From owner-freebsd-arch@FreeBSD.ORG  Wed Jan 12 14:36:44 2005
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5F3B516A4CE; Wed, 12 Jan 2005 14:36:44 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 02A3C43D58; Wed, 12 Jan 2005 14:36:44 +0000 (GMT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id j0CEWhTF042014;
	Wed, 12 Jan 2005 09:32:43 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)j0CEWhMi042011;
	Wed, 12 Jan 2005 14:32:43 GMT
	(envelope-from robert@fledge.watson.org)
Date: Wed, 12 Jan 2005 14:32:43 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
In-Reply-To: <20050112131950.GN795@darkness.comp.waw.pl>
Message-ID: <Pine.NEB.3.96L.1050112142745.41530B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: arch@FreeBSD.org
Subject: Re: "Kernel" dumps.
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jan 2005 14:36:44 -0000


On Wed, 12 Jan 2005, Pawel Jakub Dawidek wrote:

> We need improve our dumps, really. 
> 
> First of all they are too big, because we dump whole memory.  Second of
> all, they are not safe for our users. 
> 
> We should implement two things: 
> 
> - dumping only kernel pages (dump is smaller and without sensitive data
>   from userland processes);
> - add a malloc(9) flag M_NOUMP which will prevent from dumping
>   pages with sensitive data (e.g. GBDE keys).
> 
> Any VM-skilled volunteers? Pretty please...

While I don't object in principle to these changes (and recognize why they
would be quite beneficial), an important consideration in any touching of
the debugging code is minimizing the chances that corrupt kernel data
structures will prevent us from gathering debugging information
effectively.  If the dump code has to walk VM data structures extensively,
that increases the risk that the dump will fail due to an invalid pointer
dereference, especially if what's being debugged is a VM bug.  We already
enter a temporary mapping for each physical page during the dump process
so that the pages can be dumped, I guess, so maybe this is not such a big
issue.  However, one of the things that has made FreeBSD a great operating
system to develop on in the past has been robust and consistent debugging
tools--the current tools seem a little less robust post-SMPng, largely due
to relatively minor nits that need to be cleaned up, but I'd hate for them
to get less reliable if that's avoidable. 

Robert N M Watson