Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
The new '-L' flag will cause savecore to invoke the new mem(4) kernel
dump ioctl, taking a dump of the running system and writing the result
to a temporary file. Validation of the dump header is performed, similar
to regular crash dumps, and the final result is written to
livecore.X[.zst|.gz].
Also added is the '-Z' flag, which instructs the kernel to compress the
livedump compressed with zstd, akin to the existing -z flag. This option
has no effect in normal savecore(8) operation, but in theory could be
extended to perform such compression while reading the dump from the
dump device.
Encryption is unsupported for live dumps.
For example: 'savecore -Lz /var/crash' would create:
/var/crash/livecore.0.gz
Reviewed by: markj
MFC after: 2 weeks
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34347
Move it to a separate function, allowing its reuse.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34822
All files are now created relative to savedirfd, e.g. with openat(2).
Therefore, we do not need character buffers to be PATH_MAX bytes long,
just long enough to hold the complete filename. 32 bytes is long enough
in all cases. These can be allocated on the stack.
While here, fix an error message that attempts to use an uninitialized
infoname.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34821
So that new callers of getbounds() don't need to duplicate it.
Reviewed by: markj
MFC after: 3 days
Sponsored by: Juniper Networks, Inc.
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D34783
Declare how many cores we saved, and where we saved them to. Drop a
comment about emitting little information; it's obvious from the block
in question that we emit nothing without verbose.
Reviewed by: markj
Sponsored by: NetApp, Inc.
Sponsored by: Klara, Inc.
X-NetApp-PR: #65
Differential Revision: https://reviews.freebsd.org/D31393
kernel during dump time.
A real life scenario is that cores are compressed to reduce
size of dumpon partition, but we either don't care about space
in the /var/crash or we have a filesystem level compression of
/var/crash. And we want cores to be uncompressed in /var/crash
because we'd like to instantily read them with kgdb. In this
case we want kernel to write cores compressed, but savecore(1)
write them uncompressed.
Reviewed by: markj, gallatin
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27245
dumpon has accepted device names without the prefix ever since r291207.
Since dumpon and savecore are always paired, they ought to accept the same
arguments. Prior to this change, specifying 'dumpdev="da3"' in
/etc/rc.conf, for example, would result in dumpon working just fine but
savecore complaining that "Dump device does not exist".
PR: 247618
Reviewed by: cem, bcr
MFC after: 2 weeks
Sponsored by: Axcient
Differential Revision: https://reviews.freebsd.org/D25500
This helps with event correlation when machines are distributed
across multiple time zones.
Format the time with relaxed ISO 8601 for all the usual reasons.
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
- Use cap_fileargs(3) to open dump devices after entering capability
mode, and use cap_syslog(3) to log messages.
- Use a relative directory fd to open output files.
- Use zdopen(3) to compress kernel dumps in capability mode.
Reviewed by: cem, oshogbo
MFC after: 2 months
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D18458
Rev 244218 removed the requirement that you provide a dump
directory when checking if there is a coredump ready to be written.
That had the side-effect of causing the bounds file to be read
from the current working directory instead of the dump directory.
As the bounds file is irrelevant when just checking, the simplest
fix is to not read the bounds file when checking.
Reviewed by: markj
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D14383
This works similarly to the existing gzip compression support, but
zstd is typically faster and gives better compression ratios.
Support for this functionality must be configured by adding ZSTDIO to
one's kernel configuration file. dumpon(8)'s new -Z option is used to
configure zstd compression for kernel dumps. savecore(8) now recognizes
and saves zstd-compressed kernel dumps with a .zst extension.
Submitted by: cem (original version)
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D13101,
https://reviews.freebsd.org/D13633
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.
Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.
savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.
A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.
Reviewed by: cem (earlier version)
Discussed with: def, rgrimes
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D11723
I was swayed a little too quickly when I saw the wiki page discussing
kB vs KiB. Switch back as none of the code in base openly uses
IEC units via humanize_number(3) (which was my next step), and there's
a large degree of dislike with IEC vs more SI-like units.
MFC after: 7 weeks
Submitted by: jhb, rgrimes
Sponsored by: Dell EMC Isilon
- Use strtoll(3) instead of atoi(3), because atoi(3) limits the
representable data to INT_MAX. Check the values received from
strtoll(3), trimming trailing whitespace off the end to maintain
POLA.
- Use `KiB` instead of `kB` when describing free space, total space,
etc. I am now fully aware of `KiB` being the IEC standard for 1024
bytes and `kB` being the IEC standard for 1000 bytes.
- Store available number of KiB in `available` so it can be more
easily queried and compared to ensure that there are enough KiB to
store the dump image on disk.
- Print out the reserved space on disk, per `minfree`, so end-users
can troubleshoot why check_space(..) is reporting that there isn't
enough free space.
MFC after: 7 weeks
Reviewed by: Anton Rang <rang@acm.com> (earlier diff), cem (earlier diff)
Tested with: positive/negative cases (see review); make tinderbox
Sponsored by: Dell EMC Isilon
Differential Revision: D10379
- State that the units are kB.
- Be more complete/concise in terms of what is required (in this case
`minfree` must be at least `X`kB)
MFC after: 7 weeks
Sponsored by: Dell EMC Isilon
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
- Perform final decryption and write decrypted data in case of non-block aligned
input data;
- Use strlcpy(3) instead of strncpy(3) to verify if paths aren't too long;
- Check errno after calling unlink(2) instead of calling stat(2) in order to
verify if a decrypted core was created by a child process;
- Free dumpkey.
Reported by: Coverity, cem, pfg
Suggested by: cem
CID: 1366936, 1366942, 1366951, 1366952
Approved by: pjd (mentor)
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.
A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.
dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable. Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.
When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore
A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.
Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.
savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.
decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.
Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.
EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.
Designed by: def, pjd
Reviewed by: cem, oshogbo, pjd
Partial review: delphij, emaste, jhb, kib
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4712
A premature optimization lead to caching a native-sector sized memory
allocation. If the program examined a 512 byte sector disk, then a 4096
byte sector disk, the program would overrun the cached 512 byte buffer.
Just remove the optimization to fix the bug. This was introduced with the 4Kn
dump support in r298076.
Reported by: markj
Reviewed by: markj, rpokala
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D8162
Also, call endfsent after calling getfsent (i.e. when not explicitly called
with a swap device) for code cleanliness
CID: 1354785
Differential Revision: https://reviews.freebsd.org/D6014
X-MFC with: r298076
Reported by: Coverity
Reviewed by: cem
Sponsored by: EMC / Isilon Storage Division
(And 4Kn minidump support, but only for amd64.)
Make sure all I/O to the dump device is of the native sector size. To
that end, we keep a native sector sized buffer associated with dump
devices (di->blockbuf) and use it to pad smaller objects as needed (e.g.
kerneldumpheader).
Add dump_write_pad() as a convenience API to dump smaller objects with
zero padding. (Rather than pull in NPM leftpad, we wrote our own.)
Savecore(1) has been updated to deal with these dumps. The format for
512-byte sector dumps should remain backwards compatible.
Minidumps for other architectures are left as an exercise for the
reader.
PR: 194279
Submitted by: ambrisko@
Reviewed by: cem (earlier version), rpokala
Tested by: rpokala (4Kn/512 except 512 fulldump), cem (512 fulldump)
Relnotes: yes
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D5848
Make savecore(8) more suitable for init-time scripts; be quiet by default.
Sponsored by: EMC / Isilon Storage Division
Differential Revision: https://reviews.freebsd.org/D3229
This is a follow-up to r289845, which only fixed one occurence of CID
1009429.
Coverity CID: 1009429
Reviewed by: markj
MFC after: 2 weeks
X-MFC-With: r289845
Sponsored by: Spectra Logic
Differential Revision: https://reviews.freebsd.org/D4096
last one. To make it easier to find the last one create symlinks with 'last'
suffix that will point to the files of the last coredump, eg.:
info.last -> info.5
textdump.tar.last.gz -> textdump.tar.5.gz
Reviewed by: avg
Obtained from: WHEEL Systems
