Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Nov 2009 17:14:27 +0200
From:      Gleb Kurtsou <gleb.kurtsou@gmail.com>
To:        remodeler <remodeler@alentogroup.org>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: dumpon to an encrypted swap partition?
Message-ID:  <20091101151427.GA2846@tops>
In-Reply-To: <20091101004815.M83360@alentogroup.org>
References:  <20091101004815.M83360@alentogroup.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On (31/10/2009 19:59), remodeler wrote:
> I am running 8.0 RC1 on a multi-user server with a few dozen vnet-enabled
> jails and netgraph. The swap partition is encrypted by its /etc/fstab entry, like:
> 
> /dev/ad2s1b.eli   none    swap    sw   0   0
> 
> I am getting sporadic kernel panics on reboot, during the GEOM_JOURNAL
> shutdown sequence. However, they occur after geli detaches the swap partition,
> so I get an error like:
> 
> Cannot dump. Device not defined or unavailable.
As far as I remember you should configure dump device to be raw swap
partition. Like /dev/ad2s1b in your case, and you can continue using it
for encrypted swap. I suppose you are using one time passwords for swap
partitions, so dump can't be restored after reboot anyway.

But there are issues with saving dump from encrypted swap after reboot.
See http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/124747
It's about dependencies during startup and the patch from PR is not
entirely correct/complete.

> I know I can set dumpdev in /etc/rc.conf to a file rather than a swap
> partition, but is there a way to (1) have an encrypted swap partition, and (2)
> dump a core to a swap partition without failure? If I set up a second
> unencrypted swap, I can't let the system write potentially confidential
> information into that space.
No, using file as dumpdev is impossible, not all device drivers support
crash dumps (because after kernel panic all interrupts are masked,
acquiring mutex always succeeds, driver should be able to operate in
poling mode, etc). I've never tried, but it seems dumping to umass
devices should be supported now, if you are concerned with security.
Otherwise solution would be to create special unencrypted partition for
dumps.

> Also, at the end of the panic, I get the message:
> 
> Automatic reboot in 15 seconds - press a key on the console to abort
> 
> but then the server hangs and requires manual power-down and reboot. I thought
> a reboot was inevitable after a kernel panic - that nothing could prevent it
> in terms of misbehaving processes, etc. Any idea what could cause such a freeze?
> 
> Thank you.
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091101151427.GA2846>