Date: Thu, 10 Mar 2022 14:47:36 +0100 (CET) From: Ronald Klop <ronald-lists@klop.ws> To: src-committers@FreeBSD.org, Ed Maste <emaste@FreeBSD.org>, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use Message-ID: <61365742.7248.1646920056855@localhost> In-Reply-To: <202203100046.22A0kt0k073098@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Wow. I think I’m going to like this little feature. Van: Ed Maste <emaste@FreeBSD.org> Datum: 10 maart 2022 01:47 Aan: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Onderwerp: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use > > > The branch main has been updated by emaste: > > URL: https://cgit.FreeBSD.org/src/commit/?id=67e751f167c98d02f85eb38401e3e6388db09ac1 > > commit 67e751f167c98d02f85eb38401e3e6388db09ac1 > Author: Ed Maste <emaste@FreeBSD.org> > AuthorDate: 2022-03-07 19:17:01 +0000 > Commit: Ed Maste <emaste@FreeBSD.org> > CommitDate: 2022-03-10 00:43:14 +0000 > > dumpon: use underlying device if encrypted swap is in use > > /etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is in > use the .eli or .bde device will not exist at the time dumpon runs. > > Even if this is addressed it does not make sense to dump core to > encrypted swap, as the encryption key will not be available after > reboot rendering the dump useless. Thus, for the case that dumpdev=AUTO > and encrypted swap is in use, strip the extension and use the underlying > device. > > Emit a warning if we are using the underlying device and the user has not > configured dump encryption, so that the user knows that the will not be > encrypted. > > PR: 238301 > Reported by: Ivan Rozhuk > Reviewed by: jilles > MFC after: 1 week > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D34474 > --- > libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon > index 752f52315f49..6ca335b73842 100755 > --- a/libexec/rc/rc.d/dumpon > +++ b/libexec/rc/rc.d/dumpon > @@ -33,6 +33,19 @@ dumpon_try() > return 1 > } > > +dumpon_warn_unencrypted() > +{ > + if [ -n "${dumppubkey}" ]; then > + return > + fi > + for flag in ${dumpon_flags}; do > + if [ $flag = -k ]; then > + return > + fi > + done > + warn "Kernel dumps will be written to the swap partition without encryption." > +} > + > dumpon_start() > { > # Enable dumpdev so that savecore can see it. Enable it > @@ -50,6 +63,12 @@ dumpon_start() > fi > while read dev mp type more ; do > [ "${type}" = "swap" ] || continue > + case ${dev} in > + *.bde|*.eli) > + dumpon_warn_unencrypted > + dev=${dev%.*} > + ;; > + esac > [ -c "${dev}" ] || continue > dumpon_try "${dev}" 2>/dev/null && return 0 > done </etc/fstab > > > > > [-- Attachment #2 --] <html><head></head><body>Wow. I think I’m going to like this little feature. <div><br /><p><small><strong>Van:</strong> Ed Maste <emaste@FreeBSD.org><br /><strong>Datum:</strong> 10 maart 2022 01:47<br /><strong>Aan:</strong> src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org<br /><strong>Onderwerp:</strong> git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use<br /></small></p><blockquote style="margin-left: 5px; border-left: 3px solid #ccc; margin-right: 0px; padding-left: 5px;"><div class="MessageRFC822Viewer do_not_remove" id="P"><!-- P --> <!-- processMimeMessage --><div class="TextPlainViewer do_not_remove" id="P.P"><!-- P.P -->The branch main has been updated by emaste:<br /> <br /> URL: <a href="https://cgit.FreeBSD.org/src/commit/?id=67e751f167c98d02f85eb38401e3e6388db09ac1">https://cgit.FreeBSD.org/src/commit/?id=67e751f167c98d02f85eb38401e3e6388db09ac1</a><br /> <br /> commit 67e751f167c98d02f85eb38401e3e6388db09ac1<br /> Author: Ed Maste <emaste@FreeBSD.org><br /> AuthorDate: 2022-03-07 19:17:01 +0000<br /> Commit: Ed Maste <emaste@FreeBSD.org><br /> CommitDate: 2022-03-10 00:43:14 +0000<br /> <br /> dumpon: use underlying device if encrypted swap is in use<br /> <br /> /etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is in<br /> use the .eli or .bde device will not exist at the time dumpon runs.<br /> <br /> Even if this is addressed it does not make sense to dump core to<br /> encrypted swap, as the encryption key will not be available after<br /> reboot rendering the dump useless. Thus, for the case that dumpdev=AUTO<br /> and encrypted swap is in use, strip the extension and use the underlying<br /> device.<br /> <br /> Emit a warning if we are using the underlying device and the user has not<br /> configured dump encryption, so that the user knows that the will not be<br /> encrypted.<br /> <br /> PR: 238301<br /> Reported by: Ivan Rozhuk<br /> Reviewed by: jilles<br /> MFC after: 1 week<br /> Sponsored by: The FreeBSD Foundation<br /> Differential Revision: <a href="https://reviews.freebsd.org/D34474">https://reviews.freebsd.org/D34474</a><br /> ---<br /> libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++<br /> 1 file changed, 19 insertions(+)<br /> <br /> diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon<br /> index 752f52315f49..6ca335b73842 100755<br /> --- a/libexec/rc/rc.d/dumpon<br /> +++ b/libexec/rc/rc.d/dumpon<br /> @@ -33,6 +33,19 @@ dumpon_try()<br /> return 1<br /> }<br /> <br /> +dumpon_warn_unencrypted()<br /> +{<br /> + if [ -n "${dumppubkey}" ]; then<br /> + return<br /> + fi<br /> + for flag in ${dumpon_flags}; do<br /> + if [ $flag = -k ]; then<br /> + return<br /> + fi<br /> + done<br /> + warn "Kernel dumps will be written to the swap partition without encryption."<br /> +}<br /> +<br /> dumpon_start()<br /> {<br /> # Enable dumpdev so that savecore can see it. Enable it<br /> @@ -50,6 +63,12 @@ dumpon_start()<br /> fi<br /> while read dev mp type more ; do<br /> [ "${type}" = "swap" ] || continue<br /> + case ${dev} in<br /> + *.bde|*.eli)<br /> + dumpon_warn_unencrypted<br /> + dev=${dev%.*}<br /> + ;;<br /> + esac<br /> [ -c "${dev}" ] || continue<br /> dumpon_try "${dev}" 2>/dev/null && return 0<br /> done </etc/fstab<br /> <br /> </div><!-- TextPlainViewer --> <hr /> </div><!-- MessageRFC822Viewer --> </blockquote><br /><br /><br /></div></body></html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61365742.7248.1646920056855>