Commit Graph

78 Commits

Author SHA1 Message Date
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
def
f63c437216 Add support for encrypted kernel crash dumps.
Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable.  Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by:	def, pjd
Reviewed by:	cem, oshogbo, pjd
Partial review:	delphij, emaste, jhb, kib
Approved by:	pjd (mentor)
Differential Revision:	https://reviews.freebsd.org/D4712
2016-12-10 16:20:39 +00:00
sevan
59111b0218 dumpon(8) appears to be present in FreeBSD 2.0.5,
despite initial import of man page listed FreeBSD 2.1.

PR:		212445
Approved by:	bcr (mentor)
MFC after:	4 days
Differential Revision:	https://reviews.freebsd.org/D8105
2016-10-02 23:35:45 +00:00
araujo
60e49e1bc5 Use nitems() instead of sizeof(name) / sizeof(*name).
MFC after:	2 weeks.
2016-04-19 04:28:25 +00:00
gjb
4e38aaedb8 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
smh
7f6c6181f2 Fix dumpon compatibility with dumpdev kenv
The dumpdev kenv supports devices without the /dev/ prefix, fix dumpon to
also support this which is required after r288153.

MFC after:	1 week
Sponsored by:	Multiplay
2015-11-23 14:06:21 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
ae
301ee8d315 Revert r156046. We support setting dumpdev via loader tunable again.
Also change default disk name to ada.

MFC after:	3 weeks
2014-10-08 12:19:48 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
joel
7272c2592c Adapt to the fact that minidumps are now on by default.
PR:		177188
2013-04-30 07:22:03 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
alfred
2b3e07730c Document that you can use -v along with -l.
Noticed by: pjd
2012-11-02 17:30:08 +00:00
alfred
feaa48d246 Add an option to display the current dump device via dumpon -l.
MFC after:	2 weeks
2012-11-01 18:59:19 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
ru
763b9ae1f8 Switch the default WARNS level for sbin/ to 6.
Submitted by:	Ulrich Spörlein
2009-10-19 16:00:24 +00:00
jhb
cd8e0d8e34 Whitespace and style nits. 2006-10-31 22:36:49 +00:00
ps
e5dcb86413 With minidumps, the dumping partition could be smaller than physical
memory, so checking the size of the partition is not necessary.

Tested by:	kris
2006-04-27 19:01:54 +00:00
kris
1b9852a9cf It has not been possible to specify a dumpdev in loader.conf since 2002,
so don't raise false hopes here.
2006-02-27 00:15:53 +00:00
pav
642af77374 - Mention the size of the additional header
PR:		docs/85867
Submitted by:	dinoex
MFC after:	1 week
2006-01-07 19:17:13 +00:00
ru
13fe9ea5a2 Sort sections. 2005-01-18 10:09:38 +00:00
des
cf2ba42b02 Promote mediasize and physmem to uintmax_t when comparing them. 2004-10-04 06:54:19 +00:00
des
72fbac0362 Whitespace nit. 2004-10-03 23:53:54 +00:00
des
b0b3b91c96 dumpon builds cleanly at WARNS level 6. 2004-10-03 23:39:14 +00:00
des
6ad3287252 Verify that the specified device is at least as large as hw.physmem. 2004-10-03 23:38:49 +00:00
des
67f651e056 Wrap some long lines (no content changes) 2004-10-03 23:35:34 +00:00
maxim
957eb5835c `off' is a keyword, not a parameter name.
Obtained from:	DragonFly
2004-07-18 09:57:47 +00:00
markm
90f91e7879 Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp
2004-04-09 19:58:40 +00:00
johan
31854a224a style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
hmp
380770fd3a Bring the dumpon(8) man page closer to reality:
- dumpon utility has not used kern.dumpdev sysctl
      since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
      updated it to use the DIOCSKERNELDUMP ioctl [1]
    - remove obsolete reference to sysctl(3)

While I am there, fix two style nits:

    - use .Nm instead of `dumpon'
    - change NOTES to IMPLEMENTATION NOTES, to bring
      it in line with recommended section headings in
      mdoc(7)

Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]

PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)
2003-05-07 19:37:51 +00:00
obrien
19105c8312 Use __FBSDID() to quiet GCC 3.3 warnings. 2003-05-03 18:41:59 +00:00
trhodes
136be46680 s/filesystem/file system/g as discussed on -developers 2002-08-21 18:11:48 +00:00
ru
fd0635a691 Improve wording even more. 2002-08-13 11:39:38 +00:00
dillon
20278d01b3 Replace the 'at least the amount of physical memory + 64K' with a better
explanation in regards to sizing the dump device.
2002-07-09 17:27:08 +00:00
charnier
a2accd01f0 The .Nm utility 2002-07-06 19:34:18 +00:00
alfred
9605f078e0 unbreak build: include string.h for strcmp prototype. 2002-05-11 03:07:38 +00:00
trhodes
b2df921e69 Update dumpon manual page to explain single/multi-user usability
PR:	36465
No Objections from:	ru
2002-04-09 19:51:50 +00:00
phk
5b960672bf Rename DIOCGKERNELDUMP to DIOCSKERNELDUMP as it strictly speaking
is a "set" not a "get" operation.

Sponsored by:	DARPA & NAI Labs.
2002-04-09 10:04:09 +00:00
phk
33405073ec Move generic disk ioctls from <sys/disklabel.h> to <sys/disk.h>.
Sponsored by:	DARPA & NAI Labs
2002-04-08 09:20:07 +00:00
phk
e6623c74b8 Here follows the new kernel dumping infrastructure.
Caveats:

The new savecore program is not complete in the sense that it emulates
enough of the old savecores features to do the job, but implements none
of the options yet.

I would appreciate if a userland hacker could help me out getting savecore
to do what we want it to do from a users point of view, compression,
email-notification, space reservation etc etc.  (send me email if
you are interested).

Currently, savecore will scan all devices marked as "swap" or "dump" in
/etc/fstab _or_ any devices specified on the command-line.

All architectures but i386 lack an implementation of dumpsys(), but
looking at the i386 version it should be trivial for anybody familiar
with the platform(s) to provide this function.

Documentation is quite sparse at this time, more to come.

Sponsored by:   DARPA, NAI Labs

Details:

Dumpon now opens the device and uses ioctl(DIOCGKERNELDUMP) to set it
to be the dumpdevice.  When "off" is set, /dev/null is used.
2002-03-31 22:24:24 +00:00
imp
a9e66b0f19 o __P
o Strict ANSI declarations.
o return (foo);
o main (int, char *[])
2002-03-18 06:59:15 +00:00
sobomax
baadf3178a CG hard sentence breaks.
Submitted by:	ru
2002-01-23 09:35:55 +00:00
sobomax
e0c3aed12e Don't use `you'.
Submitted by:	ru
2002-01-22 21:11:18 +00:00
sobomax
4e0549db55 Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.

MFC after:	2 weeks
2002-01-21 01:16:11 +00:00
obrien
9baf2f1b03 Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00