From nobody Thu Mar 10 13:47:36 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4E9EC1A16B0D; Thu, 10 Mar 2022 13:47:46 +0000 (UTC) (envelope-from SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4KDr3j3Dzmz3FpK; Thu, 10 Mar 2022 13:47:45 +0000 (UTC) (envelope-from SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl) Date: Thu, 10 Mar 2022 14:47:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1646920057; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=xN5UF+ZZlIG4+oqfsfMiCTg1TaSrqpJ3rSAOotGp5Vo=; b=gEH/Tze6eZMhXg4jub2WB4xRB3ni7h6qZ0C9pBXxNPVKRzxvxb3fjraspVmUFHPmFjvc04 vLAlGcbyOhq5KqpkDg+CQMldBpnJskncK7LmrxrAacKBRX2lg/cAB/SsKwh7+k3CWCGykM uxqiWZShECPQUYCdKxRfeEDiOyDyOnDHv9SGzLhzaPla0Y5KnJkMsTImRWugcn0qRuuTK2 N1pSOTEN/HGyRYYYUpX4j0pVqxI9IxJVP/ncNFR2u3U7ERCXxSTSkQT7sQ+Ikvl+D1idwj QQp64QAz27ilnaKk1jehf+QoS4WO8iSTb8BjfWU/vtCvjgiucQPI1MXF+jRBQQ== From: Ronald Klop To: src-committers@FreeBSD.org, Ed Maste , dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Message-ID: <61365742.7248.1646920056855@localhost> In-Reply-To: <202203100046.22A0kt0k073098@gitrepo.freebsd.org> Subject: Re: git: 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is in use List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_7247_649239289.1646920056853" X-Mailer: Realworks (598.47.d79868e) Importance: Normal X-Priority: 3 (Normal) X-Rspamd-Queue-Id: 4KDr3j3Dzmz3FpK X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=rw2 header.b="gEH/Tze6"; dmarc=pass (policy=quarantine) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of "SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl" designates 194.109.157.24 as permitted sender) smtp.mailfrom="SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl" X-Spamd-Result: default: False [-3.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24]; NEURAL_HAM_LONG(-1.00)[-1.000]; DKIM_TRACE(0.00)[klop.ws:+]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; HAS_X_PRIO_THREE(0.00)[3]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[dev-commits-src-all,dev-commits-src-main]; FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl]; RCVD_COUNT_ZERO(0.00)[0]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]; FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=qaCJ=TV=klop.ws=ronald-lists@realworks.nl] X-ThisMailContainsUnwantedMimeParts: N ------=_Part_7247_649239289.1646920056853 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Wow. I think I=E2=80=99m going to like this little feature.=20 Van: Ed Maste Datum: 10 maart 2022 01:47 Aan: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commi= ts-src-main@FreeBSD.org Onderwerp: git: 67e751f167c9 - main - dumpon: use underlying device if encr= ypted swap is in use >=20 >=20 > The branch main has been updated by emaste: >=20 > URL: https://cgit.FreeBSD.org/src/commit/?id=3D67e751f167c98d02f85eb38401= e3e6388db09ac1 >=20 > commit 67e751f167c98d02f85eb38401e3e6388db09ac1 > Author: Ed Maste > AuthorDate: 2022-03-07 19:17:01 +0000 > Commit: Ed Maste > CommitDate: 2022-03-10 00:43:14 +0000 >=20 > dumpon: use underlying device if encrypted swap is in use > =20 > /etc/rc.d/dumpon runs before /etc/rc.d/swap. When encrypted swap is = in > use the .eli or .bde device will not exist at the time dumpon runs. > =20 > Even if this is addressed it does not make sense to dump core to > encrypted swap, as the encryption key will not be available after > reboot rendering the dump useless. Thus, for the case that dumpdev= =3DAUTO > and encrypted swap is in use, strip the extension and use the underly= ing > device. > =20 > Emit a warning if we are using the underlying device and the user has= not > configured dump encryption, so that the user knows that the will not = be > encrypted. > =20 > PR: 238301 > Reported by: Ivan Rozhuk > Reviewed by: jilles > MFC after: 1 week > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D34474 > --- > libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) >=20 > diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon > index 752f52315f49..6ca335b73842 100755 > --- a/libexec/rc/rc.d/dumpon > +++ b/libexec/rc/rc.d/dumpon > @@ -33,6 +33,19 @@ dumpon_try() > return 1 > } > =20 > +dumpon_warn_unencrypted() > +{ > + if [ -n "${dumppubkey}" ]; then > + return > + fi > + for flag in ${dumpon_flags}; do > + if [ $flag =3D -k ]; then > + return > + fi > + done > + warn "Kernel dumps will be written to the swap partition without encr= yption." > +} > + > dumpon_start() > { > # Enable dumpdev so that savecore can see it. Enable it > @@ -50,6 +63,12 @@ dumpon_start() > fi > while read dev mp type more ; do > [ "${type}" =3D "swap" ] || continue > + case ${dev} in > + *.bde|*.eli) > + dumpon_warn_unencrypted > + dev=3D${dev%.*} > + ;; > + esac > [ -c "${dev}" ] || continue > dumpon_try "${dev}" 2>/dev/null && return 0 > done =20 >=20 >=20 >=20 >=20 ------=_Part_7247_649239289.1646920056853 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable Wow. I think I=E2=80=99m going to like this little= feature. 

Van: Ed Maste <emas= te@FreeBSD.org>
Datum: 10 maart 2022 01:47
Aan: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD= .org, dev-commits-src-main@FreeBSD.org
Onderwerp: git= : 67e751f167c9 - main - dumpon: use underlying device if encrypted swap is = in use

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=3D67e751f1= 67c98d02f85eb38401e3e6388db09ac1

commit 67e751f167c98d02f85eb38401e3e6388db09ac1
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-07 19:17:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-03-10 00:43:14 +0000

    dumpon: use underlying device if encrypted swap is = in use
    
    /etc/rc.d/dumpon runs before /etc/rc.d/swap.  = When encrypted swap is in
    use the .eli or .bde device will not exist at the t= ime dumpon runs.
    
    Even if this is addressed it does not make sense to= dump core to
    encrypted swap, as the encryption key will not be a= vailable after
    reboot rendering the dump useless.  Thus, for = the case that dumpdev=3DAUTO
    and encrypted swap is in use, strip the extension a= nd use the underlying
    device.
    
    Emit a warning if we are using the underlying devic= e and the user has not
    configured dump encryption, so that the user knows = that the will not be
    encrypted.
    
    PR:         = ;    238301
    Reported by:    Ivan Rozhuk
    Reviewed by:    jilles
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation     Differential Revision:  https://reviews.freebsd.org/D34474
---
 libexec/rc/rc.d/dumpon | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/libexec/rc/rc.d/dumpon b/libexec/rc/rc.d/dumpon
index 752f52315f49..6ca335b73842 100755
--- a/libexec/rc/rc.d/dumpon
+++ b/libexec/rc/rc.d/dumpon
@@ -33,6 +33,19 @@ dumpon_try()
    return 1
 }
 
+dumpon_warn_unencrypted()
+{
+   if [ -n "${dumppubkey}" ]; then
+       return
+   fi
+   for flag in ${dumpon_flags}; do
+       if [ $flag =3D -k ]; then
+           return
+       fi
+   done
+   warn "Kernel dumps will be written to the swap partition= without encryption."
+}
+
 dumpon_start()
 {
    # Enable dumpdev so that savecore can see it. Enabl= e it
@@ -50,6 +63,12 @@ dumpon_start()
        fi
        while read dev mp type more= ; do
            [ &= quot;${type}" =3D "swap" ] || continue
+           case ${dev} i= n
+           *.bde|*.eli)<= br /> +             &= nbsp; dumpon_warn_unencrypted
+             &= nbsp; dev=3D${dev%.*}
+             &= nbsp; ;;
+           esac
            [ -= c "${dev}" ] || continue
            dum= pon_try "${dev}" 2>/dev/null && return 0
        done </etc/fstab





------=_Part_7247_649239289.1646920056853--