socsvn commit: r286799 - soc2013/def/crashdump-head/sys/kern
def at FreeBSD.org
def at FreeBSD.org
Sun Jun 7 18:59:53 UTC 2015
Author: def
Date: Sun Jun 7 18:59:52 2015
New Revision: 286799
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=286799
Log:
Create a custom handler for sysctl security.ekcd.enable. Don't dump a key when EKCD is disabled.
Modified:
soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
Modified: soc2013/def/crashdump-head/sys/kern/kern_shutdown.c
==============================================================================
--- soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Jun 7 17:50:28 2015 (r286798)
+++ soc2013/def/crashdump-head/sys/kern/kern_shutdown.c Sun Jun 7 18:59:52 2015 (r286799)
@@ -153,16 +153,17 @@
size_t kdc_bufused;
} dumpcrypto;
-static struct kerneldumpkey *dumpkey;
+static struct kerneldumpkey *dumpkey = NULL;
+static int kerneldump_sysctl_enable(SYSCTL_HANDLER_ARGS);
static int kerneldump_sysctl_key(SYSCTL_HANDLER_ARGS);
static int kerneldump_sysctl_encryptedkey(SYSCTL_HANDLER_ARGS);
SYSCTL_NODE(_security, OID_AUTO, ekcd, CTLFLAG_RW, 0,
"Encrypted kernel crash dumps");
-SYSCTL_INT(_security_ekcd, OID_AUTO, enable, CTLFLAG_RW, &dumpcrypto.kdc_enable,
- 0, "Enable encrypted kernel crash dumps");
+SYSCTL_PROC(_security_ekcd, OID_AUTO, enable, CTLTYPE_INT | CTLFLAG_RW, NULL, 0,
+ kerneldump_sysctl_enable, "I", "Enable encrypted kernel crash dumps");
SYSCTL_PROC(_security_ekcd, OID_AUTO, key, CTLTYPE_OPAQUE | CTLFLAG_WR, NULL, 0,
kerneldump_sysctl_key, "", "Key");
@@ -887,6 +888,24 @@
}
static int
+kerneldump_sysctl_enable(SYSCTL_HANDLER_ARGS)
+{
+ int error;
+
+ error = sysctl_handle_opaque(oidp, &dumpcrypto.kdc_enable,
+ sizeof(dumpcrypto.kdc_enable), req);
+ if (error != 0)
+ return (error);
+
+ if (dumpcrypto.kdc_enable == 1)
+ dumper.kdk = dumpkey;
+ else
+ dumper.kdk = NULL;
+
+ return (0);
+}
+
+static int
kerneldump_sysctl_key(SYSCTL_HANDLER_ARGS)
{
int error;
More information about the svn-soc-all
mailing list