Commit Graph

58 Commits

Author SHA1 Message Date
Poul-Henning Kamp
f4db0cbe58 Interior decoration changes. 2003-10-07 09:28:07 +00:00
Poul-Henning Kamp
d5ce9dac89 Correct bzero length so we clear the entire key structure. 2003-09-08 18:35:26 +00:00
Poul-Henning Kamp
a8c1568e29 Bzero the right number of bytes.
Found by:	Juergen Buchmueller <pullmoll@stop1984.com>
2003-09-06 18:37:17 +00:00
Poul-Henning Kamp
83d771de78 Simplify the GEOM OAM api: Drop the request type, and let everything
hinge on the "verb" parameter which the class gets to interpret as
it sees fit.

Move the entire request into the kernel and move changed parameters
back when done.
2003-06-01 13:47:51 +00:00
Poul-Henning Kamp
68283a9b5a Remove unused variable.
Found by:       FlexeLint
2003-05-31 19:28:53 +00:00
Poul-Henning Kamp
fc29c9de5c Don't use & in front of arrays.
Found by:       FlexeLint
2003-05-31 19:23:11 +00:00
Poul-Henning Kamp
a980e07369 Remove unused variable.
Found by:       FlexeLint
2003-05-31 19:08:23 +00:00
Poul-Henning Kamp
f075585f67 Remove the G_CLASS_INITIALIZER, we do not need it anymore. 2003-05-31 16:59:27 +00:00
Poul-Henning Kamp
c0c393a2aa Re-order the the initialization slightly to improve structure. 2003-05-05 08:58:12 +00:00
Poul-Henning Kamp
0195276f54 Use a dedicated malloc(9) bucket for sector storage. 2003-05-05 08:37:07 +00:00
Poul-Henning Kamp
039b4cba75 Considering that I did cast the arguments to (intmax_t) I must have
been sleepy since I used %qd instead of %jd.
2003-05-02 19:08:57 +00:00
Poul-Henning Kamp
c7f3baedf3 Fix an obscure fencepost error in GBDE's sector mapping code:
For certain combinations of sectorsize, mediasize and random numbers
(used to define the mapping), a multisector read or write would ignore
some subset of the sectors past the first sector in the request because
those sectors would be mapped past the end of the parent device, and
normal "end of media" truncation would zap that part of the request.

Rev 1.19+1.20 of g_bde_work.c added the check which should have alerted
me to this happening.  This commit maps the request correctly and
adds KASSERTS to make sure things stay inside the parent device.

This does not change the on-disk layout of GBDE, there is no need to
backup/restore.
2003-04-29 19:46:42 +00:00
Poul-Henning Kamp
a17da2aa74 Typo in last commit: Do not press xZZ to leave vi(1). 2003-04-29 19:38:55 +00:00
Poul-Henning Kamp
ca8f372bbc When a bio comes back from below with a zero error code, check that
it wrote the full length.  The only case where this should be able
to happen is if we try to read/write past the end and the request
is truncated.  We obviously should never try to do that, so this
code should never activate.
2003-04-29 19:37:36 +00:00
Poul-Henning Kamp
90336bb4d8 I accidentally leaked this debugging tool in with my last commit.
Disable it with a direct warning.
2003-04-28 17:57:12 +00:00
Poul-Henning Kamp
306babd20c Rename g_bde_get_sector() to g_bde_get_keysector() and pick up the
offset from the work packet.
2003-04-28 06:38:31 +00:00
Poul-Henning Kamp
11ca41a9bb Only attempt total cache-purge once in case of failure. 2003-04-28 06:19:41 +00:00
Poul-Henning Kamp
035694b29a Better criteria for skipping disk reading BIO_READ work packets. 2003-04-28 06:15:39 +00:00
Poul-Henning Kamp
d8e7c92c9e Explicitly set the sector state to JUNK if we encounter a read-error. 2003-04-28 06:10:35 +00:00
Poul-Henning Kamp
c08c56e02a Bail as soon as the first write request has failed, there is no point
in trying the second write if the first one went nowhere.
2003-04-26 21:40:26 +00:00
Poul-Henning Kamp
54d2011343 Appearantly UFS no longer issues BIO_DELETE requests correctly, and
consequently trashes data.  Disable BIO_DELETE handling in gbde for now.
2003-04-26 21:39:33 +00:00
Poul-Henning Kamp
9b99e39d61 Do an explicit retry after we have dumped the cache, rather than a
(potential) tail recursion.
2003-04-25 21:43:11 +00:00
Poul-Henning Kamp
e8e0742ef4 If on a BIO_READ request, we failed to allocate the bio for reading
our key-sector, we would end up returning the read without an error,
despite the fact that the data was not correctly decrypted.

This would result in data corruption on read, but intact data still
on the media.
2003-04-25 21:28:28 +00:00
Poul-Henning Kamp
37f5e4a6c2 Fix a problem and slightly improve the ENOMEM handling:
Give up the entire bio as soon as we detect a problem.

When we detect a problem, give up the bio by contributing the
remainder with ENOMEM, rather than kicking the bio back right
away.

If we failed on a non-first iteration we previously could end up
modifying fields in the bio after we delivered it.  This could
account for memory corruption (none directly reported) on machines
with GBDE.
2003-04-25 21:20:57 +00:00
Poul-Henning Kamp
af6b9f17f9 Don't count a sector in the cache unless we manage to create it. 2003-04-25 20:56:27 +00:00
Poul-Henning Kamp
f2314b445d Rename g_bde_release_sector() to g_bde_release_keysector() and pick up
the sector from the work item.
2003-04-25 20:35:34 +00:00
Poul-Henning Kamp
195d573278 Rename g_bde_read_sector() to g_bde_read_keysector() pick up the offset
in the work structure.
2003-04-25 20:16:59 +00:00
Poul-Henning Kamp
4eba52a2d2 Remove all references to BIO_SETATTR. We will not be using it. 2003-04-03 19:19:36 +00:00
Poul-Henning Kamp
82db45a5af Use sys/endian.h instead of geom_enc.c for endian-agnostfication. 2003-04-03 11:33:51 +00:00
Poul-Henning Kamp
dfb99a70d8 Remove the old config interface now that the new OAM is functional. 2003-04-01 07:33:17 +00:00
Poul-Henning Kamp
29c331bfaa Add create_geom and destroy_geom methods. 2003-03-29 22:14:21 +00:00
Poul-Henning Kamp
0b94902f81 Forward compatibility: NULL check the passed in meta argument. 2003-03-25 09:02:41 +00:00
Poul-Henning Kamp
c138fec0b5 Premptively change initializations of struct g_class to use C99
sparse struct initializations before we extend the struct with
new OAM related member functions.
2003-03-24 19:30:15 +00:00
Poul-Henning Kamp
b4b138c27f Including <sys/stdint.h> is (almost?) universally only to be able to use
%j in printfs, so put a newsted include in <sys/systm.h> where the printf
prototype lives and save everybody else the trouble.
2003-03-18 08:45:25 +00:00
Poul-Henning Kamp
ea6ff0649f Limit our requests to DFLTPHYS, this is generally a good idea for
memory-allocation purposes.  Right now it is also a very good idea
because we hit a Giant assertion in the free(9) processing if we
free something larger than 64k.
2003-03-07 19:09:46 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Poul-Henning Kamp
200c8a23cd Typo in last commit. 2003-02-11 15:20:34 +00:00
Poul-Henning Kamp
8a63edc3a1 Better names for struct disk elements: d_maxsize, d_stripeoffset
and d_stripesisze;

Introduce si_stripesize and si_stripeoffset in struct cdev so we
can make the visible to clustering code.

Add stripesize and stripeoffset to providers.

DTRT with stripesize and stripeoffset in various places in GEOM.
2003-02-11 14:57:34 +00:00
Poul-Henning Kamp
cadb987095 Unconditionally make our provider with G_PF_CANDELETE. 2003-02-11 12:37:04 +00:00
Poul-Henning Kamp
4ec353005c Move the g_stat struct to its own .h file, we will export it to other code.
Insted of embedding a struct g_stat in consumers and providers, merely
include a pointer.

Remove a couple of <sys/time.h> includes now unneeded.

Add a special allocator for struct g_stat.  This allocator will allocate
entire pages and hand out g_stat functions from there.  The "id" field
indicates free/used status.

Add "/dev/geom.stats" device driver whic exports the pages from the
allocator to userland with mmap(2) in read-only mode.

This mmap(2) interface should be considered a non-public interface and
the functions in libgeom (not yet committed) should be used to access
the statistics data.
2003-02-08 13:03:57 +00:00
Poul-Henning Kamp
7725f875ee Add the new statistics structure, put one in consumers and providers.
include <sys/time.h> as necessary.
2003-02-07 21:43:34 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Poul-Henning Kamp
acb161b16f Optimize the size of the work-items by letting the mapping function
decide the largest size which stays inside the zone and does not
collide with a lock sector.
2003-01-02 19:29:49 +00:00
Poul-Henning Kamp
1e90b74683 Solve another bug in the mapping code: correctly skip lock sectors.
Make sure sector zero is protected if it contains metadata.

Lower WARNS for gbde to 3 on non-i386 archs.  rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.

MFC Candidate.
2002-12-18 22:11:54 +00:00
Poul-Henning Kamp
88806cc28c Fix two blunders in the mapping functions which can lead to corrupt data,
for request sizes larger than the sectorsize or for multi-key setups.

See warning mailed to current@ for details of recovery.

Found by:	Marcus Reid <marcus@blazingdot.com>
2002-12-18 19:57:27 +00:00
Poul-Henning Kamp
ef7b370b00 Fix spelling in comment. 2002-12-13 21:10:59 +00:00
Poul-Henning Kamp
19c61e97fb Conceiveably, there may exist an algorithm which can tell if a sequence of bytes
are the output of AES/128/CBC or ARC4RANDOM.  Encrypt the random data with which
we wipe when we get a BIO_DELETE to make such an algorithm useful.

Sponsored by:	DARPA & NAI Labs
Approved by:	re (blanket)
2002-12-01 15:50:48 +00:00
Poul-Henning Kamp
3a4c5955ce Use unsigned for an index.
Sponsored by:	DARPA & NAI Labs.
Approved by:	re (blanket).
2002-12-01 15:47:49 +00:00
Poul-Henning Kamp
e6e142398f Straighten up the geom.ctl config interface definitions.
Sponsored by:	DARPA & NAI Labs
2002-11-06 20:05:15 +00:00
Poul-Henning Kamp
5afa461402 Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers.  Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by:   DARPA & NAI Labs.
2002-11-04 09:27:01 +00:00