sbin: Remove ancient SCCS tags.

Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.

Sponsored by: Netflix

Remove $FreeBSD$: one-line nroff pattern

Remove /^\.\\"\s*\$FreeBSD\$$\n/

Indicate which port gdb.1 and kgdb.1 come from.

dumpon.8: Ask DDB to call doadump() rather than calling it directly

Sponsored by: The FreeBSD Foundation
MFC after: 1 week

dumpon(8): Add missing section arguments

MFC after: 3 days

dumpon.8: Update minimum key size language

dumpon(8) has not accepted 1024-bit RSA keys since prior to r339784 (2018-10).
The manual page language was not updated at that time (oops). The minimum
accepted is 2048 bits, which is also a good default choice.

Sponsored by: Dell EMC Isilon

EKCD: Add Chacha20 encryption mode

Add Chacha20 mode to Encrypted Kernel Crash Dumps.

Chacha20 does not require messages to be multiples of block size, so it is
valid to use the cipher on non-block-sized messages without the explicit
padding AES-CBC would require. Therefore, allow use with simultaneous dump
compression. (Continue to disallow use of AES-CBC EKCD with compression.)

dumpon(8) gains a -C cipher flag to select between chacha and aes-cbc.
It defaults to chacha if no -C option is provided. The man page documents this
behavior.

Relnotes: sure
Sponsored by: Dell EMC Isilon

Update the example added in r348082 to specify a dump device priority.

Event: Waterloo Hackathon 2019

Provide an example of using dhclient-script(5) to configure netdump.

Reviewed by: cem
MFC after: 1 week
Event: Waterloo Hackathon 2019
Differential Revision: https://reviews.freebsd.org/D20345

List-ify kernel dump device configuration

Allow users to specify multiple dump configurations in a prioritized list.
This enables fallback to secondary device(s) if primary dump fails. E.g.,
one might configure a preference for netdump, but fallback to disk dump as a
second choice if netdump is unavailable.

This change does not list-ify netdump configuration, which is tracked
separately from ordinary disk dumps internally; only one netdump
configuration can be made at a time, for now. It also does not implement
IPv6 netdump.

savecore(8) is already capable of scanning and iterating multiple devices
from /etc/fstab or passed on the command line.

This change doesn't update the rc or loader variables 'dumpdev' in any way;
it can still be set to configure a single dump device, and rc.d/savecore
still uses it as a single device. Only dumpon(8) is updated to be able to
configure the more complicated configurations for now.

As part of revving the ABI, unify netdump and disk dump configuration ioctl
/ structure, and leave room for ipv6 netdump as a future possibility.
Backwards-compatibility ioctls are added to smooth ABI transition,
especially for developers who may not keep kernel and userspace perfectly
synced.

Reviewed by: markj, scottl (earlier version)
Relnotes: maybe
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D19996

Change dumpon(8)'s handling of -g.

Rather than using a special value to denote "use the default router",
treat the absence of the -g option to mean the same thing. The
in-kernel netdump client will always attempt to reach the server
directly before falling back to the configured gateway anyway. This
change makes it cleaner to support a hostname value for -g.

Reviewed by: cem
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D18025

dumpon.8: Significantly revamp page

Start with a short summary and cover the options in a standard list style.

Organize sections by common focus and prioritize more useful information
closer to the top.

Flesh out authors, history, caveats, and security considerations sections.

Reviewed by: markj, eadler (previous version)
Differential Revision: https://reviews.freebsd.org/D17679

dumpon(8): Provide seatbelt against weak RSA keys

The premise of dumpon -k foo.pem is that dump contents will be confidential
except to anyone holding the corresponding RSA private key.

This guarantee breaks down when weak RSA keys are used. Small RSA keys
(e.g. 512 bits) can be broken on a single personal computer in tractible
time. Marginal RSA keys (768 bits) can be broken by EC2 and a few dollars.
Even 1024 bit keys can probably be broken by sophisticated and wealthy
attackers.

NIST SP800-57 (2016) recommends a minimum of 2048 bit RSA keys, and
estimates this provides 112 bits of security.

It would also be good to protect users from weak values of 'e' (i.e., 3) and
perhaps sanity check that their public key .pem does not accidentally
contain their private key as well. These considerations are left as future
work.

Reviewed by: markj, darius AT dons.net.au (previous version)
Discussed with: bjk
Differential Revision: https://reviews.freebsd.org/D17678

dumpon(8): improve the examples a bit

While here, remove extraneous extraneous Pp

Reviewed by: jhb (older version)

dumpon: point to better kernel debug symbols.

The objdir is temporary, and the current example points to GENERIC.
Instead point to the installed location of the debug symbols that are
supposed to match the kernel you are using.

PR: 223993
Submitted by: Trond.Endrestol@ximalas.info

Add netdump support to dumpon(8).

A new usage is added so that parameters for netdump may be specified.
Specifically, one configures an interface for netdump with:

# dumpon -c <client IP> -s <server IP> [-g <gateway IP>] <iface name>

Reviewed by: bdrewery, cem (earlier versions), sbruno
MFC after: 1 month
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D15254

Add support for zstd-compressed user and kernel core dumps.

This works similarly to the existing gzip compression support, but
zstd is typically faster and gives better compression ratios.

Support for this functionality must be configured by adding ZSTDIO to
one's kernel configuration file. dumpon(8)'s new -Z option is used to
configure zstd compression for kernel dumps. savecore(8) now recognizes
and saves zstd-compressed kernel dumps with a .zst extension.

Submitted by: cem (original version)
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D13101,
https://reviews.freebsd.org/D13633

Add support for compressed kernel dumps.

When using a kernel built with the GZIO config option, dumpon -z can be
used to configure gzip compression using the in-kernel copy of zlib.
This is useful on systems with large amounts of RAM, which require a
correspondingly large dump device. Recovery of compressed dumps is also
faster since fewer bytes need to be copied from the dump device.

Because we have no way of knowing the final size of a compressed dump
until it is written, the kernel will always attempt to dump when
compression is configured, regardless of the dump device size. If the
dump is aborted because we run out of space, an error is reported on
the console.

savecore(8) is modified to handle compressed dumps and save them to
vmcore.<index>.gz, as it does when given the -z option.

A new rc.conf variable, dumpon_flags, is added. Its value is added to
the boot-time dumpon(8) invocation that occurs when a dump device is
configured in rc.conf.

Reviewed by: cem (earlier version)
Discussed with: def, rgrimes
Relnotes: yes
Sponsored by: Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D11723

Renumber copyright clause 4

Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96

Add support for encrypted kernel crash dumps.

Changes include modifications in kernel crash dump routines, dumpon(8) and
savecore(8). A new tool called decryptcore(8) was added.

A new DIOCSKERNELDUMP I/O control was added to send a kernel crash dump
configuration in the diocskerneldump_arg structure to the kernel.
The old DIOCSKERNELDUMP I/O control was renamed to DIOCSKERNELDUMP_FREEBSD11 for
backward ABI compatibility.

dumpon(8) generates an one-time random symmetric key and encrypts it using
an RSA public key in capability mode. Currently only AES-256-CBC is supported
but EKCD was designed to implement support for other algorithms in the future.
The public key is chosen using the -k flag. The dumpon rc(8) script can do this
automatically during startup using the dumppubkey rc.conf(5) variable. Once the
keys are calculated dumpon sends them to the kernel via DIOCSKERNELDUMP I/O
control.

When the kernel receives the DIOCSKERNELDUMP I/O control it generates a random
IV and sets up the key schedule for the specified algorithm. Each time the
kernel tries to write a crash dump to the dump device, the IV is replaced by
a SHA-256 hash of the previous value. This is intended to make a possible
differential cryptanalysis harder since it is possible to write multiple crash
dumps without reboot by repeating the following commands:
# sysctl debug.kdb.enter=1
db> call doadump(0)
db> continue
# savecore

A kernel dump key consists of an algorithm identifier, an IV and an encrypted
symmetric key. The kernel dump key size is included in a kernel dump header.
The size is an unsigned 32-bit integer and it is aligned to a block size.
The header structure has 512 bytes to match the block size so it was required to
make a panic string 4 bytes shorter to add a new field to the header structure.
If the kernel dump key size in the header is nonzero it is assumed that the
kernel dump key is placed after the first header on the dump device and the core
dump is encrypted.

Separate functions were implemented to write the kernel dump header and the
kernel dump key as they need to be unencrypted. The dump_write function encrypts
data if the kernel was compiled with the EKCD option. Encrypted kernel textdumps
are not supported due to the way they are constructed which makes it impossible
to use the CBC mode for encryption. It should be also noted that textdumps don't
contain sensitive data by design as a user decides what information should be
dumped.

savecore(8) writes the kernel dump key to a key.# file if its size in the header
is nonzero. # is the number of the current core dump.

decryptcore(8) decrypts the core dump using a private RSA key and the kernel
dump key. This is performed by a child process in capability mode.
If the decryption was not successful the parent process removes a partially
decrypted core dump.

Description on how to encrypt crash dumps was added to the decryptcore(8),
dumpon(8), rc.conf(5) and savecore(8) manual pages.

EKCD was tested on amd64 using bhyve and i386, mipsel and sparc64 using QEMU.
The feature still has to be tested on arm and arm64 as it wasn't possible to run
FreeBSD due to the problems with QEMU emulation and lack of hardware.

Designed by: def, pjd
Reviewed by: cem, oshogbo, pjd
Partial review: delphij, emaste, jhb, kib
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4712

dumpon(8) appears to be present in FreeBSD 2.0.5,
despite initial import of man page listed FreeBSD 2.1.

PR: 212445
Approved by: bcr (mentor)
MFC after: 4 days
Differential Revision: https://reviews.freebsd.org/D8105

Revert r156046. We support setting dumpdev via loader tunable again.
Also change default disk name to ada.

MFC after: 3 weeks

Adapt to the fact that minidumps are now on by default.

PR: 177188

Document that you can use -v along with -l.

Noticed by: pjd

Add an option to display the current dump device via dumpon -l.

MFC after: 2 weeks

A new jail(8) with a configuration file, to replace the work currently done
by /etc/rc.d/jail.

Create the altix project branch. The altix project will add support
for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting
is a two-module system, consisting of a base compute module and a
CPU expansion module. SGI's NUMAFlex architecture can be an excellent
platform to test CPU affinity and NUMA-aware features in FreeBSD.

- Import the HEAD csup code which is the basis for the cvsmode work.

It has not been possible to specify a dumpdev in loader.conf since 2002,
so don't raise false hopes here.

- Mention the size of the additional header

PR: docs/85867
Submitted by: dinoex
MFC after: 1 week

Sort sections.

Verify that the specified device is at least as large as hw.physmem.

Wrap some long lines (no content changes)

`off' is a keyword, not a parameter name.

Obtained from: DragonFly

Remove advertising clause from University of California Regent's license,
per letter dated July 22, 1999.

Approved by: core, imp

Bring the dumpon(8) man page closer to reality:

- dumpon utility has not used kern.dumpdev sysctl
since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
updated it to use the DIOCSKERNELDUMP ioctl [1]
- remove obsolete reference to sysctl(3)

While I am there, fix two style nits:

- use .Nm instead of `dumpon'
- change NOTES to IMPLEMENTATION NOTES, to bring
it in line with recommended section headings in
mdoc(7)

Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]

PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)

s/filesystem/file system/g as discussed on -developers

Improve wording even more.

Replace the 'at least the amount of physical memory + 64K' with a better
explanation in regards to sizing the dump device.

The .Nm utility

Update dumpon manual page to explain single/multi-user usability

PR: 36465
No Objections from: ru

CG hard sentence breaks.

Submitted by: ru

Don't use `you'.

Submitted by: ru

Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.

MFC after: 2 weeks

Typo.

Remove whitespace at EOL.

mdoc(7) police: removed HISTORY info from the .Os call.

mdoc(7) police: removed history info from the .Os FreeBSD call.

mdoc(7) police: use the new features of the Nm macro.

* Clarify text on choosing a dump device
* Remove the text which states only devices with minor number 1 can be used
- this is no longer true.
* Mention that dumpon(8) cannot be used to capture dumps from panics during
kernel initialization.
* /dev/wd -> /dev/ad

PR: 19848
Submitted by: Udo Erdelhoff <ue@nathan.ruhr.de>
Reviewed by: sheldonh

Back out the new advice introduced in the previous commit, which at
least one reviewer is now unhappy with, since it contains incomplete
and misleading advice that is not easy to correct.

The net effect of this commit and the previous commit is to simply
remove all discussion of setting dumpdev to catch crash dumps
prior to entering user mode.

Update instructions for setting the dump device prior to multi-user
mode.

Reported by: dcs
Submitted by: asmodai

$Id$ -> $FreeBSD$

Use current names for swap devices.

PR: docs/11708
Submitted by: Matthew D. Fuller <fullermd@over-yonder.net>

Sort cross references.

Capitalize at the start of sentence. Add rcsid. Remove unused #includes.
Use `dumpon' instead of argv[0].

Correct manual page, based on feedback from Bruce Evans.

Reviewed by: Bruce Evans <bde@freebsd.org>

Manual page fix: add cross references, refer to ``dumpdev'' variable in
"/etc/rc.conf".

PR: 6117
Submitted by: Mark Mayo <mark@vmunix.com>

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Use the .Fx macro where appropriate.

Fixed some minor formatting problems to silence manck some more.
Corrected some bogus cross references to man pages that we don't/won't
have and either deleted them, or found a more appropriate man page
that we do have. Various other minor changes to silence manck.

Manck is currently down to about 200 lines of errors, down from
the 500 - 600+ when I started all this.

My utility to specify where you want crash dumps to go. More user
and kernel support to follow.