Commit Graph

50 Commits

Author SHA1 Message Date
Mark Johnston
e5fff57dd0 Change dumpon(8)'s handling of -g.
Rather than using a special value to denote "use the default router",
treat the absence of the -g option to mean the same thing.  The
in-kernel netdump client will always attempt to reach the server
directly before falling back to the configured gateway anyway.  This
change makes it cleaner to support a hostname value for -g.

Reviewed by:	cem
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D18025
2018-11-18 01:58:48 +00:00
Conrad Meyer
0fb8835bcf dumpon.8: Significantly revamp page
Start with a short summary and cover the options in a standard list style.

Organize sections by common focus and prioritize more useful information
closer to the top.

Flesh out authors, history, caveats, and security considerations sections.

Reviewed by:	markj, eadler (previous version)
Differential Revision:	https://reviews.freebsd.org/D17679
2018-10-26 20:03:59 +00:00
Conrad Meyer
f27d255c59 dumpon(8): Provide seatbelt against weak RSA keys
The premise of dumpon -k foo.pem is that dump contents will be confidential
except to anyone holding the corresponding RSA private key.

This guarantee breaks down when weak RSA keys are used.  Small RSA keys
(e.g. 512 bits) can be broken on a single personal computer in tractible
time.  Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars.
Even 1024 bit keys can probably be broken by sophisticated and wealthy
attackers.

NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and
estimates this provides 112 bits of security.

It would also be good to protect users from weak values of 'e' (i.e., 3) and
perhaps sanity check that their public key .pem does not accidentally
contain their private key as well.  These considerations are left as future
work.

Reviewed by:	markj, darius AT dons.net.au (previous version)
Discussed with:	bjk
Differential Revision:	https://reviews.freebsd.org/D17678
2018-10-26 19:53:59 +00:00
Eitan Adler
3330a6d984 dumpon(8): improve the examples a bit
While here, remove extraneous extraneous Pp

Reviewed by:	jhb (older version)
2018-06-13 09:28:47 +00:00
Eitan Adler
6d6e62dcc3 dumpon: point to better kernel debug symbols.
The objdir is temporary, and the current example points to GENERIC.
Instead point to the installed location of the debug symbols that are
supposed to match the kernel you are using.

PR:		223993
Submitted by:	Trond.Endrestol@ximalas.info
2018-05-23 10:45:32 +00:00
Mark Johnston
0ff40d3d29 Add netdump support to dumpon(8).
A new usage is added so that parameters for netdump may be specified.
Specifically, one configures an interface for netdump with:

# dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name>

Reviewed by:	bdrewery, cem (earlier versions), sbruno
MFC after:	1 month
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D15254
2018-05-06 00:42:30 +00:00
Mark Johnston
6026dcd7ca Add support for zstd-compressed user and kernel core dumps.
This works similarly to the existing gzip compression support, but
zstd is typically faster and gives better compression ratios.

Support for this functionality must be configured by adding ZSTDIO to
one's kernel configuration file. dumpon(8)'s new -Z option is used to
configure zstd compression for kernel dumps. savecore(8) now recognizes
and saves zstd-compressed kernel dumps with a .zst extension.

Submitted by:	cem (original version)
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D13101,
			https://reviews.freebsd.org/D13633
2018-02-13 19:28:02 +00:00
Mark Johnston
64a16434d8 Add support for compressed kernel dumps.
When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.

Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.

savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.

A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.

Reviewed by:	cem (earlier version)
Discussed with:	def, rgrimes
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D11723
2017-10-25 00:51:00 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Konrad Witaszczyk
480f31c214 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
Sevan Janiyan
0530a5214f dumpon(8) appears to be present in FreeBSD 2.0.5,
despite initial import of man page listed FreeBSD 2.1.

PR:		212445
Approved by:	bcr (mentor)
MFC after:	4 days
Differential Revision:	https://reviews.freebsd.org/D8105
2016-10-02 23:35:45 +00:00
Andrey V. Elsukov
a62c8c6a99 Revert r156046. We support setting dumpdev via loader tunable again.
Also change default disk name to ada.

MFC after:	3 weeks
2014-10-08 12:19:48 +00:00
Joel Dahl
4684a6ef0c Adapt to the fact that minidumps are now on by default.
PR:		177188
2013-04-30 07:22:03 +00:00
Alfred Perlstein
4a790edd1b Document that you can use -v along with -l.
Noticed by: pjd
2012-11-02 17:30:08 +00:00
Alfred Perlstein
f6848434fe Add an option to display the current dump device via dumpon -l.
MFC after:	2 weeks
2012-11-01 18:59:19 +00:00
Kris Kennaway
3676d4b6e2 It has not been possible to specify a dumpdev in loader.conf since 2002,
so don't raise false hopes here.
2006-02-27 00:15:53 +00:00
Pav Lucistnik
62aedb0446 - Mention the size of the additional header
PR:		docs/85867
Submitted by:	dinoex
MFC after:	1 week
2006-01-07 19:17:13 +00:00
Ruslan Ermilov
6087df9e8b Sort sections. 2005-01-18 10:09:38 +00:00
Dag-Erling Smørgrav
c0046e261f Verify that the specified device is at least as large as hw.physmem. 2004-10-03 23:38:49 +00:00
Dag-Erling Smørgrav
842ddc99ec Wrap some long lines (no content changes) 2004-10-03 23:35:34 +00:00
Maxim Konovalov
b705040954 `off' is a keyword, not a parameter name.
Obtained from:	DragonFly
2004-07-18 09:57:47 +00:00
Mark Murray
4c723140a4 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
Hiten Pandya
8340d5bcae Bring the dumpon(8) man page closer to reality:
- dumpon utility has not used kern.dumpdev sysctl
      since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
      updated it to use the DIOCSKERNELDUMP ioctl [1]
    - remove obsolete reference to sysctl(3)

While I am there, fix two style nits:

    - use .Nm instead of `dumpon'
    - change NOTES to IMPLEMENTATION NOTES, to bring
      it in line with recommended section headings in
      mdoc(7)

Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]

PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
Tom Rhodes
ce66ddb763 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
Ruslan Ermilov
80c9c8be99 Improve wording even more. 2002-08-13 11:39:38 +00:00
Matthew Dillon
6ff8114c79 Replace the 'at least the amount of physical memory + 64K' with a better
explanation in regards to sizing the dump device.
2002-07-09 17:27:08 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Tom Rhodes
0042d709b8 Update dumpon manual page to explain single/multi-user usability
PR:	36465
No Objections from:	ru
2002-04-09 19:51:50 +00:00
Maxim Sobolev
21367f05ab CG hard sentence breaks.
Submitted by:	ru
2002-01-23 09:35:55 +00:00
Maxim Sobolev
65ab9c78a3 Don't use `you'.
Submitted by:	ru
2002-01-22 21:11:18 +00:00
Maxim Sobolev
dcd7d9b7b7 Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.

MFC after:	2 weeks
2002-01-21 01:16:11 +00:00
Nick Hibma
76c83512ef Typo. 2001-10-28 16:47:06 +00:00
Dima Dorfman
7ebcc426ef Remove whitespace at EOL. 2001-07-15 07:53:42 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Ruslan Ermilov
ed40311694 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Ben Smithurst
d9a9b8dbb6 * Clarify text on choosing a dump device
* Remove the text which states only devices with minor number 1 can be used
  - this is no longer true.
* Mention that dumpon(8) cannot be used to capture dumps from panics during
  kernel initialization.
* /dev/wd -> /dev/ad

PR:		19848
Submitted by:	Udo Erdelhoff <ue@nathan.ruhr.de>
Reviewed by:	sheldonh
2000-07-14 18:04:39 +00:00
Sheldon Hearn
fd5075e5c6 Back out the new advice introduced in the previous commit, which at
least one reviewer is now unhappy with, since it contains incomplete
and misleading advice that is not easy to correct.

The net effect of this commit and the previous commit is to simply
remove all discussion of setting dumpdev to catch crash dumps
prior to entering user mode.
2000-03-28 15:54:32 +00:00
Sheldon Hearn
df586e923b Update instructions for setting the dump device prior to multi-user
mode.

Reported by:	dcs
Submitted by:	asmodai
2000-03-28 09:32:38 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Joseph Koshy
25c0391524 Use current names for swap devices.
PR:		docs/11708
Submitted by:	Matthew D. Fuller <fullermd@over-yonder.net>
1999-05-17 05:23:17 +00:00
Wolfram Schneider
acd8019083 Sort cross references. 1998-08-31 16:41:09 +00:00
Philippe Charnier
8f034b11f2 Capitalize at the start of sentence. Add rcsid. Remove unused #includes.
Use `dumpon' instead of argv[0].
1998-06-15 07:03:47 +00:00
Joseph Koshy
e44af4db8d Correct manual page, based on feedback from Bruce Evans.
Reviewed by: Bruce Evans <bde@freebsd.org>
1998-05-27 11:05:59 +00:00
Joseph Koshy
bb556bcf30 Manual page fix: add cross references, refer to ``dumpdev'' variable in
"/etc/rc.conf".

PR: 6117
Submitted by: Mark Mayo <mark@vmunix.com>
1998-05-25 08:54:40 +00:00
Peter Wemm
c0ec1f37ef Revert $FreeBSD$ to $Id$ 1997-02-22 14:40:44 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Mike Pritchard
85cf659a76 Use the .Fx macro where appropriate. 1996-08-23 00:57:08 +00:00
Mike Pritchard
4bd9ba3c2f Fixed some minor formatting problems to silence manck some more.
Corrected some bogus cross references to man pages that we don't/won't
have and either deleted them, or found a more appropriate man page
that we do have.  Various other minor changes to silence manck.

Manck is currently down to about 200 lines of errors, down from
the 500 - 600+ when I started all this.
1996-02-12 01:20:38 +00:00
Garrett Wollman
83f9dfab4d My utility to specify where you want crash dumps to go. More user
and kernel support to follow.
1995-05-12 19:10:09 +00:00