From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 29 10:33:43 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 523A0FD5 for ; Tue, 29 Oct 2013 10:33:43 +0000 (UTC) (envelope-from bounces+73574-4a99-freebsd-hackers=freebsd.org@sendgrid.me) Received: from o3.shared.sendgrid.net (o3.shared.sendgrid.net [208.117.48.85]) by mx1.freebsd.org (Postfix) with SMTP id F1E4E2A56 for ; Tue, 29 Oct 2013 10:33:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h=from:mime-version:to:subject:content-type:content-transfer-encoding; s=smtpapi; bh=ThRqXlIAA+CBPlERnPLUjRjAjF4=; b=wFnxXixXlvo6PqlXaG 02LxnLslLqW9emp9M/nqBLZWTJC03jpoLswv0pM4PvO7dVQnq1cxLd5p79OBDJDJ IrQQ/Zi2ahMCI1Cpnn0sdCRpt6/LQsYBc5Inxp1VRVxgp/aRki7UqAQ/D2xW46tB 5xraGsVtAj0WWhVji+pYg5xkw= Received: by mf91 with SMTP id mf91.3806.526F8F057 Tue, 29 Oct 2013 10:33:41 +0000 (GMT) Received: from mail.tarsnap.com (unknown [10.60.208.13]) by mi4 (SG) with ESMTP id 14203c6aedd.3ac.8f71e for ; Tue, 29 Oct 2013 10:33:41 +0000 (UTC) Received: (qmail 32855 invoked from network); 29 Oct 2013 10:33:40 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by ec2-107-20-205-189.compute-1.amazonaws.com with ESMTP; 29 Oct 2013 10:33:40 -0000 Received: (qmail 44255 invoked from network); 29 Oct 2013 10:32:19 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by clamshell.daemonology.net with SMTP; 29 Oct 2013 10:32:19 -0000 Message-ID: <526F8EB3.1040205@freebsd.org> Date: Tue, 29 Oct 2013 03:32:19 -0700 From: Colin Percival User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: freebsd-hackers@freebsd.org Subject: Automated submission of kernel panic reports X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SG-EID: W2XBZA0V/n0voZZ6SjDkgjXvzGvkLIaljy40FLIRIHTVMXCc7ynl2WKQUz0qqp0ckgz9Q81xAdQCWzInfKBGZ/w2c+4rsA4dwUujGv1DycGzkRtt/PsfPaQvBDr6CanUbglQmwvPKtl/5AyrlxSuLOdNTopS0ISIl6s5LikkfkA= X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2013 10:33:43 -0000 Hi all, I've written some code for automatically submitting kernel panic reports, and I'd like some feedback before I place it into the ports tree. I am aware of a recent Summer of Code project in this area, but I understand that it focused mainly on the processing of kernel panics after they have been collected (identifying matching backtraces, etc.) rather than the initial collection of panics. In my work on FreeBSD/EC2 I have been collecting panics for a couple of years, and despite the small install base (I estimate about 100 EC2 instances running FreeBSD at any given time) it has proven useful, for example by allowing me to identify that the ARP bug fixed in r214675 was causing severe stability issues in the EC2 environment. My current code is an rc.d script which, running after savecore, checks to see if the most recent panic (if any) has been reported yet. If not, it gathers the dump header (/var/crash/info.N) and a backtrace for the panic. If ${panicmail_autosubmit} is set to YES, this information is encrypted and submitted via email. The email which is sent looks like this: http://pastebin.com/AaCuxvDg If ${panicmail_autosubmit} is set to NO, an email is sent to root containing the panic data in both decrypted and encrypted forms. The system administrator can then review the information and decide whether to allow it to be submitted. Such emails look like this: http://pastebin.com/w18pXah8 The code is in http://svnweb.freebsd.org/base/user/cperciva/panicmail/ and it uses my FreeBSD-base-system-only public-key encryption code: http://svnweb.freebsd.org/base/user/cperciva/pkesh/ My plan is to get this into the ports tree, encourage people to install and enable it, and then assuming it proves useful see it added into the FreeBSD base system some day. At least initially I'd have panics coming to me, using an encryption key which I hold; if/when it enters the FreeBSD base system, some decision would need to be made (by core?) as to who should have access to the panics. Comments? -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid