diff options
author | Mark Johnston <markj@FreeBSD.org> | 2020-08-27 17:36:06 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2020-08-27 17:36:06 +0000 |
commit | 6255e8c8e272816e6356bc947a805ac9e4cec494 (patch) | |
tree | 678a15d00cbefdea36deca446eb731c34757b902 /sys/kern/kern_shutdown.c | |
parent | d0fba0c58ad125422c12d05cbcab5db9a1fee7c1 (diff) | |
download | src-6255e8c8e272816e6356bc947a805ac9e4cec494.tar.gz src-6255e8c8e272816e6356bc947a805ac9e4cec494.zip |
Fix writing of the final block of encrypted, compressed kernel dumps.
Previously any residual data in the final block of a compressed kernel
dump would be written unencrypted. Note, such a configuration already
does not work properly when using AES-CBC since the compressed data is
typically not a multiple of the AES block length in size and EKCD does
not implement any padding scheme. However, EKCD more recently gained
support for using the ChaCha20 cipher, which being a stream cipher does
not have this problem.
Submitted by: sigsys@gmail.com
Reviewed by: cem
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26188
Notes
Notes:
svn path=/head/; revision=364876
Diffstat (limited to 'sys/kern/kern_shutdown.c')
-rw-r--r-- | sys/kern/kern_shutdown.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index 2a4951e1d3fe..7cf91de98b44 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -1464,6 +1464,7 @@ kerneldumpcomp_write_cb(void *base, size_t length, off_t offset, void *arg) } resid = length - rlength; memmove(di->blockbuf, (uint8_t *)base + rlength, resid); + bzero((uint8_t *)di->blockbuf + resid, di->blocksize - resid); di->kdcomp->kdc_resid = resid; return (EAGAIN); } @@ -1680,9 +1681,10 @@ dump_finish(struct dumperinfo *di, struct kerneldumpheader *kdh) error = compressor_flush(di->kdcomp->kdc_stream); if (error == EAGAIN) { /* We have residual data in di->blockbuf. */ - error = dump_write(di, di->blockbuf, 0, di->dumpoff, - di->blocksize); - di->dumpoff += di->kdcomp->kdc_resid; + error = _dump_append(di, di->blockbuf, 0, di->blocksize); + if (error == 0) + /* Compensate for _dump_append()'s adjustment. */ + di->dumpoff -= di->blocksize - di->kdcomp->kdc_resid; di->kdcomp->kdc_resid = 0; } if (error != 0) |