Commit Graph

288 Commits

Author SHA1 Message Date
Poul-Henning Kamp
cea573842c Don't forget our topology lock in the MBREXT case. 2002-12-19 12:01:19 +00:00
Poul-Henning Kamp
1e90b74683 Solve another bug in the mapping code: correctly skip lock sectors.
Make sure sector zero is protected if it contains metadata.

Lower WARNS for gbde to 3 on non-i386 archs.  rijndael-fst is evil
but appearntly does the right thing and passes the test-vectors.

MFC Candidate.
2002-12-18 22:11:54 +00:00
Poul-Henning Kamp
88806cc28c Fix two blunders in the mapping functions which can lead to corrupt data,
for request sizes larger than the sectorsize or for multi-key setups.

See warning mailed to current@ for details of recovery.

Found by:	Marcus Reid <marcus@blazingdot.com>
2002-12-18 19:57:27 +00:00
Poul-Henning Kamp
0ae8896ed2 Balk at unaligned requests.
MFC candidate.
2002-12-18 19:53:59 +00:00
Poul-Henning Kamp
9eebd265b9 Add a check for negative offset locations and return EINVAL for them. 2002-12-17 21:31:58 +00:00
Poul-Henning Kamp
dd0879a966 Don't mangle geometry for pc98, this will happen in the ata driver. 2002-12-17 15:50:51 +00:00
Poul-Henning Kamp
50bd488da3 Remember to hold topology lock when we change things.
Spotted by:	kuriyama
2002-12-17 09:44:10 +00:00
Poul-Henning Kamp
2cc40a38a8 Constify the dumpconf() function. 2002-12-17 07:22:48 +00:00
Poul-Henning Kamp
a1d5f791fa Get rid of g_slice_addslice() and use g_slice_config() instead.
Tested with:	i386 + src/tools/regression/geom
2002-12-16 23:08:48 +00:00
Poul-Henning Kamp
0f9d3dba37 Constification and some s/int/u_int/ changes. 2002-12-16 22:33:27 +00:00
Poul-Henning Kamp
cc0163a3c4 Add a couple of KASSERTS, just in case. 2002-12-13 22:04:45 +00:00
Poul-Henning Kamp
821a4d01ea Don't interpret the hotspots relative to all slices on a slicer, but
relative to the parent device.
2002-12-13 21:31:13 +00:00
Poul-Henning Kamp
ef7b370b00 Fix spelling in comment. 2002-12-13 21:10:59 +00:00
Søren Schmidt
8ba4488cea Add support for the PC98 platform to the ATA driver.
This mostly consists of functionality to serialize accesses to
the two ATA channels (which can also be used to "fix" certain
PCI based controllers).
Add support for Acard controllers.
Enable the ATA driver in PC98 GENERIC, and add device hints.
Update man page with latest support.

The PC98 core team has kindly provided me with a PC98
machine that made this all possible, thanks to all that
contributed to that effort, without that this would
probably newer have been possible..

Approved by: re@
2002-12-03 20:20:44 +00:00
Poul-Henning Kamp
00e11500e2 Use the hotspot code to prevent people from overwriting their disklabel
with stuff which would ruin the day for any open parititons.

Approved by:	re
2002-12-02 20:23:54 +00:00
Poul-Henning Kamp
188321b737 Add a simplified version of the hot-spot code to enable us to protect
in-band disklabels from in-band vandalism.

Approve by:	re
2002-12-02 19:59:25 +00:00
Poul-Henning Kamp
c7f74a4931 Use more mnemonic argument names in the access functions.
Sponsored by:	DARPA & NAI Labs
Approved by:	re (blanket)
2002-12-01 15:54:39 +00:00
Poul-Henning Kamp
f03692cba5 Fix a cut&past-o.
Spotted by:	yar
Approved by:	re (blanket)
2002-12-01 15:53:31 +00:00
Poul-Henning Kamp
19c61e97fb Conceiveably, there may exist an algorithm which can tell if a sequence of bytes
are the output of AES/128/CBC or ARC4RANDOM.  Encrypt the random data with which
we wipe when we get a BIO_DELETE to make such an algorithm useful.

Sponsored by:	DARPA & NAI Labs
Approved by:	re (blanket)
2002-12-01 15:50:48 +00:00
Poul-Henning Kamp
3a4c5955ce Use unsigned for an index.
Sponsored by:	DARPA & NAI Labs.
Approved by:	re (blanket).
2002-12-01 15:47:49 +00:00
Poul-Henning Kamp
534de7e11d Remember to update the providers idea of its size when we reconfigure
a slice child.

Approved by:	re
2002-11-20 20:12:52 +00:00
Poul-Henning Kamp
82e5a9a354 Do not call the dumpconf method unless there is one.
Compare pointers with NULL.

Partially submitted by:	Christian Carstensen <cc@gate5.de>
Approved by:	re
2002-11-20 18:10:42 +00:00
Yoshihiro Takahashi
8a529159ad Save a slice name on the disk and print it at g_pc98_dumpconf(). 2002-11-17 13:56:37 +00:00
Poul-Henning Kamp
11af41920e Remove harmless but irritating printf. 2002-11-08 15:35:16 +00:00
Poul-Henning Kamp
749cefac1b Always recalculate the SRM checksum if the label is at 64 bytes offset.
Tested by:	jhb
2002-11-08 15:31:34 +00:00
Yoshihiro Takahashi
962cf6f7bb Fix to support pc98.
It is mostly merged from MBR specific part.

Reviewed by:	phk
2002-11-07 16:42:37 +00:00
Poul-Henning Kamp
e6e142398f Straighten up the geom.ctl config interface definitions.
Sponsored by:	DARPA & NAI Labs
2002-11-06 20:05:15 +00:00
Poul-Henning Kamp
a9ed5e1173 Polish a bit here and there.
Reenable the geom.ctl device so people can play with gbde.

Sponsored by:	DARPA & NAI Labs
2002-11-04 09:31:02 +00:00
Poul-Henning Kamp
5afa461402 Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512.
Change lock-structure encoding to use random ordering rather for obscurity.
Encrypt lock-structure with AES/256 instead of AES/128.
Change kkey derivation to be MD5 hash based.
Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen.
Remove clause 3 of the license with NAI Labs consent.

Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David
Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and
suggestions.

This code has still not been stared at for 10 years by a gang of
hard-core cryptographers.  Discretion advised.

NB: These changes result in the on-disk format changing: dump/restore needed.

Sponsored by:   DARPA & NAI Labs.
2002-11-04 09:27:01 +00:00
Poul-Henning Kamp
4b787a3959 Reject slices where begin == end.
Remove clause 3 from the license with NAI Labs consent.

Sponsored by:	DARPA & NAI Labs
2002-11-04 06:30:38 +00:00
Poul-Henning Kamp
a5b0a0ca37 Remove clause 3 in the license with NAI's consent.
Reject slices with type==0.
Diddle the bootverbose printfs.

Sponsored by:	DARPA & NAI Labs
2002-11-04 06:29:05 +00:00
Marcel Moolenaar
23280b373b Remove the GEOM_GPT hack. We now check for partition type 0xEE and
skip those. This handles the Protective MBR (PMBR) which consists
of a single partition of type 0xEE that covers the whole disk and
as such protects the GPT partitioning. We allow other partitions to
be present besides partitions of type 0xEE and as such interpret
partition type 0xEE as a "hands-off" partition only.

While here, fix g_mbrext_dumpconf to test if indent is NULL and
dump the data in a form that libdisk can grok. Change the logic
in g_mbr_dumpconf to match that of g_mbrext_dumpconf. This does
not change the output, but prevents a NULL-pointer dereference
when indent == NULL && pp == NULL.
2002-11-02 12:01:12 +00:00
Marcel Moolenaar
0df5787813 Fix dumpconf so libdisk can grok its output. We weren't checking
if indent was NULL. Consequently we always emitted the XML format.
2002-11-02 11:45:54 +00:00
Poul-Henning Kamp
3432e4fd03 malloc(9) with M_NOWAIT seems to return NULL a lot more than I would have
expected under -current.  This is a problem for GEOM because the up/down
threads cannot sleep waiting for memory to become free.  The reason they
cannot sleep is that paging things out to disk may be the only way we can
clear up some RAM.  Nice catch-22 there.

Implement a rudimentary ENOMEM recovery strategy:  If an I/O request
fails with an error code of ENOMEM, schedule it for a retry, and
tell the down-thread to sleep hz/10 to get other parts of the system
a chance to free up some memory, in particular the up-path in GEOM.

All caches should probably start to monitor malloc(9) failures using the new
malloc_last_fail() function, and release when it indicates congestion.

Sponsored by:	DARPA & NAI Labs.
2002-11-02 11:08:07 +00:00
Poul-Henning Kamp
5274973ae2 Make this compile in the userland shims again.
Sponsored by:	DARPA & NAI Labs
2002-11-01 15:57:55 +00:00
Poul-Henning Kamp
b630d83f28 Add KASSERT for bio_cmd validity here as well. Various hacks still
bypass specfs.
2002-11-01 15:56:26 +00:00
Poul-Henning Kamp
bfccaa1df2 Spruce up bootverbose output a bit.
Allow extended partitions to have flag=0x80
2002-10-31 22:18:49 +00:00
Poul-Henning Kamp
6c4a970782 Change the kkey generation cherry-picker to use MD5.
Sponsored by:	DARPA & NAI Labs
2002-10-30 22:13:54 +00:00
Poul-Henning Kamp
d518e53936 Add the remaning part of the new libdisk interaction.
WARNING:  This is not a published interface, it is a stopgap measure for
WARNING:  libdisk so we can get 5.0-R out of the door.

Sponsored by:	DARPA & NAI Labs
2002-10-28 22:43:54 +00:00
Poul-Henning Kamp
89f4551e95 Add support for the new libdisk interaction.
Sponsored by:	DARPA & NAI Labs.
2002-10-28 22:42:20 +00:00
Poul-Henning Kamp
1907a57b5f Fix a bug in the cherry-picker kkey generator routine.
WARNING:  You need to backup and restore the _unencrypted_ contents
WARNING:  of your GBDE disks when you take this update!

Sponsored by:	DARPA & NAI Labs.
2002-10-28 11:06:58 +00:00
Poul-Henning Kamp
8c847e9020 Add more compatibility junk. 2002-10-28 07:50:47 +00:00
Poul-Henning Kamp
b2758b2f23 Don't truncate on large disks. 2002-10-27 10:17:38 +00:00
Poul-Henning Kamp
077f9aa12e Make geom_mbr.c optional on PC98, use GEOM_MBR option to include it.
Disable check for supposedly magic "IPL1" string for PC98 labels, its
thaumaturgical power is in doubt.
2002-10-26 20:17:59 +00:00
Poul-Henning Kamp
3d5500fc51 Reduce the GEOM verbosity under bootverbose to something more sufferable.
This is not quite the set of information I would want, but the tree where
I have the "correct" version is messed up with conflicts.

Sponsored by:	DARPA & NAI Labs.
2002-10-25 20:09:45 +00:00
Poul-Henning Kamp
ce225127b9 Add a g_dev_print() function which prints all the /dev entries GEOM
know about.
2002-10-25 18:42:42 +00:00
Poul-Henning Kamp
c03bf4f225 Loose the g_dev_clone() noise. 2002-10-25 17:00:15 +00:00
Poul-Henning Kamp
ed1ebb9691 Use a better test to prevent tasting geom.ctl so we don't screw the
regression tests.
2002-10-24 21:32:49 +00:00
Poul-Henning Kamp
d3eaf40966 Don't taste the first provider, it's /dev/geom.ctl and it's not going
to taste like anything we like anyway.
2002-10-24 19:20:28 +00:00
Poul-Henning Kamp
6adb748875 No need to specify CTLTYPE_INT when we use SYSCTL_INT. 2002-10-20 22:46:50 +00:00