Commit Graph

557 Commits

Author SHA1 Message Date
Conrad Meyer
985f4b3eb5 geom_virstor: Remove wholly unnecessary g_metadata_store copy
Just code cleanup.  No functional change.

Sponsored by:	Dell EMC Isilon
2017-09-08 15:38:02 +00:00
Conrad Meyer
0bd816f211 Audit userspace geom code for leaking memory to disk
Any geom class using g_metadata_store, as well as geom_virstor which
duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes
of userspace memory following the metadata block stored. This is most or all
geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath,
graid3, gshsec, gstripe, and geom_virstor).

PR:		222077 (comment #3)
Reported by:	Maxim Khitrov <max AT mxcrypt.com>
Reviewed by:	des
Security:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12269
2017-09-08 15:08:17 +00:00
Mariusz Zaborski
3453dc72ad Hide length of geli passphrase during boot.
Introduce additional flag to the geli which allows to restore previous
behavior.

Reviewed by:	AllanJude@, cem@ (previous version)
MFC:		1 month
Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D11751
2017-08-26 14:07:24 +00:00
Alexander Motin
5e50c20ea1 Fix withered handling of r280687, broken by r286719.
MFC after:	1 week.
2017-04-27 19:03:08 +00:00
Alexander Motin
d8880fd450 Always allow setting number of iterations for the first time.
Before this change it was impossible to set number of PKCS#5v2 iterations,
required to set passphrase, if it has two keys and never had any passphrase.
Due to present metadata format limitations there are still cases when number
of iterations can not be changed, but now it works in cases when it can.

PR:		218512
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D10338
2017-04-21 07:16:07 +00:00
Alan Somers
4db3787dd9 Fix memory leak in "gpart bootcode"
Also, annotate that gpart_issue never returns

Reported by:	Coverity
CID:		1007105
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-04-05 18:31:26 +00:00
Alan Somers
fc9437c886 Fix clearing geom metadata if DIOCGSECTORSIZE fails
An unhandled error case would result in passing SIZE_MAX to malloc.
While I'm here, remove an unnecessary NULL check before free

Reported by:	Coverity
CID:		1017793
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-04-05 17:17:18 +00:00
Marcelo Araujo
2ae0afa8ee Add the capability to refresh the gpart(8) label without need a reboot.
gpart(8) has functionality to change the label of an GPT partition.
This functionality works like it should, however, after a label change
the /dev/gpt/ entries remain unchanged. glabel(8) status output remains
unchanged. The change only takes effect after a reboot.

PR:		162690
Submitted by:	sub.mesa@gmail, Ben RUBSON <ben.rubson@gmail.com>, ae
Reviewed by:	allanjude, bapt, bcr
MFC after:	6 weeks.
Differential Revision:	https://reviews.freebsd.org/D9935
2017-03-12 04:15:56 +00:00
Enji Cooper
22289a8c3d sbin: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:33:01 +00:00
Mariusz Zaborski
01ad653a81 Add sysctl to control auto resize of the GEOM metadata.
Reviewed by:	AllanJude
Differential Revision:	https://reviews.freebsd.org/D9603
2017-02-27 17:54:01 +00:00
Yoshihiro Takahashi
2b375b4edd Remove pc98 support completely.
I thank all developers and contributors for pc98.

Relnotes:	yes
2017-01-28 02:22:15 +00:00
Alexander Motin
b6fe583c55 Add gmirror create subcommand, alike to gstripe, gconcat, etc.
It is quite specific mode of operation without storing on-disk metadata.
It can be useful in some cases in combination with some external control
tools handling mirror creation and disks hot-plug.

MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2016-11-30 09:27:08 +00:00
Ruslan Bukin
ae8b1f90fe Fix alignment issues on MIPS: align the pointers properly.
All the 5520 GEOM_ELI tests passed successfully on MIPS64EB.

Sponsored by:	DARPA, AFRL
Sponsored by:	HEIF5
Differential Revision:	https://reviews.freebsd.org/D7905
2016-10-31 16:55:14 +00:00
Allan Jude
0fcf43f6f3 Add missing history sections to a number of storage related man pages
gmultipath.8: Add HISTORY
	Adjust sentences with bad phrases picked up by igor

ggatec.8: Add HISTORY

ggated.8: Add HISTORY

ggatel.8: Add HISTORY
	Seperate out sentence as advised by igor.

hastctl.8: Add HISTORY

hastd.8: Add HISTORY
	Fix sentence highlighted by igor.

iscontrol.8: Add HISTORY

mdmfs.8: Add HISTORY
	Address issues raised by igor

mount_nfs.8: Add HISTORY
	Not sure where mount_nfs first showed up, but the verison used
	in the BSD's originates from 4.4BSD according to CSRG archive.

	Though commercial offerings from Sun and others covers older
	systems, eg https://groups.google.com/forum/#!topic/net.unix-wizards/lMe7aQikqJI

nandfs.8: Add HISTORY
	Adjust sentence in description to address bad phrase highlighted
	by igor.

nvmecontrol.8: Add HISTORY

PR:		212491
PR:		212498
PR:		212499
PR:		212500
PR:		212501
PR:		212502
PR:		212505
PR:		212508
PR:		212540
PR:		212543
PR:		212546
Submitted by:	Sevan Janiyan <venture37@geeklan.co.uk>
2016-09-16 04:28:31 +00:00
Mariusz Zaborski
451cad50cd Fix misleading description of the -b option in the geli init command.
Reviewed by:		bjk, wblock
Differential Revision:	https://reviews.freebsd.org/D7226
Discussed with:		AllanJude
2016-08-03 18:02:10 +00:00
Dag-Erling Smørgrav
ae1b731b5d Rewrite the GPT and MBR examples. For GPT, ensure that the boot partition
is large enough for gptzfsboot, which has doubled in size since 10.

PR:		211361
MFC after:	3 days
2016-07-25 11:25:33 +00:00
Pedro F. Giffuni
f32d2926b0 sbin: ake use of our rounddown() macro when sys/param.h is available.
No functional change.
2016-05-01 02:24:05 +00:00
Glen Barber
876d357fa7 MFH
Sponsored by:	The FreeBSD Foundation
2016-04-11 15:24:59 +00:00
Andrey V. Elsukov
b2d7040c1c Fix the problem, when gpart(8) can't write both bootcode and partcode
in one command due to wrong file size limit. Do not use bootcode size
to calculate partsize limit.
Also add report message about successful partcode writing.

Reported by:	Trond Endrestøl
MFC after:	2 weeks
2016-04-11 13:44:31 +00:00
Allan Jude
d873662594 Create the GELIBOOT GEOM_ELI flag
This flag indicates that the user wishes to use the GELIBOOT feature to boot from a fully encrypted root file system.
Currently, GELIBOOT does not support key files, and in the future when it does, they will be loaded differently.
Due to the design of GELI, and the desire for secrecy, the GELI metadata does not know if key files are used or not, it just adds the key material (if any) to the HMAC before the optional passphrase, so there is no way to tell if a GELI partition requires key files or not.

Since the GELIBOOT code in boot2 and the loader does not support keys, they will now only attempt to attach if this flag is set. This will stop GELIBOOT from prompting for passwords to GELIs that it cannot decrypt, disrupting the boot process

PR:		208251
Reviewed by:	ed, oshogbo, wblock
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D5867
2016-04-08 01:25:25 +00:00
Glen Barber
538354481e MFH
Sponsored by:	The FreeBSD Foundation
2016-03-14 18:54:29 +00:00
Alexander Motin
c66784839b Allow standard commands for "unknown" classes in RESCUE mode.
For example, it allows quite useful `geom disk list` command.

MFC after:	1 week
2016-03-11 12:59:07 +00:00
Glen Barber
406d87b1c3 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
Allan Jude
4332feca4b Make additional parts of sys/geom/eli more usable in userspace
The upcoming GELI support in the loader reuses parts of this code
Some ifdefs are added, and some code is moved outside of existing ifdefs

The HMAC parts of GELI are broken out into their own file, to separate
them from the kernel crypto/openssl dependant parts that are replaced
in the boot code.

Passed the GELI regression suite (tools/regression/geom/eli)
 Files=20 Tests=14996
 Result: PASS

Reviewed by:	pjd, delphij
MFC after:	1 week
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D4699
2016-01-07 05:47:34 +00:00
Allan Jude
7a3f5d11fb Replace sys/crypto/sha2/sha2.c with lib/libmd/sha512c.c
cperciva's libmd implementation is 5-30% faster

The same was done for SHA256 previously in r263218

cperciva's implementation was lacking SHA-384 which I implemented, validated against OpenSSL and the NIST documentation

Extend sbin/md5 to create sha384(1)

Chase dependancies on sys/crypto/sha2/sha2.{c,h} and replace them with sha512{c.c,.h}

Reviewed by:	cperciva, des, delphij
Approved by:	secteam, bapt (mentor)
MFC after:	2 weeks
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3929
2015-12-27 17:33:59 +00:00
Andrey V. Elsukov
ad32bf978a Remove a note about damaged PMBR. Now GPT will be detected automatically
with such corruption.

MFC after:	1 month
2015-12-10 10:37:12 +00:00
Enji Cooper
94c1ff89ad Don't leak rsector/sector in mp_label(..)
Use calloc instead of malloc + memset(.., 0, ..) when allocating sector

Differential Revision: https://reviews.freebsd.org/D4450
MFC after: 1 week
Reported by: cppcheck
Reviewed by: mav
Sponsored by: EMC / Isilon Storage Division
2015-12-10 07:04:36 +00:00
Alexander Motin
4a3760bae6 Remove compatibility shims for legacy ATA device names.
We got new ATA stack in FreeBSD 8.x, switched to it at 9.x, completely
removed old stack at 10.x, so at 11.x it is time to remove compat shims.
2015-10-11 13:01:51 +00:00
Edward Tomasz Napierala
45d7de1d37 Make geom_nop(4) collect statistics on all types of BIOs, not just
reads and writes.

PR:		kern/198405
Submitted by:	Matthew D. Fuller <fullermd at over-yonder dot net>
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3679
2015-10-10 09:03:31 +00:00
Edward Tomasz Napierala
bb27d7ed90 Add a way to specify stripesize and stripeoffset to gnop(8). This makes
it possible to "simulate" 4K media, to eg test alignment handling.

Reviewed by:	mav@
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D3664
2015-09-15 18:01:59 +00:00
Pawel Jakub Dawidek
46e3447026 Enable BIO_DELETE passthru in GELI, so TRIM/UNMAP can work as expected when
GELI is used on a SSD or inside virtual machine, so that guest can tell
host that it is no longer using some of the storage.

Enabling BIO_DELETE passthru comes with a small security consequence - an
attacker can tell how much space is being really used on encrypted device and
has less data no analyse then. This is why the -T option can be given to the
init subcommand to turn off this behaviour and -t/T options for the configure
subcommand can be used to adjust this setting later.

PR:		198863
Submitted by:	Matthew D. Fuller fullermd at over-yonder dot net

This commit also includes a fix from Fabian Keil freebsd-listen at
fabiankeil.de for 'configure' on onetime providers which is not strictly
related, but is entangled in the same code, so would cause conflicts if
separated out.
2015-08-08 09:51:38 +00:00
Andrey V. Elsukov
109f7a27c4 lseek() allows an offset to be set beyond the end of file. Using
it to check that partition has enough space to write bootcode doesn't
work. Use the known size of provider instead.

PR:		201504
MFC after:	1 week
2015-07-21 06:18:42 +00:00
Marcelo Araujo
c283159997 Fix contraction spotted by igor(1) and remove 2 .Ed spotted by mandoc(1).
Also, don't capitalize "module" and remove a redundant phrase introduced
in my previous commit.

Differential Revision:	D3112
Reviewed by:		wblock
Sponsored by:		gandi.net
2015-07-18 03:14:49 +00:00
Marcelo Araujo
a8d65cade5 Describe how to load gmultipath at boot time.
Differential Revision:	D3112
Reviewed by:		allanjude, bapt
Sponsored by:		gandi.net
2015-07-17 06:34:46 +00:00
Allan Jude
ce808c7ad8 Add a new option to gpart(8) to fix Lenovo BIOS boot issue
PR:		184910
Reviewed by:	ae, wblock
Approved by:	marcel
MFC after:	3 days
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3065
2015-07-15 02:23:55 +00:00
Pawel Jakub Dawidek
edaa9008ff Allow to omit keyfile number for the first keyfile. 2015-07-02 10:55:32 +00:00
Baptiste Daroussin
18b2ee82db Revert r284417 it is not necessary anymore 2015-06-15 19:28:07 +00:00
Baptiste Daroussin
4232f82668 Enforce overwritting SHLIBDIR
Since METAMODE has been added, sys.mk loads bsd.mkopt.mk which ends load loading
bsd.own.mk which then defines SHLIBDIR before all the Makefile.inc everywhere.

This makes /lib being populated again.

Reported by:	many
2015-06-15 15:34:20 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Christian Brueffer
0031bf7501 Add a missing word, should have been in r284290.
Submitted by:	Fabian Keil
2015-06-12 15:03:59 +00:00
Christian Brueffer
7ff1ea8bdd Improve grammar.
PR:		200673
Submitted by:	Fabian Keil
Obtained from:	ElectroBSD
2015-06-11 23:05:49 +00:00
Christian Brueffer
c06d629a24 Consistently use trailing whitespace in passphrase prompts.
PR:		193496
Submitted by:	Fabian Keil
MFC after:	1 week
2015-06-11 00:24:33 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Allan Jude
38eb219c75 Fix error in gmountver(8) man page
Also fixes the usage statement for the binary to use the correct terms (provider and geom name, rather than dev and prov, which is incorrect in the latter case)
Sync the man page summary with the new usage statement

PR:		199540
Differential Revision:	https://reviews.freebsd.org/D2329
Submitted by:	Fabian Keil
Reviewed by:	trasz
Approved by:	eadler (mentor)
Obtained from:	ElectroBSD (original)
MFC after:	1 week
Sponsored by:	ScaleEngine Inc.
2015-05-18 19:37:55 +00:00
Andrey V. Elsukov
4b8d4f97b0 Add apple-boot, apple-hfs and apple-ufs aliases to MBR scheme.
Sort DOSPTYP_* entries in diskmbr.h by value.
Document these scheme-specific types in gpart(8).

MFC after:	1 week
2015-05-05 09:33:02 +00:00
Alexander Motin
5523c82c1a Make GEOM_PART work in presence of previous withered self.
MFC after:	2 weeks
Sponsored by:	iXsystems, Inc.
2015-03-26 12:17:47 +00:00
Andrey V. Elsukov
4fb4ebe0a4 Add GUID and alias for Apple Core Storage partition.
PR:		196241
MFC after:	1 week
2015-03-12 18:51:31 +00:00
Andrey V. Elsukov
771d671beb When gpart(8) is trying automatically determine the first available
block of free space after existing partition, take into account
provider's stripeoffset, since the result will be adjusted to this
value.

PR:		197989
MFC after:	1 week
2015-02-26 15:59:45 +00:00
Edward Tomasz Napierala
da8e209f33 Fix sysctl name.
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
2015-01-27 18:27:07 +00:00