Date: Thu, 10 Mar 2022 14:47:36 +0100 (CET) From: Ronald Klop <ronald-lists@klop.ws> To: src-committers@FreeBSD.org, Ed Maste <emaste@FreeBSD.org>, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: Re: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use Message-ID: <61365742.7248.1646920056855@localhost> In-Reply-To: <202203100046.22A0kt0k073098@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_7247_649239289.1646920056853 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Wow. I think I=E2=80=99m going to like this little feature.=20 Van: Ed Maste <emaste@FreeBSD.org> Datum: 10 maart 2022 01:47 Aan: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commi= ts-src-main@FreeBSD.org Onderwerp: git: 67e751f167c9 - main - dumpon: use underlying device if encr= ypted swap is in use >=20 >=20 > The branch main has been updated by emaste: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D67e751f167c98d02f85eb38401= e3e6388db09ac1 >=20 > commit 67e751f167c98d02f85eb38401e3e6388db09ac1 > Author: Ed Maste <emaste@FreeBSD.org> > AuthorDate: 2022-03-07 19:17:01 +0000 > Commit: Ed Maste <emaste@FreeBSD.org> > CommitDate: 2022-03-10 00:43:14 +0000 >=20 > dumpon: use underlying device if encrypted swap is in use > =20 > /etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is = in > use the .eli or .bde device will not exist at the time dumpon runs. > =20 > Even if this is addressed it does not make sense to dump core to > encrypted swap, as the encryption key will not be available after > reboot rendering the dump useless. Thus, for the case that dumpdev= =3DAUTO > and encrypted swap is in use, strip the extension and use the underly= ing > device. > =20 > Emit a warning if we are using the underlying device and the user has= not > configured dump encryption, so that the user knows that the will not = be > encrypted. > =20 > PR: 238301 > Reported by: Ivan Rozhuk > Reviewed by: jilles > MFC after: 1 week > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D34474 > --- > libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) >=20 > diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon > index 752f52315f49..6ca335b73842 100755 > --- a/libexec/rc/rc.d/dumpon > +++ b/libexec/rc/rc.d/dumpon > @@ -33,6 +33,19 @@ dumpon_try() > return 1 > } > =20 > +dumpon_warn_unencrypted() > +{ > + if [ -n "${dumppubkey}" ]; then > + return > + fi > + for flag in ${dumpon_flags}; do > + if [ $flag =3D -k ]; then > + return > + fi > + done > + warn "Kernel dumps will be written to the swap partition without encr= yption." > +} > + > dumpon_start() > { > # Enable dumpdev so that savecore can see it. Enable it > @@ -50,6 +63,12 @@ dumpon_start() > fi > while read dev mp type more ; do > [ "${type}" =3D "swap" ] || continue > + case ${dev} in > + *.bde|*.eli) > + dumpon_warn_unencrypted > + dev=3D${dev%.*} > + ;; > + esac > [ -c "${dev}" ] || continue > dumpon_try "${dev}" 2>/dev/null && return 0 > done </etc/fstab >=20 >=20 >=20 >=20 >=20 ------=_Part_7247_649239289.1646920056853 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head></head><body>Wow. I think I=E2=80=99m going to like this little= feature. <div><br /><p><small><strong>Van:</strong> Ed Maste <emas= te@FreeBSD.org><br /><strong>Datum:</strong> 10 maart 2022 01:47<br /><s= trong>Aan:</strong> src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD= .org, dev-commits-src-main@FreeBSD.org<br /><strong>Onderwerp:</strong> git= : 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is = in use<br /></small></p><blockquote style=3D"margin-left: 5px; border-left:= 3px solid #ccc; margin-right: 0px; padding-left: 5px;"><div class=3D"Messa= geRFC822Viewer do_not_remove" id=3D"P"><!-- P --> <!-- processMimeMessage --><div class=3D"TextPlainViewer do_not_remove" id= =3D"P.P"><!-- P.P -->The branch main has been updated by emaste:<br /> <br /> URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3D67e751f167c98d02f= 85eb38401e3e6388db09ac1">https://cgit.FreeBSD.org/src/commit/?id=3D67e751f1= 67c98d02f85eb38401e3e6388db09ac1</a><br /> <br /> commit 67e751f167c98d02f85eb38401e3e6388db09ac1<br /> Author: Ed Maste <emaste@FreeBSD.org><br /> AuthorDate: 2022-03-07 19:17:01 +0000<br /> Commit: Ed Maste <emaste@FreeBSD.org><br /> CommitDate: 2022-03-10 00:43:14 +0000<br /> <br /> dumpon: use underlying device if encrypted swap is = in use<br /> <br /> /etc/rc.d/dumpon runs before /etc/rc.d/swap. = When encrypted swap is in<br /> use the .eli or .bde device will not exist at the t= ime dumpon runs.<br /> <br /> Even if this is addressed it does not make sense to= dump core to<br /> encrypted swap, as the encryption key will not be a= vailable after<br /> reboot rendering the dump useless. Thus, for = the case that dumpdev=3DAUTO<br /> and encrypted swap is in use, strip the extension a= nd use the underlying<br /> device.<br /> <br /> Emit a warning if we are using the underlying devic= e and the user has not<br /> configured dump encryption, so that the user knows = that the will not be<br /> encrypted.<br /> <br /> PR:  = ; 238301<br /> Reported by: Ivan Rozhuk<br /> Reviewed by: jilles<br /> MFC after: 1 week<br = /> Sponsored by: The FreeBSD Foundation<br= /> Differential Revision: <a href=3D"https://rev= iews.freebsd.org/D34474">https://reviews.freebsd.org/D34474</a><br /> ---<br /> libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++<br /> 1 file changed, 19 insertions(+)<br /> <br /> diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon<br /> index 752f52315f49..6ca335b73842 100755<br /> --- a/libexec/rc/rc.d/dumpon<br /> +++ b/libexec/rc/rc.d/dumpon<br /> @@ -33,6 +33,19 @@ dumpon_try()<br /> return 1<br /> }<br /> <br /> +dumpon_warn_unencrypted()<br /> +{<br /> + if [ -n "${dumppubkey}" ]; then<br /> + return<br /> + fi<br /> + for flag in ${dumpon_flags}; do<br /> + if [ $flag =3D -k ]; then<br /> + return<br /> + fi<br /> + done<br /> + warn "Kernel dumps will be written to the swap partition= without encryption."<br /> +}<br /> +<br /> dumpon_start()<br /> {<br /> # Enable dumpdev so that savecore can see it. Enabl= e it<br /> @@ -50,6 +63,12 @@ dumpon_start()<br /> fi<br /> while read dev mp type more= ; do<br /> [ &= quot;${type}" =3D "swap" ] || continue<br /> + case ${dev} i= n<br /> + *.bde|*.eli)<= br /> + &= nbsp; dumpon_warn_unencrypted<br /> + &= nbsp; dev=3D${dev%.*}<br /> + &= nbsp; ;;<br /> + esac<br /> [ -= c "${dev}" ] || continue<br /> dum= pon_try "${dev}" 2>/dev/null && return 0<br /> done </etc/fstab<br /> <br /> </div><!-- TextPlainViewer --> <hr /> </div><!-- MessageRFC822Viewer --> </blockquote><br /><br /><br /></div></body></html> ------=_Part_7247_649239289.1646920056853--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61365742.7248.1646920056855>