| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
This keeps most startup scripts as CONFS per discussion on src-committers from
back during BSDCan.
Approved by: will (mentor)
Differential Revision: https://reviews.freebsd.org/D16466
Notes:
svn path=/head/; revision=336845
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.
Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.
savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.
A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.
Reviewed by: cem (earlier version)
Discussed with: def, rgrimes
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D11723
Notes:
svn path=/head/; revision=324965
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.
A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.
dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable. Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.
When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore
A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.
Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.
savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.
decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.
Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.
EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.
Designed by: def, pjd
Reviewed by: cem, oshogbo, pjd
Partial review: delphij, emaste, jhb, kib
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4712
Notes:
svn path=/head/; revision=309818
|
| |
|
|
|
|
|
|
|
|
|
| |
Make zfs and zvol come before all of the items that depended on them
previously
MFC after: 2 weeks
Sponsored by: EMC / Isilon Storage Division
Notes:
svn path=/head/; revision=299839
|
| |
|
|
|
|
|
|
|
|
|
| |
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".
Approved by: bapt, brueffer
Differential Revision: D452
Notes:
svn path=/head/; revision=298514
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FILESYSTEMS (the default early_late_divider):
1. Move sysctl to run first
2. Move as many BEFOREs to REQUIREs as possible.
3. Minor effect, move hostid_save from right before mdconfig to right
after.
A lot of the early scripts make use of sysctl one way or another so
running this first makes a lot of sense given that system-critical
values are often placed in sysctl.conf.
My original purpose for working on this was that while doing some
debugging on other stuff I noticed that the order of execution was
different in the first pass through the early scripts and the second.
In practice that doesn't matter because the scripts are not executed the
second time. However this _can_ result in problems if the difference in
the rcorder moves a script from the late section to the early section in
the second pass (which would mean the script would not get executed).
So, I wanted to make the order of execution of the scripts in the early
section more deterministic.
In the course of debugging the ordering problems I noticed that moving
the BEFOREs to REQUIREs prevented the changes in order from the first
pass to the second pass without having to make any substantial changes.
(Of course it's no secret that I think BEFORE should be avoided as much
as possible, but this is a good example of why.)
Reviewed by: silence on freebsd-rc@
MFC after: 8.1-RELEASE
Notes:
svn path=/head/; revision=208307
|
| |
|
|
| |
Notes:
svn path=/head/; revision=180563
|
| |
|
|
|
|
|
| |
diagnostic ouput only if the command fails.
Notes:
svn path=/head/; revision=179943
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
as part of rc. Doing this, and the sourcing of rc.subr after we have
determined if we are booting diskless (and correspondingly run
rc.initdiskless if necessary) are safe, and actually allow fewer files
to be needed on the diskless box. This also allows variables from
the configuration to be available to rc itself, such as ...
Add a variable to rc.conf, early_late_divider, which designates the
script which separates the early and late stages of the boot process.
Default this to mountcritlocal, and add text to etc/defaults/rc.conf,
rc.conf(5) and diskless(8) which describes how and why one might want
to change this.
Reviewed by: brooks
Notes:
svn path=/head/; revision=153298
|
| |
|
|
|
|
|
|
|
|
| |
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.
MFC after: 1 week
Notes:
svn path=/head/; revision=150103
|
| |
|
|
|
|
|
|
|
| |
variable is set to "AUTO".
MFC after: 2 weeks
Notes:
svn path=/head/; revision=147107
|
| |
|
|
|
|
|
| |
This gives a better chance of debugging /dev/random related panics.
Notes:
svn path=/head/; revision=144683
|
| |
|
|
|
|
|
|
| |
create a symbolic link /dev/dumpdev designating that device so
savecore can find and save a previous kernel dump.
Notes:
svn path=/head/; revision=136684
|
| |
|
|
|
|
|
| |
Reviewed by: des
Notes:
svn path=/head/; revision=136663
|
| |
|
|
|
|
|
|
|
|
| |
makes any sense.
Discussed with: dougb, brooks
MFC after: 3 days
Notes:
svn path=/head/; revision=136224
|
| |
|
|
|
|
|
|
|
| |
in /etc/fstab, or print an error message if no suitable device was found.
MFC after: 4 weeks
Notes:
svn path=/head/; revision=135525
|
| |
|
|
|
|
|
| |
Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
Notes:
svn path=/head/; revision=126744
|
| |
|
|
|
|
|
|
| |
Reviewed by: gordon
Approved by: gordon, scottl (mentor)
Notes:
svn path=/head/; revision=125341
|
|
|
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
Notes:
svn path=/head/; revision=98184
|
