From nobody Thu Mar 17 01:09:03 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id BD0051A2C340; Thu, 17 Mar 2022 01:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KJpv34X0Lz3KMM; Thu, 17 Mar 2022 01:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647479343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iyI7rXX17eo3sKZFTYDXuXH+FrrLj3X/ubV9aZhnqPM=; b=eOYuL5BCe0aMM4VQkE653fenMFpVjbKCpJAiCpg1r5gjwvn+kyEx7xTQ7VOurpSLxw33jh sYq2cKsi/Os4s7O/pIEJ6b9tYK1QgwozgLXJGv8IKjYJU3Jd/Z4XwaSArWysQwNymGPhlK uV0T0I7gy6sOtpTDqC7jMBlQbZYsnTlA8KTYEHYw5vMUbMAYYesfHZP6KJ+trezzHg5m57 PRsnsfqtpSD/d6UI5QXZWYZu5C+djvvqziZ7BvgQXL3ENOd+ifZSKpgZyE2n6C5YtVdUHh V17h47MrMzU3BCMWpNIe6XMbijqbTagqqhFuwkm0DGF9vj2TVOo2PtATsqL5TA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7880E20F1C; Thu, 17 Mar 2022 01:09:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 22H193Js069707; Thu, 17 Mar 2022 01:09:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 22H193o3069706; Thu, 17 Mar 2022 01:09:03 GMT (envelope-from git) Date: Thu, 17 Mar 2022 01:09:03 GMT Message-Id: <202203170109.22H193o3069706@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 2a719333189d - stable/13 - dumpon: use underlying device if encrypted swap is in use List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 2a719333189d9637c0997c4256e5a42a38505c1e Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1647479343; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iyI7rXX17eo3sKZFTYDXuXH+FrrLj3X/ubV9aZhnqPM=; b=fSpc7f3jR/dMEsnXw31ju9IhsY2p2SNJJlCmRN7Idb1jy+eUIpUIp7j+rGR1tE0Vss1tOq JrroIyAVyPsbb7jpxSfSXWHoMBQJ74jSoUvY4tii7Uxg8VLGur+TnJC1bSnSsk9T9HFRzC DZM8sWcsXycCFzXJ6l0R1M+iSUcKmjMagrvm4fdJf4qhmIUiiH+AFEf5w1n8qhDXLl+t5o KTzEq9kfh+mC6MEiIdeGX0f3eFcrVIASvD1EXiF6+KSSKgQDuB3Sq5S4pVRMtORTS1/ypk VUyfLTgRBF2L4lx6Yb/K3K3qjRY53LLA5g1FVEOys94n0db20eP2QwCZdJKBXw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1647479343; a=rsa-sha256; cv=none; b=vxYmZ6Y4rQjC5+SAJNiDKZnWTsD/kA+9P7iZuv6GdAlhN6skwZPssKZvlormpY408BRwAg SdqbCIfL6GQxtzuCl739goL3v2/tLoGhMc98ZRGPEl5TyLOmjd+wcCvVGWhyxosI3H/TWE dURDE6w99tw9RAz8cYipauW/HPlS2ANzatOM5SDRTqImVqmzw1yLmhmhErKwUguljS6U9B 4bnhOedmUITR1Svlqcg8EFf/HRQrb5wGSCxPqsOD+0Ry2aqmYvSNBci4+fY2cGs2yiiXNI yKc6lA25f9QIKxDFbF5OMTOgZ8d7Fi06lkb65YLZzxwvp0DIN7dPUYdkBoJ+Cw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=2a719333189d9637c0997c4256e5a42a38505c1e commit 2a719333189d9637c0997c4256e5a42a38505c1e Author: Ed Maste AuthorDate: 2022-03-07 19:17:01 +0000 Commit: Ed Maste CommitDate: 2022-03-17 01:08:56 +0000 dumpon: use underlying device if encrypted swap is in use /etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is in use the .eli or .bde device will not exist at the time dumpon runs. Even if this is addressed it does not make sense to dump core to encrypted swap, as the encryption key will not be available after reboot rendering the dump useless. Thus, for the case that dumpdev=AUTO and encrypted swap is in use, strip the extension and use the underlying device. Emit a warning if we are using the underlying device and the user has not configured dump encryption, so that the user knows that the will not be encrypted. PR: 238301 Reported by: Ivan Rozhuk Reviewed by: jilles MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D34474 (cherry picked from commit 67e751f167c98d02f85eb38401e3e6388db09ac1) --- libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon index dddbf2af01cc..a1132c78da68 100755 --- a/libexec/rc/rc.d/dumpon +++ b/libexec/rc/rc.d/dumpon @@ -33,6 +33,19 @@ dumpon_try() return 1 } +dumpon_warn_unencrypted() +{ + if [ -n "${dumppubkey}" ]; then + return + fi + for flag in ${dumpon_flags}; do + if [ $flag = -k ]; then + return + fi + done + warn "Kernel dumps will be written to the swap partition without encryption." +} + dumpon_start() { # Enable dumpdev so that savecore can see it. Enable it @@ -49,6 +62,12 @@ dumpon_start() fi while read dev mp type more ; do [ "${type}" = "swap" ] || continue + case ${dev} in + *.bde|*.eli) + dumpon_warn_unencrypted + dev=${dev%.*} + ;; + esac [ -c "${dev}" ] || continue dumpon_try "${dev}" 2>/dev/null && return 0 done