) {
			logmsg(LOG_ERR, "failed to initialize zstd");
			return (-1);
		}
		zbufsize = ZSTD_DStreamOutSize();
	}
	if (zbufsize > 0)
		if ((zbuf = malloc(zbufsize)) == NULL) {
			logmsg(LOG_ERR, "failed to alloc decompression buffer");
			return (-1);
		}

	while (dumpsize > 0) {
		wl = BUFFERSIZE;
		if (wl > (size_t)dumpsize)
			wl = dumpsize;
		nr = read(fd, buf, roundup(wl, sectorsize));
		if (nr != roundup(wl, sectorsize)) {
			if (nr == 0)
				logmsg(LOG_WARNING,
				    "WARNING: EOF on dump device");
			else
				logmsg(LOG_ERR, "read error on %s: %m", device);
			nerr++;
			return (-1);
		}
		if (compression == KERNELDUMP_COMP_GZIP)
			nw = GunzipWrite(&z, buf, nr, fp);
		else if (compression == KERNELDUMP_COMP_ZSTD)
			nw = ZstdWrite(Zctx, buf, nr, fp);
		else if (!sparse)
			nw = fwrite(buf, 1, wl, fp);
		else
			nw = sparsefwrite(buf, wl, fp);
		if (nw < 0 || (compression == KERNELDUMP_COMP_NONE &&
		     (size_t)nw != wl)) {
			logmsg(LOG_ERR,
			    "write error on %s file: %m", filename);
			logmsg(LOG_WARNING,
			    "WARNING: vmcore may be incomplete");
			nerr++;
			return (-1);
		}
		if (verbose) {
			dmpcnt += wl;
			printf("%llu\r", (unsigned long long)dmpcnt);
			fflush(stdout);
		}
		dumpsize -= wl;
		if (got_siginfo) {
			printf("%s %.1lf%%\n", filename, (100.0 - (100.0 *
			    (double)dumpsize / (double)origsize)));
			got_siginfo = 0;
		}
	}
	return (0);
}

/*
 * Specialized version of dump-reading logic for use with textdumps, which
 * are written backwards from the end of the partition, and must be reversed
 * before being written to the file.  Textdumps are small, so do a bit less
 * work to optimize/sparsify.
 */
static int
DoTextdumpFile(int fd, off_t dumpsize, off_t lasthd, char *buf,
    const char *device, const char *filename, FILE *fp)
{
	int nr, nw, wl;
	off_t dmpcnt, totsize;

	totsize = dumpsize;
	dmpcnt = 0;
	wl = 512;
	if ((dumpsize % wl) != 0) {
		logmsg(LOG_ERR, "textdump uneven multiple of 512 on %s",
		    device);
		nerr++;
		return (-1);
	}
	while (dumpsize > 0) {
		nr = pread(fd, buf, wl, lasthd - (totsize - dumpsize) - wl);
		if (nr != wl) {
			if (nr == 0)
				logmsg(LOG_WARNING,
				    "WARNING: EOF on dump device");
			else
				logmsg(LOG_ERR, "read error on %s: %m", device);
			nerr++;
			return (-1);
		}
		nw = fwrite(buf, 1, wl, fp);
		if (nw != wl) {
			logmsg(LOG_ERR,
			    "write error on %s file: %m", filename);
			logmsg(LOG_WARNING,
			    "WARNING: textdump may be incomplete");
			nerr++;
			return (-1);
		}
		if (verbose) {
			dmpcnt += wl;
			printf("%llu\r", (unsigned long long)dmpcnt);
			fflush(stdout);
		}
		dumpsize -= wl;
	}
	return (0);
}

static void
DoLiveFile(const char *savedir, int savedirfd, const char *device)
{
	char infoname[32], corename[32], linkname[32], tmpname[32];
	struct mem_livedump_arg marg;
	struct kerneldumpheader kdhl;
	xo_handle_t *xostdout;
	off_t dumplength;
	uint32_t version;
	int fddev, fdcore;
	int bounds;
	int error, status;

	bounds = getbounds(savedirfd);
	status = STATUS_UNKNOWN;

	xostdout = xo_create_to_file(stdout, XO_STYLE_TEXT, 0);
	if (xostdout == NULL) {
		logmsg(LOG_ERR, "xo_create_to_file() failed: %m");
		return;
	}

	/*
	 * Create a temporary file. We will invoke the live dump and its
	 * contents will be written to this fd. After validating and removing
	 * the kernel dump header from the tail-end of this file, it will be
	 * renamed to its definitive filename (e.g. livecore.2.gz).
	 *
	 * If any errors are encountered before the rename, the temporary file
	 * is unlinked.
	 */
	strcpy(tmpname, "livecore.tmp.XXXXXX");
	fdcore = mkostempsat(savedirfd, tmpname, 0, 0);
	if (fdcore < 0) {
		logmsg(LOG_ERR, "error opening temp file: %m");
		return;
	}

	fddev = fileargs_open(capfa, device);
	if (fddev < 0) {
		logmsg(LOG_ERR, "%s: %m", device);
		goto unlinkexit;
	}

	bzero(&marg, sizeof(marg));
	marg.fd = fdcore;
	marg.compression = comp_desired;
	if (ioctl(fddev, MEM_KERNELDUMP, &marg) == -1) {
		logmsg(LOG_ERR,
		    "failed to invoke live-dump on system: %m");
		close(fddev);
		goto unlinkexit;
	}

	/* Close /dev/mem fd, we are finished with it. */
	close(fddev);

	/* Seek to the end of the file, minus the size of the header. */
	if (lseek(fdcore, -(off_t)sizeof(kdhl), SEEK_END) == -1) {
		logmsg(LOG_ERR, "failed to lseek: %m");
		goto unlinkexit;
	}

	if (read(fdcore, &kdhl, sizeof(kdhl)) != sizeof(kdhl)) {
		logmsg(LOG_ERR, "failed to read kernel dump header: %m");
		goto unlinkexit;
	}
	/* Reset cursor */
	(void)lseek(fdcore, 0, SEEK_SET);

	/* Validate the dump header. */
	version = dtoh32(kdhl.version);
	if (compare_magic(&kdhl, KERNELDUMPMAGIC)) {
		if (version != KERNELDUMPVERSION) {
			logmsg(LOG_ERR,
			    "unknown version (%d) in dump header on %s",
			    version, device);
			goto unlinkexit;
		} else if (kdhl.compression != comp_desired) {
			/* This should be impossible. */
			logmsg(LOG_ERR,
			    "dump compression (%u) doesn't match request (%u)",
			    kdhl.compression, comp_desired);
			if (!force)
				goto unlinkexit;
		}
	} else {
		logmsg(LOG_ERR, "magic mismatch on live dump header");
		goto unlinkexit;
	}
	if (kerneldump_parity(&kdhl)) {
		logmsg(LOG_ERR,
		    "parity error on last dump header on %s", device);
		nerr++;
		status = STATUS_BAD;
		if (!force)
			goto unlinkexit;
	} else {
		status = STATUS_GOOD;
	}

	nfound++;
	dumplength = dtoh64(kdhl.dumplength);
	if (dtoh32(kdhl.dumpkeysize) != 0) {
		logmsg(LOG_ERR,
		    "dump header unexpectedly reported keysize > 0");
		goto unlinkexit;
	}

	/* Remove the vestigial kernel dump header. */
	error = ftruncate(fdcore, dumplength);
	if (error != 0) {
		logmsg(LOG_ERR, "failed to truncate the core file: %m");
		goto unlinkexit;
	}

	if (verbose >= 2) {
		printf("\nDump header:\n");
		printheader(xostdout, &kdhl, device, bounds, -1);
		printf("\n");
	}
	logmsg(LOG_ALERT, "livedump");

	writebounds(savedirfd, bounds + 1);
	saved_dump_remove(savedirfd, bounds);

	snprintf(corename, sizeof(corename), "livecore.%d", bounds);
	if (compress)
		strcat(corename, kdhl.compression == KERNELDUMP_COMP_ZSTD ?
		    ".zst" : ".gz");

	if (verbose)
		printf("renaming %s to %s\n", tmpname, corename);
	if (renameat(savedirfd, tmpname, savedirfd, corename) != 0) {
		logmsg(LOG_ERR, "renameat failed: %m");
		goto unlinkexit;
	}

	snprintf(infoname, sizeof(infoname), "info.%d", bounds);
	if (write_header_info(xostdout, &kdhl, savedirfd, infoname, device,
	    bounds, status) != 0) {
		nerr++;
		return;
	}

	logmsg(LOG_NOTICE, "writing %score to %s/%s",
	    compress ? "compressed " : "", savedir, corename);

	if (verbose)
		printf("\n");

	symlinks_remove(savedirfd);
	if (symlinkat(infoname, savedirfd, "info.last") == -1) {
		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
		    savedir, "info.last");
	}

	snprintf(linkname, sizeof(linkname), "livecore.last");
	if (compress)
		strcat(linkname, kdhl.compression == KERNELDUMP_COMP_ZSTD ?
		    ".zst" : ".gz");
	if (symlinkat(corename, savedirfd, linkname) == -1) {
		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
		    savedir, linkname);
	}

	nsaved++;
	if (verbose)
		printf("dump saved\n");

	close(fdcore);
	return;
unlinkexit:
	funlinkat(savedirfd, tmpname, fdcore, 0);
	close(fdcore);
}

static void
DoFile(const char *savedir, int savedirfd, const char *device)
{
	static char *buf = NULL;
	xo_handle_t *xostdout;
	char infoname[32], corename[32], linkname[32], keyname[32];
	char *temp = NULL;
	struct kerneldumpheader kdhf, kdhl;
	uint8_t *dumpkey;
	off_t mediasize, dumpextent, dumplength, firsthd, lasthd;
	FILE *core;
	int fdcore, fddev, error;
	int bounds, status;
	u_int sectorsize;
	uint32_t dumpkeysize;
	bool iscompressed, isencrypted, istextdump, ret;

	/* Live kernel dumps are handled separately. */
	if (livecore) {
		DoLiveFile(savedir, savedirfd, device);
		return;
	}

	bounds = getbounds(savedirfd);
	dumpkey = NULL;
	mediasize = 0;
	status = STATUS_UNKNOWN;

	xostdout = xo_create_to_file(stdout, XO_STYLE_TEXT, 0);
	if (xostdout == NULL) {
		logmsg(LOG_ERR, "xo_create_to_file() failed: %m");
		return;
	}

	if (buf == NULL) {
		buf = malloc(BUFFERSIZE);
		if (buf == NULL) {
			logmsg(LOG_ERR, "%m");
			return;
		}
	}

	if (verbose)
		printf("checking for kernel dump on device %s\n", device);

	fddev = fileargs_open(capfa, device);
	if (fddev < 0) {
		logmsg(LOG_ERR, "%s: %m", device);
		return;
	}

	error = ioctl(fddev, DIOCGMEDIASIZE, &mediasize);
	if (!error)
		error = ioctl(fddev, DIOCGSECTORSIZE, &sectorsize);
	if (error) {
		logmsg(LOG_ERR,
		    "couldn't find media and/or sector size of %s: %m", device);
		goto closefd;
	}

	if (verbose) {
		printf("mediasize = %lld bytes\n", (long long)mediasize);
		printf("sectorsize = %u bytes\n", sectorsize);
	}

	if (sectorsize < sizeof(kdhl)) {
		logmsg(LOG_ERR,
		    "Sector size is less the kernel dump header %zu",
		    sizeof(kdhl));
		goto closefd;
	}

	lasthd = mediasize - sectorsize;
	temp = malloc(sectorsize);
	if (temp == NULL) {
		logmsg(LOG_ERR, "%m");
		goto closefd;
	}
	if (lseek(fddev, lasthd, SEEK_SET) != lasthd ||
	    read(fddev, temp, sectorsize) != (ssize_t)sectorsize) {
		logmsg(LOG_ERR,
		    "error reading last dump header at offset %lld in %s: %m",
		    (long long)lasthd, device);
		goto closefd;
	}
	memcpy(&kdhl, temp, sizeof(kdhl));
	iscompressed = istextdump = false;
	if (compare_magic(&kdhl, TEXTDUMPMAGIC)) {
		if (verbose)
			printf("textdump magic on last dump header on %s\n",
			    device);
		istextdump = true;
		if (dtoh32(kdhl.version) != KERNELDUMP_TEXT_VERSION) {
			logmsg(LOG_ERR,
			    "unknown version (%d) in last dump header on %s",
			    dtoh32(kdhl.version), device);

			status = STATUS_BAD;
			if (!force)
				goto closefd;
		}
	} else if (compare_magic(&kdhl, KERNELDUMPMAGIC)) {
		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
			logmsg(LOG_ERR,
			    "unknown version (%d) in last dump header on %s",
			    dtoh32(kdhl.version), device);

			status = STATUS_BAD;
			if (!force)
				goto closefd;
		}
		switch (kdhl.compression) {
		case KERNELDUMP_COMP_NONE:
			uncompress = false;
			break;
		case KERNELDUMP_COMP_GZIP:
		case KERNELDUMP_COMP_ZSTD:
			if (compress && verbose)
				printf("dump is already compressed\n");
			if (uncompress && verbose)
				printf("dump to be uncompressed\n");
			compress = false;
			iscompressed = true;
			break;
		default:
			logmsg(LOG_ERR, "unknown compression type %d on %s",
			    kdhl.compression, device);
			break;
		}
	} else {
		if (verbose)
			printf("magic mismatch on last dump header on %s\n",
			    device);

		status = STATUS_BAD;
		if (!force)
			goto closefd;

		if (compare_magic(&kdhl, KERNELDUMPMAGIC_CLEARED)) {
			if (verbose)
				printf("forcing magic on %s\n", device);
			memcpy(kdhl.magic, KERNELDUMPMAGIC, sizeof(kdhl.magic));
		} else {
			logmsg(LOG_ERR, "unable to force dump - bad magic");
			goto closefd;
		}
		if (dtoh32(kdhl.version) != KERNELDUMPVERSION) {
			logmsg(LOG_ERR,
			    "unknown version (%d) in last dump header on %s",
			    dtoh32(kdhl.version), device);

			status = STATUS_BAD;
			if (!force)
				goto closefd;
		}
	}

	nfound++;
	if (clear)
		goto nuke;

	if (kerneldump_parity(&kdhl)) {
		logmsg(LOG_ERR,
		    "parity error on last dump header on %s", device);
		nerr++;
		status = STATUS_BAD;
		if (!force)
			goto closefd;
	}
	dumpextent = dtoh64(kdhl.dumpextent);
	dumplength = dtoh64(kdhl.dumplength);
	dumpkeysize = dtoh32(kdhl.dumpkeysize);
	firsthd = lasthd - dumpextent - sectorsize - dumpkeysize;
	if (lseek(fddev, firsthd, SEEK_SET) != firsthd ||
	    read(fddev, temp, sectorsize) != (ssize_t)sectorsize) {
		logmsg(LOG_ERR,
		    "error reading first dump header at offset %lld in %s: %m",
		    (long long)firsthd, device);
		nerr++;
		goto closefd;
	}
	memcpy(&kdhf, temp, sizeof(kdhf));

	if (verbose >= 2) {
		printf("First dump headers:\n");
		printheader(xostdout, &kdhf, device, bounds, -1);

		printf("\nLast dump headers:\n");
		printheader(xostdout, &kdhl, device, bounds, -1);
		printf("\n");
	}

	if (memcmp(&kdhl, &kdhf, sizeof(kdhl))) {
		logmsg(LOG_ERR,
		    "first and last dump headers disagree on %s", device);
		nerr++;
		status = STATUS_BAD;
		if (!force)
			goto closefd;
	} else {
		status = STATUS_GOOD;
	}

	if (checkfor) {
		printf("A dump exists on %s\n", device);
		close(fddev);
		exit(EXIT_SUCCESS);
	}

	if (kdhl.panicstring[0] != '\0')
		logmsg(LOG_ALERT, "reboot after panic: %.*s",
		    (int)sizeof(kdhl.panicstring), kdhl.panicstring);
	else
		logmsg(LOG_ALERT, "reboot");

	if (verbose)
		printf("Checking for available free space\n");

	if (!check_space(savedir, savedirfd, dumplength, bounds)) {
		nerr++;
		goto closefd;
	}

	writebounds(savedirfd, bounds + 1);

	saved_dump_remove(savedirfd, bounds);

	isencrypted = (dumpkeysize > 0);
	if (compress)
		snprintf(corename, sizeof(corename), "%s.%d.gz",
		    istextdump ? "textdump.tar" :
		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
	else if (iscompressed && !isencrypted && !uncompress)
		snprintf(corename, sizeof(corename), "vmcore.%d.%s", bounds,
		    (kdhl.compression == KERNELDUMP_COMP_GZIP) ? "gz" : "zst");
	else
		snprintf(corename, sizeof(corename), "%s.%d",
		    istextdump ? "textdump.tar" :
		    (isencrypted ? "vmcore_encrypted" : "vmcore"), bounds);
	fdcore = openat(savedirfd, corename, O_WRONLY | O_CREAT | O_TRUNC,
	    0600);
	if (fdcore < 0) {
		logmsg(LOG_ERR, "open(%s): %m", corename);
		nerr++;
		goto closefd;
	}

	if (compress)
		core = zdopen(fdcore, "w");
	else
		core = fdopen(fdcore, "w");
	if (core == NULL) {
		logmsg(LOG_ERR, "%s: %m", corename);
		(void)close(fdcore);
		nerr++;
		goto closefd;
	}
	fdcore = -1;

	snprintf(infoname, sizeof(infoname), "info.%d", bounds);
	if (write_header_info(xostdout, &kdhl, savedirfd, infoname, device,
	    bounds, status) != 0) {
		nerr++;
		goto closeall;
	}

	if (isencrypted) {
		dumpkey = calloc(1, dumpkeysize);
		if (dumpkey == NULL) {
			logmsg(LOG_ERR, "Unable to allocate kernel dump key.");
			nerr++;
			goto closeall;
		}

		if (read(fddev, dumpkey, dumpkeysize) != (ssize_t)dumpkeysize) {
			logmsg(LOG_ERR, "Unable to read kernel dump key: %m.");
			nerr++;
			goto closeall;
		}

		snprintf(keyname, sizeof(keyname), "key.%d", bounds);
		ret = writekey(savedirfd, keyname, dumpkey, dumpkeysize);
		explicit_bzero(dumpkey, dumpkeysize);
		if (!ret) {
			nerr++;
			goto closeall;
		}
	}

	logmsg(LOG_NOTICE, "writing %s%score to %s/%s",
	    isencrypted ? "encrypted " : "", compress ? "compressed " : "",
	    savedir, corename);

	if (istextdump) {
		if (DoTextdumpFile(fddev, dumplength, lasthd, buf, device,
		    corename, core) < 0)
			goto closeall;
	} else {
		if (DoRegularFile(fddev, dumplength, sectorsize,
		    !(compress || iscompressed || isencrypted),
		    uncompress ? kdhl.compression : KERNELDUMP_COMP_NONE,
		    buf, device, corename, core) < 0) {
			goto closeall;
		}
	}
	if (verbose)
		printf("\n");

	if (fclose(core) < 0) {
		logmsg(LOG_ERR, "error on %s: %m", corename);
		nerr++;
		goto closefd;
	}

	symlinks_remove(savedirfd);
	if (symlinkat(infoname, savedirfd, "info.last") == -1) {
		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
		    savedir, "info.last");
	}
	if (isencrypted) {
		if (symlinkat(keyname, savedirfd, "key.last") == -1) {
			logmsg(LOG_WARNING,
			    "unable to create symlink %s/%s: %m", savedir,
			    "key.last");
		}
	}
	if ((iscompressed && !uncompress) || compress) {
		snprintf(linkname, sizeof(linkname), "%s.last.%s",
		    istextdump ? "textdump.tar" :
		    (isencrypted ? "vmcore_encrypted" : "vmcore"),
		    (kdhl.compression == KERNELDUMP_COMP_ZSTD) ? "zst" : "gz");
	} else {
		snprintf(linkname, sizeof(linkname), "%s.last",
		    istextdump ? "textdump.tar" :
		    (isencrypted ? "vmcore_encrypted" : "vmcore"));
	}
	if (symlinkat(corename, savedirfd, linkname) == -1) {
		logmsg(LOG_WARNING, "unable to create symlink %s/%s: %m",
		    savedir, linkname);
	}

	nsaved++;

	if (verbose)
		printf("dump saved\n");

nuke:
	if (!keep) {
		if (verbose)
			printf("clearing dump header\n");
		memcpy(kdhl.magic, KERNELDUMPMAGIC_CLEARED, sizeof(kdhl.magic));
		memcpy(temp, &kdhl, sizeof(kdhl));
		if (lseek(fddev, lasthd, SEEK_SET) != lasthd ||
		    write(fddev, temp, sectorsize) != (ssize_t)sectorsize)
			logmsg(LOG_ERR,
			    "error while clearing the dump header: %m");
	}
	xo_close_container_h(xostdout, "crashdump");
	if (xo_finish_h(xostdout) < 0)
		xo_err(EXIT_FAILURE, "stdout");
	free(dumpkey);
	free(temp);
	close(fddev);
	return;

closeall:
	fclose(core);

closefd:
	free(dumpkey);
	free(temp);
	close(fddev);
}

/* Prepend "/dev/" to any arguments that don't already have it */
static char **
devify(int argc, char **argv)
{
	char **devs;
	int i, l;

	devs = malloc(argc * sizeof(*argv));
	if (devs == NULL) {
		logmsg(LOG_ERR, "malloc(): %m");
		exit(EXIT_FAILURE);
	}
	for (i = 0; i < argc; i++) {
		if (strncmp(argv[i], _PATH_DEV, sizeof(_PATH_DEV) - 1) == 0)
			devs[i] = strdup(argv[i]);
		else {
			char *fullpath;

			fullpath = malloc(PATH_MAX);
			if (fullpath == NULL) {
				logmsg(LOG_ERR, "malloc(): %m");
				exit(EXIT_FAILURE);
			}
			l = snprintf(fullpath, PATH_MAX, "%s%s", _PATH_DEV,
			    argv[i]);
			if (l < 0) {
				logmsg(LOG_ERR, "snprintf(): %m");
				exit(EXIT_FAILURE);
			} else if (l >= PATH_MAX) {
				logmsg(LOG_ERR, "device name too long");
				exit(EXIT_FAILURE);
			}
			devs[i] = fullpath;
		}
	}
	return (devs);
}

static char **
enum_dumpdevs(int *argcp)
{
	struct fstab *fsp;
	char **argv;
	int argc, n;

	/*
	 * We cannot use getfsent(3) in capability mode, so we must
	 * scan /etc/fstab and build up a list of candidate devices
	 * before proceeding.
	 */
	argc = 0;
	n = 8;
	argv = malloc(n * sizeof(*argv));
	if (argv == NULL) {
		logmsg(LOG_ERR, "malloc(): %m");
		exit(EXIT_FAILURE);
	}
	for (;;) {
		fsp = getfsent();
		if (fsp == NULL)
			break;
		if (strcmp(fsp->fs_vfstype, "swap") != 0 &&
		    strcmp(fsp->fs_vfstype, "dump") != 0)
			continue;
		if (argc >= n) {
			n *= 2;
			argv = realloc(argv, n * sizeof(*argv));
			if (argv == NULL) {
				logmsg(LOG_ERR, "realloc(): %m");
				exit(EXIT_FAILURE);
			}
		}
		argv[argc] = strdup(fsp->fs_spec);
		if (argv[argc] == NULL) {
			logmsg(LOG_ERR, "strdup(): %m");
			exit(EXIT_FAILURE);
		}
		argc++;
	}
	*argcp = argc;
	return (argv);
}

static void
init_caps(int argc, char **argv)
{
	cap_rights_t rights;
	cap_channel_t *capcas;

	capcas = cap_init();
	if (capcas == NULL) {
		logmsg(LOG_ERR, "cap_init(): %m");
		exit(EXIT_FAILURE);
	}
	/*
	 * The fileargs capability does not currently provide a way to limit
	 * ioctls.
	 */
	(void)cap_rights_init(&rights, CAP_PREAD, CAP_WRITE, CAP_IOCTL);
	capfa = fileargs_init(argc, argv, checkfor || keep ? O_RDONLY : O_RDWR,
	    0, &rights, FA_OPEN);
	if (capfa == NULL) {
		logmsg(LOG_ERR, "fileargs_init(): %m");
		exit(EXIT_FAILURE);
	}
	caph_cache_catpages();
	caph_cache_tzdata();
	if (caph_enter_casper() != 0) {
		logmsg(LOG_ERR, "caph_enter_casper(): %m");
		exit(EXIT_FAILURE);
	}
	capsyslog = cap_service_open(capcas, "system.syslog");
	if (capsyslog == NULL) {
		logmsg(LOG_ERR, "cap_service_open(system.syslog): %m");
		exit(EXIT_FAILURE);
	}
	cap_close(capcas);
}

static void
usage(void)
{
	xo_error("%s\n%s\n%s\n%s\n",
	    "usage: savecore -c [-v] [device ...]",
	    "       savecore -C [-v] [device ...]",
	    "       savecore -L [-fvZz] [-m maxdumps] [directory]",
	    "       savecore [-fkuvz] [-m maxdumps] [directory [device ...]]");
	exit(EXIT_FAILURE);
}

int
main(int argc, char **argv)
{
	cap_rights_t rights;
	const char *savedir;
	char **devs;
	int i, ch, error, savedirfd;

	checkfor = compress = clear = force = keep = livecore = false;
	verbose = 0;
	nfound = nsaved = nerr = 0;
	savedir = ".";
	comp_desired = KERNELDUMP_COMP_NONE;

	openlog("savecore", LOG_PERROR, LOG_DAEMON);
	signal(SIGINFO, infohandler);

	argc = xo_parse_args(argc, argv);
	if (argc < 0)
		exit(EXIT_FAILURE);

	while ((ch = getopt(argc, argv, "CcfkLm:uvZz")) != -1)
		switch(ch) {
		case 'C':
			checkfor = true;
			break;
		case 'c':
			clear = true;
			break;
		case 'f':
			force = true;
			break;
		case 'k':
			keep = true;
			break;
		case 'L':
			livecore = true;
			break;
		case 'm':
			maxdumps = atoi(optarg);
			if (maxdumps <= 0) {
				logmsg(LOG_ERR, "Invalid maxdump value");
				exit(EXIT_FAILURE);
			}
			break;
		case 'u':
			uncompress = true;
			break;
		case 'v':
			verbose++;
			break;
		case 'Z':
			/* No on-the-fly compression with zstd at the moment. */
			if (!livecore)
				usage();
			compress = true;
			comp_desired = KERNELDUMP_COMP_ZSTD;
			break;
		case 'z':
			compress = true;
			comp_desired = KERNELDUMP_COMP_GZIP;
			break;
		case '?':
		default:
			usage();
		}
	if (checkfor && (clear || force || keep))
		usage();
	if (clear && (compress || keep))
		usage();
	if (maxdumps > 0 && (checkfor || clear))
		usage();
	if (compress && uncompress)
		usage();
	if (livecore && (checkfor || clear || uncompress || keep))
		usage();
	argc -= optind;
	argv += optind;
	if (argc >= 1 && !checkfor && !clear) {
		error = chdir(argv[0]);
		if (error) {
			logmsg(LOG_ERR, "chdir(%s): %m", argv[0]);
			exit(EXIT_FAILURE);
		}
		savedir = argv[0];
		argc--;
		argv++;
	}
	if (livecore) {
		if (argc > 0)
			usage();

		/* Always need /dev/mem to invoke the dump */
		devs = malloc(sizeof(char *));
		devs[0] = strdup("/dev/mem");
		argc++;
	} else if (argc == 0)
		devs = enum_dumpdevs(&argc);
	else
		devs = devify(argc, argv);

	savedirfd = open(savedir, O_RDONLY | O_DIRECTORY);
	if (savedirfd < 0) {
		logmsg(LOG_ERR, "open(%s): %m", savedir);
		exit(EXIT_FAILURE);
	}
	(void)cap_rights_init(&rights, CAP_CREATE, CAP_FCNTL, CAP_FSTATAT,
	    CAP_FSTATFS, CAP_PREAD, CAP_SYMLINKAT, CAP_FTRUNCATE, CAP_UNLINKAT,
	    CAP_WRITE);
	if (livecore)
		cap_rights_set(&rights, CAP_RENAMEAT_SOURCE,
		    CAP_RENAMEAT_TARGET);
	if (caph_rights_limit(savedirfd, &rights) < 0) {
		logmsg(LOG_ERR, "cap_rights_limit(): %m");
		exit(EXIT_FAILURE);
	}

	/* Enter capability mode. */
	init_caps(argc, devs);

	for (i = 0; i < argc; i++)
		DoFile(savedir, savedirfd, devs[i]);

	if (nfound == 0) {
		if (checkfor) {
			if (verbose)
				printf("No dump exists\n");
			exit(EXIT_FAILURE);
		}
		if (verbose)
			logmsg(LOG_WARNING, "no dumps found");
	} else if (nsaved == 0) {
		if (nerr != 0) {
			if (verbose)
				logmsg(LOG_WARNING,
				    "unsaved dumps found but not saved");
			exit(EXIT_FAILURE);
		} else if (verbose)
			logmsg(LOG_WARNING, "no unsaved dumps found");
	} else if (verbose) {
		logmsg(LOG_NOTICE, "%d cores saved in %s\n", nsaved, savedir);
	}

	exit(EXIT_SUCCESS);
}

static void
infohandler(int sig __unused)
{
	got_siginfo = 1;
}