d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
21a8e0b1d5
freebsd-dev/sbin/dumpon/dumpon.8

350 lines
8.5 KiB
Groff
Raw Normal View History

My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
Renumber copyright clause 4 Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
.\" 3. Neither the name of the University nor the names of its contributors
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" From: @(#)swapon.8 8.1 (Berkeley) 6/5/93
$Id$ -> $FreeBSD$
1999-08-28 00:22:10 +00:00
.\" $FreeBSD$
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.\"
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Dd March 6, 2018
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Dt DUMPON 8
mdoc(7) police: removed HISTORY info from the .Os call.
2001-07-10 11:04:34 +00:00
.Os
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Sh NAME
.Nm dumpon
.Nd "specify a device for crash dumps"
.Sh SYNOPSIS
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 16:52:27 +00:00
.Nm
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Op Fl v
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Op Fl k Ar pubkey
.Op Fl Z
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
.Op Fl z
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Ar device
.Nm
.Op Fl v
.Op Fl k Ar pubkey
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
.Op Fl Z
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Op Fl z
.Op Fl g Ar gateway | Li default
.Fl s Ar server
.Fl c Ar client
.Ar iface
mdoc(7) police: use the new features of the Nm macro.
2000-11-20 16:52:27 +00:00
.Nm
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
.Op Fl v
`off' is a keyword, not a parameter name. Obtained from: DragonFly
2004-07-18 09:57:47 +00:00
.Cm off
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
.Nm
Document that you can use -v along with -l. Noticed by: pjd
2012-11-02 17:30:08 +00:00
.Op Fl v
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
.Fl l
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Sh DESCRIPTION
The .Nm utility
2002-07-06 19:34:18 +00:00
The
.Nm
Wrap some long lines (no content changes)
2004-10-03 23:35:34 +00:00
utility is used to specify a device where the kernel can save a crash
dump in the case of a panic.
Manual page fix: add cross references, refer to ``dumpdev'' variable in "/etc/rc.conf". PR: 6117 Submitted by: Mark Mayo <mark@vmunix.com>
1998-05-25 08:54:40 +00:00
.Pp
Remove whitespace at EOL.
2001-07-15 07:53:42 +00:00
Calls to
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
.Nm
normally occur from the system multi-user initialization file
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Pa /etc/rc ,
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
controlled by the
.Dq dumpdev
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
and
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Dq dumpon_flags
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
variables in the boot time configuration file
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
.Pa /etc/rc.conf .
.Pp
Adapt to the fact that minidumps are now on by default. PR: 177188
2013-04-30 07:22:03 +00:00
The default type of kernel crash dump is the mini crash dump.
Mini crash dumps hold only memory pages in use by the kernel.
Alternatively, full memory dumps can be enabled by setting the
.Va debug.minidump
.Xr sysctl 8
variable to 0.
.Pp
For systems using full memory dumps, the size of the specified dump
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
device must be at least the size of physical memory.
- Mention the size of the additional header PR: docs/85867 Submitted by: dinoex MFC after: 1 week
2006-01-07 19:17:13 +00:00
Even though an additional 64 kB header is added to the dump, the BIOS for a
Wrap some long lines (no content changes)
2004-10-03 23:35:34 +00:00
platform typically holds back some memory, so it is not usually
Improve wording even more.
2002-08-13 11:39:38 +00:00
necessary to size the dump device larger than the actual amount of RAM
available in the machine.
Adapt to the fact that minidumps are now on by default. PR: 177188
2013-04-30 07:22:03 +00:00
Also, when using full memory dumps, the
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
.Nm
utility will refuse to enable a dump device which is smaller than the
total amount of physical memory as reported by the
.Va hw.physmem
.Xr sysctl 8
variable.
.Pp
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Nm
is used to configure a local storage device as the dump device.
With additional parameters, the kernel can instead be configured to
transmit a dump to a remote server using
.Xr netdump 4 .
This eliminates the need to reserve space for saving crash dumps and
is especially useful in diskless environments.
The
.Xr netdump 4
server address is specified with
.Fl s Ar server ,
and the local address is specified with
.Fl c Ar client .
The
.Fl g Ar gateway
parameter may be used to specify a first-hop router to the server,
or to specify that the currently configured default gateway is to
be used.
Note that the
.Xr netdump 4
configuration is not automatically updated if any network configuration
(e.g., the default route) changes after the
.Nm
invocation.
The name of the interface to be used must be specified as
.Ar iface .
The interface must be up in order to configure
.Xr netdump 4 .
.Pp
Verify that the specified device is at least as large as hw.physmem.
2004-10-03 23:38:49 +00:00
The
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Fl k Ar pubkey
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
flag causes
.Nm
to generate a one-time key for kernel crash dump encryption.
The key will be replaced by a new one when the
.Nm
utility is run again.
The key is encrypted using
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Ar pubkey .
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
This process is sandboxed using
.Xr capsicum 4 .
Both plain and encrypted keys are sent to the kernel using
.Dv DIOCSKERNELDUMP
.Xr ioctl 2 .
A user can specify the
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Ar pubkey
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
in the
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Dq dumpon_flags
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
variable defined in
.Pa /etc/rc.conf
for use with the
.Pa /etc/rc.d/dumpon
.Xr rc 8
script.
This flag requires a kernel compiled with the
.Dv EKCD
kernel option.
.Pp
The
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
.Fl z
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
and
.Fl Z
options configure the kernel to compress the dump before writing it to
the dump device.
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
This reduces the amount of space required for the dump and accelerates
recovery with
.Xr savecore 8
since less data needs to be copied from the dump device.
When compression is enabled, the
.Nm
utility will not verify that the dump device is sufficiently large for a full
dump.
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
The
.Fl z
and
.Fl Z
options cause the dump to be written in
.Xr gzip 1
and
.Xr zstd 1
format, respectively.
These flags require a kernel compiled with the
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
.Dv GZIO
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
or
.Dv ZSTDIO
kernel options.
.Pp
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
.Pp
The
Add an option to display the current dump device via dumpon -l. MFC after: 2 weeks
2012-11-01 18:59:19 +00:00
.Fl l
flag causes
.Nm
to print the current dump device or _PATH_DEVNULL ("/dev/null") if no device is
configured.
.Pp
The
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Fl v
Remove whitespace at EOL.
2001-07-15 07:53:42 +00:00
flag causes
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Nm
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
to be verbose about its activity.
Bring the dumpon(8) man page closer to reality: - dumpon utility has not used kern.dumpdev sysctl since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@ updated it to use the DIOCSKERNELDUMP ioctl [1] - remove obsolete reference to sysctl(3) While I am there, fix two style nits: - use .Nm instead of `dumpon' - change NOTES to IMPLEMENTATION NOTES, to bring it in line with recommended section headings in mdoc(7) Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1] PR: docs/39293 Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
.Sh IMPLEMENTATION NOTES
* Clarify text on choosing a dump device * Remove the text which states only devices with minor number 1 can be used - this is no longer true. * Mention that dumpon(8) cannot be used to capture dumps from panics during kernel initialization. * /dev/wd -> /dev/ad PR: 19848 Submitted by: Udo Erdelhoff <ue@nathan.ruhr.de> Reviewed by: sheldonh
2000-07-14 18:04:39 +00:00
Since a
.Xr panic 9
condition may occur in a situation
where the kernel cannot trust its internal representation
s/filesystem/file system/g as discussed on -developers
2002-08-21 18:11:48 +00:00
of the state of any given file system,
* Clarify text on choosing a dump device * Remove the text which states only devices with minor number 1 can be used - this is no longer true. * Mention that dumpon(8) cannot be used to capture dumps from panics during kernel initialization. * /dev/wd -> /dev/ad PR: 19848 Submitted by: Udo Erdelhoff <ue@nathan.ruhr.de> Reviewed by: sheldonh
2000-07-14 18:04:39 +00:00
one of the system swap devices,
and
.Em not
s/filesystem/file system/g as discussed on -developers
2002-08-21 18:11:48 +00:00
a device containing a file system,
* Clarify text on choosing a dump device * Remove the text which states only devices with minor number 1 can be used - this is no longer true. * Mention that dumpon(8) cannot be used to capture dumps from panics during kernel initialization. * /dev/wd -> /dev/ad PR: 19848 Submitted by: Udo Erdelhoff <ue@nathan.ruhr.de> Reviewed by: sheldonh
2000-07-14 18:04:39 +00:00
should be used as the dump device.
Manual page fix: add cross references, refer to ``dumpdev'' variable in "/etc/rc.conf". PR: 6117 Submitted by: Mark Mayo <mark@vmunix.com>
1998-05-25 08:54:40 +00:00
.Pp
Remove whitespace at EOL.
2001-07-15 07:53:42 +00:00
The
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Nm
Bring the dumpon(8) man page closer to reality: - dumpon utility has not used kern.dumpdev sysctl since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@ updated it to use the DIOCSKERNELDUMP ioctl [1] - remove obsolete reference to sysctl(3) While I am there, fix two style nits: - use .Nm instead of `dumpon' - change NOTES to IMPLEMENTATION NOTES, to bring it in line with recommended section headings in mdoc(7) Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1] PR: docs/39293 Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
utility operates by opening
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Ar device
Bring the dumpon(8) man page closer to reality: - dumpon utility has not used kern.dumpdev sysctl since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@ updated it to use the DIOCSKERNELDUMP ioctl [1] - remove obsolete reference to sysctl(3) While I am there, fix two style nits: - use .Nm instead of `dumpon' - change NOTES to IMPLEMENTATION NOTES, to bring it in line with recommended section headings in mdoc(7) Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1] PR: docs/39293 Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
and making a
.Dv DIOCSKERNELDUMP
.Xr ioctl 2
request on it to save kernel crash dumps.
If
Add netdump support to dumpon(8). A new usage is added so that parameters for netdump may be specified. Specifically, one configures an interface for netdump with: # dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name> Reviewed by: bdrewery, cem (earlier versions), sbruno MFC after: 1 month Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
.Ar device
Correct manual page, based on feedback from Bruce Evans. Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
is the text string:
Bring the dumpon(8) man page closer to reality: - dumpon utility has not used kern.dumpdev sysctl since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@ updated it to use the DIOCSKERNELDUMP ioctl [1] - remove obsolete reference to sysctl(3) While I am there, fix two style nits: - use .Nm instead of `dumpon' - change NOTES to IMPLEMENTATION NOTES, to bring it in line with recommended section headings in mdoc(7) Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1] PR: docs/39293 Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
.Dq Li off ,
.Nm
performs a
.Dv DIOCSKERNELDUMP
.Xr ioctl 2
on
.Pa /dev/null
and thus instructs the kernel not to save crash dumps.
Revert r156046. We support setting dumpdev via loader tunable again. Also change default disk name to ada. MFC after: 3 weeks
2014-10-08 12:19:48 +00:00
.Pp
Since
.Nm
cannot be used during kernel initialization, the
.Va dumpdev
variable of
.Xr loader 8
must be used to enable dumps for system panics which occur
during kernel initialization.
Sort sections.
2005-01-18 10:09:38 +00:00
.Sh FILES
Revert r156046. We support setting dumpdev via loader tunable again. Also change default disk name to ada. MFC after: 3 weeks
2014-10-08 12:19:48 +00:00
.Bl -tag -width "/dev/{ada,da}?s?b" -compact
.It Pa /dev/{ada,da}?s?b
Sort sections.
2005-01-18 10:09:38 +00:00
standard swap areas
.It Pa /etc/rc.conf
boot-time system configuration
.El
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
.Sh EXAMPLES
In order to generate an RSA private key a user can use the
.Xr genrsa 1
tool:
.Pp
.Dl # openssl genrsa -out private.pem 4096
.Pp
A public key can be extracted from the private key using the
.Xr rsa 1
tool:
.Pp
.Dl # openssl rsa -in private.pem -out public.pem -pubout
.Pp
Once the RSA keys are created the private key should be moved to a safe place.
Now
.Pa public.pem
can be used by
.Nm
to configure encrypted kernel crash dumps:
.Pp
.Dl # dumpon -k public.pem /dev/ada0s1b
.Pp
It is recommended to test if the kernel saves encrypted crash dumps using the
current configuration.
The easiest way to do that is to cause a kernel panic using the
.Xr ddb 4
debugger:
.Pp
.Dl # sysctl debug.kdb.panic=1
.Pp
In the debugger the following commands should be typed to write a core dump and
reboot:
.Pp
.Dl db> call doadump(0)
.Dl db> reset
.Pp
After reboot
.Xr savecore 8
should be able to save the core dump in the core directory which is
.Pa /var/crash
by default:
.Pp
.Dl # savecore /var/crash /dev/ada0s1b
.Pp
Three files should be created in the core directory:
.Pa info.# ,
.Pa key.#
and
.Pa vmcore_encrypted.#
where
.Dq #
is the number of the last core dump saved by
.Xr savecore 8 .
The
.Pa vmcore_encrypted.#
can be decrypted using the
.Xr decryptcore 8
utility:
.Pp
.Dl # decryptcore -p private.pem -k key.# -e vmcore_encrypted.# -c vmcore.#
.Pp
or shorter:
.Pp
.Dl # decryptcore -p private.pem -n #
.Pp
The
.Pa vmcore.#
can be now examined using
.Xr kgdb 1 :
.Pp
dumpon: point to better kernel debug symbols. The objdir is temporary, and the current example points to GENERIC. Instead point to the installed location of the debug symbols that are supposed to match the kernel you are using. PR: 223993 Submitted by: Trond.Endrestol@ximalas.info
2018-05-23 10:45:32 +00:00
.Dl # kgdb /usr/lib/debug/boot/kernel/kernel.debug vmcore.#
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
.Pp
or shorter:
.Pp
dumpon: point to better kernel debug symbols. The objdir is temporary, and the current example points to GENERIC. Instead point to the installed location of the debug symbols that are supposed to match the kernel you are using. PR: 223993 Submitted by: Trond.Endrestol@ximalas.info
2018-05-23 10:45:32 +00:00
.Dl # kgdb -n # /usr/lib/debug/boot/kernel/kernel.debug
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
.Pp
The core was decrypted properly if
.Xr kgdb 1
does not print any errors.
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Sh SEE ALSO
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
.Xr gzip 1 ,
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
.Xr kgdb 1 ,
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
.Xr zstd 1 ,
Add support for encrypted kernel crash dumps. Changes include modifications in kernel crash dump routines, dumpon(8) and savecore(8). A new tool called decryptcore(8) was added. A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump configuration in the diocskerneldump_arg structure to the kernel. The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for backward ABI compatibility. dumpon(8) generates an one-time random symmetric key and encrypts it using an RSA public key in capability mode. Currently only AES-256-CBC is supported but EKCD was designed to implement support for other algorithms in the future. The public key is chosen using the -k flag. The dumpon rc(8) script can do this automatically during startup using the dumppubkey rc.conf(5) variable. Once the keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O control. When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random IV and sets up the key schedule for the specified algorithm. Each time the kernel tries to write a crash dump to the dump device, the IV is replaced by a SHA-256 hash of the previous value. This is intended to make a possible differential cryptanalysis harder since it is possible to write multiple crash dumps without reboot by repeating the following commands: # sysctl debug.kdb.enter=1 db> call doadump(0) db> continue # savecore A kernel dump key consists of an algorithm identifier, an IV and an encrypted symmetric key. The kernel dump key size is included in a kernel dump header. The size is an unsigned 32-bit integer and it is aligned to a block size. The header structure has 512 bytes to match the block size so it was required to make a panic string 4 bytes shorter to add a new field to the header structure. If the kernel dump key size in the header is nonzero it is assumed that the kernel dump key is placed after the first header on the dump device and the core dump is encrypted. Separate functions were implemented to write the kernel dump header and the kernel dump key as they need to be unencrypted. The dump_write function encrypts data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps are not supported due to the way they are constructed which makes it impossible to use the CBC mode for encryption. It should be also noted that textdumps don't contain sensitive data by design as a user decides what information should be dumped. savecore(8) writes the kernel dump key to a key.# file if its size in the header is nonzero. # is the number of the current core dump. decryptcore(8) decrypts the core dump using a private RSA key and the kernel dump key. This is performed by a child process in capability mode. If the decryption was not successful the parent process removes a partially decrypted core dump. Description on how to encrypt crash dumps was added to the decryptcore(8), dumpon(8), rc.conf(5) and savecore(8) manual pages. EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU. The feature still has to be tested on arm and arm64 as it wasn't possible to run FreeBSD due to the problems with QEMU emulation and lack of hardware. Designed by: def, pjd Reviewed by: cem, oshogbo, pjd Partial review: delphij, emaste, jhb, kib Approved by: pjd (mentor) Differential Revision: https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
.Xr ddb 4 ,
Manual page fix: add cross references, refer to ``dumpdev'' variable in "/etc/rc.conf". PR: 6117 Submitted by: Mark Mayo <mark@vmunix.com>
1998-05-25 08:54:40 +00:00
.Xr fstab 5 ,
.Xr rc.conf 5 ,
.Xr config 8 ,
Add support for zstd-compressed user and kernel core dumps. This works similarly to the existing gzip compression support, but zstd is typically faster and gives better compression ratios. Support for this functionality must be configured by adding ZSTDIO to one's kernel configuration file. dumpon(8)'s new -Z option is used to configure zstd compression for kernel dumps. savecore(8) now recognizes and saves zstd-compressed kernel dumps with a .zst extension. Submitted by: cem (original version) Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D13101, https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
.Xr decryptcore 8 ,
Sort cross references.
1998-08-31 16:41:09 +00:00
.Xr init 8 ,
Revert r156046. We support setting dumpdev via loader tunable again. Also change default disk name to ada. MFC after: 3 weeks
2014-10-08 12:19:48 +00:00
.Xr loader 8 ,
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Xr rc 8 ,
Manual page fix: add cross references, refer to ``dumpdev'' variable in "/etc/rc.conf". PR: 6117 Submitted by: Mark Mayo <mark@vmunix.com>
1998-05-25 08:54:40 +00:00
.Xr savecore 8 ,
.Xr swapon 8 ,
.Xr panic 9
My utility to specify where you want crash dumps to go. More user and kernel support to follow.
1995-05-12 19:10:09 +00:00
.Sh HISTORY
The
.Nm
The .Nm utility
2002-07-06 19:34:18 +00:00
utility appeared in
dumpon(8) appears to be present in FreeBSD 2.0.5, despite initial import of man page listed FreeBSD 2.1. PR: 212445 Approved by: bcr (mentor) MFC after: 4 days Differential Revision: https://reviews.freebsd.org/D8105
2016-10-02 23:35:45 +00:00
.Fx 2.0.5 .
Sort sections.
2005-01-18 10:09:38 +00:00
.Sh BUGS
Because the file system layer is already dead by the time a crash dump
is taken, it is not possible to send crash dumps directly to a file.
Add support for compressed kernel dumps. When using a kernel built with the GZIO config option, dumpon -z can be used to configure gzip compression using the in-kernel copy of zlib. This is useful on systems with large amounts of RAM, which require a correspondingly large dump device. Recovery of compressed dumps is also faster since fewer bytes need to be copied from the dump device. Because we have no way of knowing the final size of a compressed dump until it is written, the kernel will always attempt to dump when compression is configured, regardless of the dump device size. If the dump is aborted because we run out of space, an error is reported on the console. savecore(8) is modified to handle compressed dumps and save them to vmcore.<index>.gz, as it does when given the -z option. A new rc.conf variable, dumpon_flags, is added. Its value is added to the boot-time dumpon(8) invocation that occurs when a dump device is configured in rc.conf. Reviewed by: cem (earlier version) Discussed with: def, rgrimes Relnotes: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
.Pp
It is currently not possible to configure both compression and encryption.
The encrypted dump format assumes that the kernel dump size is a multiple
of the cipher block size, which may not be true when the dump is compressed.
Reference in New Issue Copy Permalink