From nobody@FreeBSD.org  Thu Jun 19 06:48:18 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7A5811065682
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 19 Jun 2008 06:48:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 707D88FC13
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 19 Jun 2008 06:48:18 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m5J6mIFh022911
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 19 Jun 2008 06:48:18 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m5J6mIlC022909;
	Thu, 19 Jun 2008 06:48:18 GMT
	(envelope-from nobody)
Message-Id: <200806190648.m5J6mIlC022909@www.freebsd.org>
Date: Thu, 19 Jun 2008 06:48:18 GMT
From: Gleb Kurtsou <gk@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [patch] savecore can't create dump from encrypted swap
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         124747
>Category:       conf
>Synopsis:       [patch] savecore can't create dump from encrypted swap
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-rc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 19 06:50:01 UTC 2008
>Closed-Date:    
>Last-Modified:  Sun Jun 29 10:14:36 UTC 2008
>Originator:     Gleb Kurtsou
>Release:        8.0-CURRENT
>Organization:
>Environment:
FreeBSD h1.d 8.0-CURRENT FreeBSD 8.0-CURRENT #47: Sat Jun 14 14:03:58 EEST 2008     root@h1.d:/usr/obj/usr/freebsd-src/p4/sys/MY1  i386
>Description:
Issue was mentioned recently on stable@
http://docs.freebsd.org/cgi/mid.cgi?47F548D9.8060905

The problem is in order of rc.d scripts.  After encswap finishes it's
impossible to open original (not encrypted) swap device for write so
savecore fails.


>How-To-Repeat:
1. enable swap encryption

/dev/ad0s3b.eli         none            swap    sw              0       0

2. setup dumpdev. in /etc/rc.conf

dumpdev="/dev/ad0s3b"

3. force panic.

4. savecore can't read dump because dumpdev is already open for write.
>Fix:
The following patch adds 'encswap' target to be run after 'disks' but
before 'swap1'. With the patch order of scripts becomes:
dumpon
geli
savecore
encswap
swap1

instead of:
dumpon
geli
encswap
swap1
savecore

The problem is that savecore looses ability to log to syslog. You still get
messages on console. The only solution I see is to use some hackery
magic to inject log messages into kern.msgbuf with the help of
/dev/console. I'm not sure it's really needed.

I use this patch since apr 2008. It works for me.



Patch attached with submission follows:

diff -ur rc.d.orig/encswap rc.d/encswap
--- rc.d.orig/encswap	2008-04-27 14:53:38.000000000 +0300
+++ etc/rc.d/encswap	2008-04-27 14:53:27.000000000 +0300
@@ -4,7 +4,7 @@
 #
 
-# PROVIDE: disks
-# REQUIRE: initrandom
+# PROVIDE: encswap
+# REQUIRE: initrandom disks
 # KEYWORD: nojail
 
 . /etc/rc.subr
diff -ur rc.d.orig/savecore rc.d/savecore
--- rc.d.orig/savecore	2008-04-27 14:53:38.000000000 +0300
+++ etc/rc.d/savecore	2008-04-27 14:53:27.000000000 +0300
@@ -4,8 +4,7 @@
 #
 
 # PROVIDE: savecore
-# REQUIRE: syslogd
-# BEFORE:  SERVERS
+# BEFORE:  encswap
 # KEYWORD: nojail
 
 . /etc/rc.subr
diff -ur rc.d.orig/swap1 rc.d/swap1
--- rc.d.orig/swap1	2008-04-27 14:53:38.000000000 +0300
+++ etc/rc.d/swap1	2008-04-27 14:53:27.000000000 +0300
@@ -4,7 +4,7 @@
 #
 
 # PROVIDE: localswap
-# REQUIRE: disks
+# REQUIRE: encswap disks
 # KEYWORD: nojail shutdown
 
 . /etc/rc.subr




>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Thu Jun 19 21:06:28 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=124747 

From misfiled PR conf/125087:

Date: Sun, 29 Jun 2008 02:35:30 +0300
From: Gleb Kurtsou <gleb.kurtsou@gmail.com>

 On (24/06/2008 23:27), Mike Makonnen wrote:
 > Gleb Kurtsou wrote:
 >> On (23/06/2008 20:54), Mike Makonnen wrote:
 >>> mtm         2008-06-23 20:54:32 UTC
 >>> 
 >>>   FreeBSD src repository
 >>> 
 >>>   Modified files:
 >>>     etc/rc.d             savecore   Log:
 >>>   SVN rev 179962 on 2008-06-23 20:54:32Z by mtm
 >>>     Run savecore(8) only if there is a core dump to save. If there is
 >>>   no core dump hide the message to that effect behind $rc_quiet.
 >>>     Revision  Changes    Path
 >>>   1.13      +5 -2      src/etc/rc.d/savecore
 >> While you are working on rc.d scripts. Would you mind taking a look at
 >> conf/124747: [patch] savecore can't create dump from encrypted swap
 >> http://www.freebsd.org/cgi/query-pr.cgi?pr=124747
 > 
 > I've replied to the PR stating why I think the patch can't be committed as 
 > is. The savecore(8) program needs a filesystem to dump to, so it can't 
 > possibly be run before at least rc.d/mountcritlocal. The other option is to 
 > mount swap *after* savecore(8) has run, but that also has its own problems. 
 > I'm not sure what the right thing to do is...
 > 
 
 I didn't receive follow up to the pr. Hope this one will get through.
 
 I've come up with a better solution for a problem: get a dump first, and
 then call `savecore -c` to clear dump devices.
 The problem may arise if dump device is not used as a swap device or
 sector size of encrypted device differs from original sector size.
 Solution for the first case can be the following: call `savecore -c` on dump
 device first and then just `savecore -c` to clean up the rest.
 The second case can be difficult to work around. 
 
 If patch is ok for you, I'll work on it further.
 
 
 diff -r f93dd0cf22f5 etc/rc.d/savecore
 --- a/etc/rc.d/savecore	Sun Jun 29 02:15:41 2008 +0300
 +++ b/etc/rc.d/savecore	Sun Jun 29 02:17:18 2008 +0300
 @@ -58,7 +58,11 @@ savecore_start()
  savecore_start()
  {
  	echo "Checking for core dump on ${dumpdev}..."
 -	savecore ${savecore_flags} ${DUMPDIR} ${dumpdev}
 +	savecore -C ${DUMPDIR} ${dumpdev}
 +	if [ $? -eq 0 ]; then
 +		savecore ${savecore_flags} -k ${DUMPDIR} ${dumpdev}
 +		savecore -c
 +	fi
  }
  
  load_rc_config $name
 diff -r f93dd0cf22f5 sbin/savecore/savecore.c
 --- a/sbin/savecore/savecore.c	Sun Jun 29 02:15:41 2008 +0300
 +++ b/sbin/savecore/savecore.c	Sun Jun 29 02:17:18 2008 +0300
 @@ -389,7 +389,7 @@ DoFile(const char *savedir, const char *
  	if (verbose)
  		printf("checking for kernel dump on device %s\n", device);
  
 -	fd = open(device, O_RDWR);
 +	fd = open(device, (keep || checkfor ? O_RDONLY : O_RDWR));
  	if (fd < 0) {
  		syslog(LOG_ERR, "%s: %m", device);
  		return;
 @@ -450,6 +450,8 @@ DoFile(const char *savedir, const char *
  			    device);
  
  		status = STATUS_BAD;
 +		if (clear)
 +			goto nuke;
  		if (force == 0)
  			goto closefd;
  
>Unformatted:
