From owner-freebsd-hackers@FreeBSD.ORG Sun Nov 1 15:14:58 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 64A1B1065692 for ; Sun, 1 Nov 2009 15:14:58 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id E59F88FC1A for ; Sun, 1 Nov 2009 15:14:57 +0000 (UTC) Received: by bwz5 with SMTP id 5so5460760bwz.3 for ; Sun, 01 Nov 2009 07:14:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=Tn4Hkj2tr78ITRg8EV+4ulTjYWXHny0K/PC5T/jJTjY=; b=pMiWFUWYtQuDbiXUj0YeraDKlVTWAwNlGMsZY3WIjKK1BQbg9bvDO0VjuFrfmU3rl2 M+A9t4/trxzsvvyzM4MGD3Y1E+Z7wSocqOSNx15QTc/NX49XRKve/fWto+0zytOryWKy ZrderGugrLe6+pJytPGV3lOCggItctrDoHNyA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=nBE02SMTLhjCLO33HIvLWQYUf4u9jG8c4PmReLv0Szki8qOFYvHodnsLUt0pquWkft wXwYP35w3JuRb4EExNL5zAUvTzTVJ2CzAeW+lBaV2wHOaLuwRyYaRzpWQrbKT5CSJRw6 h1GOsTAp3tfKZxm57IvfWFa+NrH+Vobg0hvrI= Received: by 10.204.15.3 with SMTP id i3mr3078630bka.71.1257088496403; Sun, 01 Nov 2009 07:14:56 -0800 (PST) Received: from localhost (lan-78-157-90-54.vln.skynet.lt [78.157.90.54]) by mx.google.com with ESMTPS id 2sm4295975fks.18.2009.11.01.07.14.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 01 Nov 2009 07:14:55 -0800 (PST) Date: Sun, 1 Nov 2009 17:14:27 +0200 From: Gleb Kurtsou To: remodeler Message-ID: <20091101151427.GA2846@tops> References: <20091101004815.M83360@alentogroup.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20091101004815.M83360@alentogroup.org> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-hackers@freebsd.org Subject: Re: dumpon to an encrypted swap partition? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Nov 2009 15:14:58 -0000 On (31/10/2009 19:59), remodeler wrote: > I am running 8.0 RC1 on a multi-user server with a few dozen vnet-enabled > jails and netgraph. The swap partition is encrypted by its /etc/fstab entry, like: > > /dev/ad2s1b.eli none swap sw 0 0 > > I am getting sporadic kernel panics on reboot, during the GEOM_JOURNAL > shutdown sequence. However, they occur after geli detaches the swap partition, > so I get an error like: > > Cannot dump. Device not defined or unavailable. As far as I remember you should configure dump device to be raw swap partition. Like /dev/ad2s1b in your case, and you can continue using it for encrypted swap. I suppose you are using one time passwords for swap partitions, so dump can't be restored after reboot anyway. But there are issues with saving dump from encrypted swap after reboot. See http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/124747 It's about dependencies during startup and the patch from PR is not entirely correct/complete. > I know I can set dumpdev in /etc/rc.conf to a file rather than a swap > partition, but is there a way to (1) have an encrypted swap partition, and (2) > dump a core to a swap partition without failure? If I set up a second > unencrypted swap, I can't let the system write potentially confidential > information into that space. No, using file as dumpdev is impossible, not all device drivers support crash dumps (because after kernel panic all interrupts are masked, acquiring mutex always succeeds, driver should be able to operate in poling mode, etc). I've never tried, but it seems dumping to umass devices should be supported now, if you are concerned with security. Otherwise solution would be to create special unencrypted partition for dumps. > Also, at the end of the panic, I get the message: > > Automatic reboot in 15 seconds - press a key on the console to abort > > but then the server hangs and requires manual power-down and reboot. I thought > a reboot was inevitable after a kernel panic - that nothing could prevent it > in terms of misbehaving processes, etc. Any idea what could cause such a freeze? > > Thank you. > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"