39 Commits

Author SHA1 Message Date
Julian Elischer
3745c395ec Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0  so that we can eventually MFC the
new kthread_xxx() calls.
2007-10-20 23:23:23 +00:00
Jeff Roberson
982d11f836 Commit 14/14 of sched_lock decomposition.
- Use thread_lock() rather than sched_lock for per-thread scheduling
   sychronization.
 - Use the per-process spinlock rather than the sched_lock for per-process
   scheduling synchronization.

Tested by:      kris, current@
Tested on:      i386, amd64, ULE, 4BSD, libthr, libkse, PREEMPTION, etc.
Discussed with: kris, attilio, kmacy, jhb, julian, bde (small parts each)
2007-06-05 00:00:57 +00:00
Pawel Jakub Dawidek
df3aed4f96 Use root_mounted(). 2007-04-08 23:54:23 +00:00
Sam Leffler
6810ad6f2a Overhaul driver/subsystem api's:
o make all crypto drivers have a device_t; pseudo drivers like the s/w
  crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
  cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
  for specifying which of several potential devices to use when doing
  crypto operations
o add new ioctls that allow user apps to select a specific crypto device
  to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
  implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
  795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
  to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
  to specify a device to use for tests

These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.

These changes were instigated by the work of Michael Richardson.

Reviewed by:	pjd
Approved by:	re
2007-03-21 03:42:51 +00:00
Pawel Jakub Dawidek
b942093961 Fix geli after last commit for UP systems that are running SMP kernel.
Submitted by:	Hyo geol, Lee <hyogeollee@gmail.com>
MFC after:	1 week
2007-03-02 09:38:16 +00:00
Pawel Jakub Dawidek
a1ea1a22e9 It is possible that GEOM taste provider before SMP is started.
We can't bind to a CPU which is not yet on-line, so add code that wait for
CPUs to go on-line before binding to them.

Reported by:	Alin-Adrian Anton <aanton@spintech.ro>
MFC after:	2 weeks
2007-01-28 20:29:12 +00:00
Pawel Jakub Dawidek
1506db2163 I want CPU number here.
Noticed by:	ru
2006-11-02 09:01:34 +00:00
Pawel Jakub Dawidek
eba8f13797 Skip disabled CPU, because after we sched_bind() to a disabled CPU,
we won't be able to exit from the thread.

Function g_eli_cpu_is_disabled() stoled from kern_pmc.c.

PR:		104669
Reported by:	Nikolay Mirin <nik@optim.com.ru>
MFC after:	1 week
2006-11-01 16:05:06 +00:00
Pawel Jakub Dawidek
42461fba65 Implement BIO_FLUSH handling by simply passing it down to the components.
Sponsored by:	home.pl
2006-10-31 21:23:51 +00:00
Pawel Jakub Dawidek
469e952070 Remove trailing spaces. 2006-09-30 08:16:49 +00:00
Pawel Jakub Dawidek
2bd4ade694 Before using byte offset for IV creation, covert it to little endian.
This way one will be able to use provider encrypted on eg. i386 on
eg. sparc64. This doesn't really buy us much today, because UFS isn't
endian agnostic.

We retain backward compatibility by setting G_ELI_FLAG_NATIVE_BYTE_ORDER
flag on devices with version number less than 2 and not converting the
offset.
2006-08-11 19:09:12 +00:00
Pawel Jakub Dawidek
850590166f Allow geli to operate on read-only providers.
Initial patch from:	vd
MFC after:		2 weeks
2006-08-09 18:11:14 +00:00
Yaroslav Tykhiy
f6829a059f Fix what looks like a typo: MODULE_DEPEND() takes module names,
not KLD file names; and GELI module's name is g_eli, not geom_eli.

Approved by:	pjd (silence)
MFC after:	5 days
2006-07-27 11:52:12 +00:00
Pawel Jakub Dawidek
eaa3b91996 Implement data integrity verification (data authentication) for geli(8).
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-05 21:38:54 +00:00
Pawel Jakub Dawidek
05bf5e8a0a Make kern.geom.eli.overwrites sysctl a tunable as well. 2006-06-05 21:25:19 +00:00
Pawel Jakub Dawidek
5af2ae28f6 geli(8) provides keys on newsession time, so remove CRD_F_KEY_EXPLICIT flag
as HW crypto drivers don't support it.
2006-04-20 06:33:46 +00:00
Pawel Jakub Dawidek
cd0d707eb7 Correct debug: we are sending child bio here, not parent bio.
MFC after:	1 week
2006-04-15 18:30:42 +00:00
Pawel Jakub Dawidek
d3a1be900a Pass BIO_GETATTR requests down.
MFC after:	1 week
2006-04-12 12:18:44 +00:00
Pawel Jakub Dawidek
39d92f5fa3 Typos. 2006-04-05 22:07:31 +00:00
Pawel Jakub Dawidek
9af2131b78 Teach geli how to load keyfiles before root file system is mounted.
An example entries for loader.conf to make it possible:

geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"

Thanks for jhb and kan who showed me the right direction.

MFC after:	3 days
2006-02-11 13:08:24 +00:00
Pawel Jakub Dawidek
a80f82a4a3 Check rootvnode variable to see if we still want to ask for passphrase on
boot. Other methods just don't work properly.

MFC after:	3 days
2006-02-11 12:45:01 +00:00
Christian Brueffer
9864500624 Clean up some sysctl descriptions, debug messages etc.
Approved by:	pjd
MFC after:	3 days
2006-02-07 17:23:22 +00:00
Pawel Jakub Dawidek
38ea96ac99 Remove trailing spaces. 2006-02-01 12:06:01 +00:00
Pawel Jakub Dawidek
7192f621d0 Remove dead code.
Found by:	Coverity Prevent(tm)
MFC after:	3 days
2006-01-17 07:27:46 +00:00
Pawel Jakub Dawidek
4ec0490779 Remove unused value.
Found by:	Coverity Prevent(tm)
MFC after:	3 days
2006-01-17 07:26:48 +00:00
Maxim Sobolev
8a4a44b5aa Check for g_read_data(9) errors properly:
o The only indication of error condition is NULL value returned by
  the function;

o value pointed to by error argument is undefined in the case when
  operation completes successfully.

Discussed with: phk
2005-11-30 19:24:51 +00:00
Pawel Jakub Dawidek
71270ca60b Fix copy&paste typo.
MFC after:	3 days
2005-09-10 07:46:47 +00:00
Pawel Jakub Dawidek
cf47954083 Don't forget to initialize crp_etype field.
Reported by:	Nick Evans <nevans@syphen.net>
MFC after:	3 days
2005-09-10 07:45:10 +00:00
Pawel Jakub Dawidek
dd549194ae By default, when doing crypto work in software, start as many threads
as we have active CPUs and bind each thread to its own CPU.

MFC after:	3 days
2005-08-21 18:12:51 +00:00
Pawel Jakub Dawidek
b8db9f58da Remove stale comment (we now always start worker thread).
MFC after:	3 days
2005-08-21 18:06:35 +00:00
Pawel Jakub Dawidek
dddd1d537a Always run dedicated kernel thread (even when we have hardware support).
There is no performance impact, but allows to allocate memory with
M_WAITOK flag.
As a side effect this simplify code a bit.

MFC after:	3 days
2005-08-17 15:25:57 +00:00
Pawel Jakub Dawidek
bf71eaacf1 We should now return 0. 2005-08-17 15:12:34 +00:00
Pawel Jakub Dawidek
d1dca8a818 Even if crypto_dispatch() return an error, request is not canceled and
our callback will still be called, just to tell us that requested
failed...

Reported by:	Mike Tancsa <mike@sentex.net>
MFC after:	3 days
2005-08-17 14:34:52 +00:00
Pawel Jakub Dawidek
2be2b2eab5 We don't need to clear allocated memory. This will speed-up things a bit.
MFC after:	3 days
2005-08-17 14:08:50 +00:00
Pawel Jakub Dawidek
bb30fea667 Because code paths for I/O requests are quite complex, add comments above
the functions which participate in I/O paths.

MFC after:	1 day
2005-08-13 17:45:37 +00:00
Pawel Jakub Dawidek
6985decf3c GELI doesn't need cryptodev.
MFC after:	3 days
2005-08-11 14:52:27 +00:00
Pawel Jakub Dawidek
ea35a2ec3a MFp4: Export more informations about encrypted providers.
MFC after:	1 week
2005-07-27 22:31:57 +00:00
Pawel Jakub Dawidek
7625429883 Reduce default debug level to 0.
MFC after:	1 week
2005-07-27 21:48:47 +00:00
Pawel Jakub Dawidek
c58794debd Add GEOM_ELI class which provides GEOM providers encryption.
For features list and usage see manual page: geli(8).

Sponsored by:	Wheel Sp. z o.o.
		http://www.wheel.pl
MFC after:	1 week
2005-07-27 21:43:37 +00:00