Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 7 Jun 2015 18:59:52 GMT
From:      def@FreeBSD.org
To:        svn-soc-all@FreeBSD.org
Subject:   socsvn commit: r286799 - soc2013/def/crashdump-head/sys/kern
Message-ID:  <201506071859.t57IxqSv015191@socsvn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: def
Date: Sun Jun  7 18:59:52 2015
New Revision: 286799
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=286799

Log:
  Create a custom handler for sysctl security.ekcd.enable. Don't dump a key when EKCD is disabled.

Modified:
  soc2013/def/crashdump-head/sys/kern/kern_shutdown.c

Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
==============================================================================
--- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c	Sun Jun  7 17:50:28 2015	(r286798)
+++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c	Sun Jun  7 18:59:52 2015	(r286799)
@@ -153,16 +153,17 @@
 	size_t		kdc_bufused;
 } dumpcrypto;
 
-static struct kerneldumpkey *dumpkey;
+static struct kerneldumpkey *dumpkey = NULL;
 
+static int kerneldump_sysctl_enable(SYSCTL_HANDLER_ARGS);
 static int kerneldump_sysctl_key(SYSCTL_HANDLER_ARGS);
 static int kerneldump_sysctl_encryptedkey(SYSCTL_HANDLER_ARGS);
 
 SYSCTL_NODE(_security, OID_AUTO, ekcd, CTLFLAG_RW, 0,
     "Encrypted kernel crash dumps");
 
-SYSCTL_INT(_security_ekcd, OID_AUTO, enable, CTLFLAG_RW, &dumpcrypto.kdc_enable,
-    0, "Enable encrypted kernel crash dumps");
+SYSCTL_PROC(_security_ekcd, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
+    kerneldump_sysctl_enable, "I", "Enable encrypted kernel crash dumps");
 
 SYSCTL_PROC(_security_ekcd, OID_AUTO, key, CTLTYPE_OPAQUE | CTLFLAG_WR, NULL, 0,
     kerneldump_sysctl_key, "", "Key");
@@ -887,6 +888,24 @@
 }
 
 static int
+kerneldump_sysctl_enable(SYSCTL_HANDLER_ARGS)
+{
+	int error;
+
+	error = sysctl_handle_opaque(oidp, &dumpcrypto.kdc_enable,
+	    sizeof(dumpcrypto.kdc_enable), req);
+	if (error != 0)
+		return (error);
+
+	if (dumpcrypto.kdc_enable == 1)
+		dumper.kdk = dumpkey;
+	else
+		dumper.kdk = NULL;
+
+	return (0);
+}
+
+static int
 kerneldump_sysctl_key(SYSCTL_HANDLER_ARGS)
 {
 	int error;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506071859.t57IxqSv015191>