svn commit: r364876 - head/sys/kern

[Mark Johnston]

Author: markj
Date: Thu Aug 27 17:36:06 2020
New Revision: 364876
URL: https://svnweb.freebsd.org/changeset/base/364876

Log:
  Fix writing of the final block of encrypted, compressed kernel dumps.
  
  Previously any residual data in the final block of a compressed kernel
  dump would be written unencrypted.  Note, such a configuration already
  does not work properly when using AES-CBC since the compressed data is
  typically not a multiple of the AES block length in size and EKCD does
  not implement any padding scheme.  However, EKCD more recently gained
  support for using the ChaCha20 cipher, which being a stream cipher does
  not have this problem.
  
  Submitted by:	sigsys at gmail.com
  Reviewed by:	cem
  MFC after:	1 week
  Differential Revision:	https://reviews.freebsd.org/D26188

Modified:
  head/sys/kern/kern_shutdown.c

Modified: head/sys/kern/kern_shutdown.c
==============================================================================
--- head/sys/kern/kern_shutdown.c	Thu Aug 27 17:30:57 2020	(r364875)
+++ head/sys/kern/kern_shutdown.c	Thu Aug 27 17:36:06 2020	(r364876)
@@ -1464,6 +1464,7 @@ kerneldumpcomp_write_cb(void *base, size_t length, off
 		}
 		resid = length - rlength;
 		memmove(di->blockbuf, (uint8_t *)base + rlength, resid);
+		bzero((uint8_t *)di->blockbuf + resid, di->blocksize - resid);
 		di->kdcomp->kdc_resid = resid;
 		return (EAGAIN);
 	}
@@ -1680,9 +1681,10 @@ dump_finish(struct dumperinfo *di, struct kerneldumphe
 		error = compressor_flush(di->kdcomp->kdc_stream);
 		if (error == EAGAIN) {
 			/* We have residual data in di->blockbuf. */
-			error = dump_write(di, di->blockbuf, 0, di->dumpoff,
-			    di->blocksize);
-			di->dumpoff += di->kdcomp->kdc_resid;
+			error = _dump_append(di, di->blockbuf, 0, di->blocksize);
+			if (error == 0)
+				/* Compensate for _dump_append()'s adjustment. */
+				di->dumpoff -= di->blocksize - di->kdcomp->kdc_resid;
 			di->kdcomp->kdc_resid = 0;
 		}
 		if (error != 0)