Re: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ronald Klop <ronald-lists_at_klop.ws>
Date: Thu, 10 Mar 2022 13:47:36 UTC
Wow. I think I’m going to like this little feature. 


Van: Ed Maste <emaste@FreeBSD.org>
Datum: 10 maart 2022 01:47
Aan: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Onderwerp: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use

> 
> 
> The branch main has been updated by emaste:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=67e751f167c98d02f85eb38401e3e6388db09ac1
> 
> commit 67e751f167c98d02f85eb38401e3e6388db09ac1
> Author:     Ed Maste <emaste@FreeBSD.org>
> AuthorDate: 2022-03-07 19:17:01 +0000
> Commit:     Ed Maste <emaste@FreeBSD.org>
> CommitDate: 2022-03-10 00:43:14 +0000
> 
>     dumpon: use underlying device if encrypted swap is in use
>     
>     /etc/rc.d/dumpon runs before /etc/rc.d/swap.  When encrypted swap is in
>     use the .eli or .bde device will not exist at the time dumpon runs.
>     
>     Even if this is addressed it does not make sense to dump core to
>     encrypted swap, as the encryption key will not be available after
>     reboot rendering the dump useless.  Thus, for the case that dumpdev=AUTO
>     and encrypted swap is in use, strip the extension and use the underlying
>     device.
>     
>     Emit a warning if we are using the underlying device and the user has not
>     configured dump encryption, so that the user knows that the will not be
>     encrypted.
>     
>     PR:             238301
>     Reported by:    Ivan Rozhuk
>     Reviewed by:    jilles
>     MFC after:      1 week
>     Sponsored by:   The FreeBSD Foundation
>     Differential Revision:  https://reviews.freebsd.org/D34474
> ---
>  libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++
>  1 file changed, 19 insertions(+)
> 
> diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon
> index 752f52315f49..6ca335b73842 100755
> --- a/libexec/rc/rc.d/dumpon
> +++ b/libexec/rc/rc.d/dumpon
> @@ -33,6 +33,19 @@ dumpon_try()
>     return 1
>  }
>  
> +dumpon_warn_unencrypted()
> +{
> +   if [ -n "${dumppubkey}" ]; then
> +       return
> +   fi
> +   for flag in ${dumpon_flags}; do
> +       if [ $flag = -k ]; then
> +           return
> +       fi
> +   done
> +   warn "Kernel dumps will be written to the swap partition without encryption."
> +}
> +
>  dumpon_start()
>  {
>     # Enable dumpdev so that savecore can see it. Enable it
> @@ -50,6 +63,12 @@ dumpon_start()
>         fi
>         while read dev mp type more ; do
>             [ "${type}" = "swap" ] || continue
> +           case ${dev} in
> +           *.bde|*.eli)
> +               dumpon_warn_unencrypted
> +               dev=${dev%.*}
> +               ;;
> +           esac
>             [ -c "${dev}" ] || continue
>             dumpon_try "${dev}" 2>/dev/null && return 0
>         done </etc/fstab
> 
> 
> 
> 
>