Commit Graph

26 Commits

Author SHA1 Message Date
jhb
2314192d69 Remove support for geli(4) algorithms deprecated in r348206.
This removes support for reading and writing volumes using the
following algorithms:

- Triple DES
- Blowfish
- MD5 HMAC integrity

In addition, this commit adds an explicit whitelist of supported
algorithms to give a better error message when an invalid or
unsupported algorithm is used by an existing volume.

Reviewed by:	cem
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24343
2020-04-15 00:14:50 +00:00
0mp
2b450750b6 Document geli(8) loader variables conventions
The geli(8) manual page has an example for preloading keyfiles during boot.
There is no detail though on how the lookup of these variables actually
works.

Let's document that the name of a device does not have to be a part
of the variable.

PR:		243261
Submitted by:	johannes@jo-t.de
Approved by:	bcr (mentor)
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D24114
2020-03-19 09:23:26 +00:00
dwmalone
2439a6fa5e Add some missing articles.
Use .Nm to format the utility name.
Get the name of the GEOM class right.

MFC after:	2 weeks
2020-01-28 15:34:00 +00:00
mav
232f010240 Remove GEOM_SCHED class and gsched tool.
This code was not actively maintained since it was introduced 10 years ago.
It lacks support for many later GEOM features, such as direct dispatch,
unmapped I/O, stripesize/stripeoffset, resize, etc.  Plus it is the only
remaining use of GEOM nstart/nend request counters, used there to implement
live insertion/removal, questionable by itself.  Plus, as number of people
commented, GEOM is not the best place for I/O scheduler, since it has
limited information about layers both above and below it, required for
efficient scheduling.  Plus with the modern shift to SSDs there is just no
more significant need for this kind of scheduling.

Approved by:	imp, phk, luigi
Relnotes:	yes
2019-12-29 21:16:03 +00:00
oshogbo
5af4e2f1be gnop: change the "count until fail" option
Change the "count_until_fail" option of gnop, now it enables the failing
rating instead of setting them to 100%.

The original patch introduced the new flag, which sets the fail/rate to 100%
after N requests. In some cases, we don't want to have 100% of failure
probabilities. We want to start failing at some point.
For example, on the early stage, we may like to allow some read/writes requests
before having some requests delayed - when we try to mount the partition,
or when we are trying to import the pool.
Another case may be to check how scrub in ZFS will behave on different stages.

This allows us to cover more cases.
The previous behavior still may be configured.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D22632
2019-12-29 15:47:37 +00:00
oshogbo
4c34bbaf2e gnop: allow to change the name of created device
Thanks to this option we can create more then one gnop provider from
single provider. This may be useful for temporary labeling some data
on the disk.

Reviewed by:	markj, allanjude, bcr
Differential Revision:	https://reviews.freebsd.org/D22304
2019-12-29 15:40:02 +00:00
cem
a2048aacb8 gpart(8): ms-basic-data is used for exFAT on GPT
Be explicit about it; the first mention of exFAT is for the MBR type 'ntfs',
and the reader must work back from there to the GPT type and infer that a
reference to MBR ntfs type means ms-basic-data is canonical for exFAT.

(It'd also be great if gpart had convenient aliases that did the right
thing for the partition scheme, such as 'ntfs' => ms-basic-data on GPT
schemes or 'exfat' => 'ntfs' in MBR schemes.  The tool is also bad about
providing user-meaningful reasons for EINVAL failures.)
2019-12-24 01:47:08 +00:00
trasz
16c0bc8721 Add kern.geom.part.separator tunable. This makes it possible
to specify an optional separator to insert before partition name;
eg if it's set to "c/", you'll get "ada0c/s1" instead of "ada0s1".
(It cannot be set to just “/“, since ada0 is a device node, not
a directory.)

Reviewed by:	imp
MFC after:	2 weeks
Sponsored by:	Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D22193
2019-12-13 09:28:44 +00:00
markj
8543aab1ce Fix grammar in gpart.8.
PR:		241973
MFC after:	3 days
2019-11-18 19:05:52 +00:00
asomers
93b5f74bb2 geli: raise WARNS to 6
MFC after:	2 weeks
Sponsored by:	Axcient
2019-11-01 02:48:43 +00:00
chs
e8305d1e70 Add a "count_until_fail" option to gnop, which says to start failing
I/O requests after the given number have been allowed though.

Approved by:    imp (mentor)
Reviewed by:    rpokala kib 0mp mckusick
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D21593
2019-09-13 23:03:56 +00:00
oshogbo
9ea2c0c43b gnop: Fix initial value for the wdelayprob
Reported by:	Chuck Silvers <chuq@chuq.com>
2019-09-10 20:27:44 +00:00
kevans
ed952e1369 Allow more nesting of GEOM partitioning schemes
GEOM is supposed to be topology-agnostic, but the GPT and BSD partition code
has arbitrary restrictions on nesting that are annoying in cases such as
running VMs on raw partitions (since the VM's partitioning scheme is not
visible to the host).

This patch adds sysctls to disable the restrictions except in the case of
BSD label (and similar) partitions with offset 0 (where we need to avoid
recursively recognizing the label).

Submitted by:	Andrew Gierth
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D21350
2019-09-03 20:57:20 +00:00
oshogbo
a49750a3a5 gnop: Introduce requests delay.
This allows to simulated disk that is responding slowly to the IO requests.

Reviewed by:	markj, bcr, pjd (previous version)
Differential Revision:	https://reviews.freebsd.org/D21052
2019-07-31 17:47:12 +00:00
lwhsu
254a56d362 Correct the argument passed to g_eli_algo2str()
MFC with:	r348206
Sponsored by:	The FreeBSD Foundation
2019-05-24 06:49:47 +00:00
jhb
7e28a78737 Add deprecation warnings for weaker algorithms to geli(4).
- Triple DES has been formally deprecated in Kerberos (RFC 8429)
  and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated.  FreeBSD doesn't support its successor
  (Twofish).
- MD5 is generally considered a weak digest that has known attacks.

geli refuses to create new volumes using these algorithms via 'geli
init'.  It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' .  The plan is to fully remove
support for these algorithms in FreeBSD 13.

Note that none of these algorithms have ever been the default
algorithm used by geli(8).  Users would have had to explicitly select
these algorithms when creating volumes in the past.

Reviewed by:	cem, delphij
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20344
2019-05-23 22:31:55 +00:00
pjd
c118ff293a Implement automatic online expansion of GELI providers - if the underlying
provider grows, GELI will expand automatically and will move the metadata
to the new location of the last sector.

This functionality is turned on by default. It can be turned off with the
-R flag, but it is not recommended - if the underlying provider grows and
automatic expansion is turned off, it won't be possible to attach this
provider again, as the metadata is no longer located in the last sector.

If the automatic expansion is turned off and the underlying provider grows,
GELI will only log a message with the previous size of the provider, so
recovery can be easier.

Obtained from:	Fudo Security
2019-04-03 23:57:37 +00:00
pjd
60f9cddb6a - Add missing -T (notrim) option to the label subcommand.
- Add missing -T option in the onetime subcommand comment.

Obtained from:	Fudo Security
2019-04-03 23:50:52 +00:00
des
6dea58b239 Add a “skip_dsn” option to g_part's bootcode verb to prevent g_part_mbr
from setting the volume serial number.  This unbreaks older boot blocks
that don't support serial numbers, and allows boot0cfg to set the serial
number itself if requested by the user.

Submitted by:	lev@, yuripv@
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D17386
2018-11-27 14:58:19 +00:00
woodsb02
7649a58915 geli init with multiple providers - fix init and fix -B "none"
Apply some fixes post rS336659, which allowed multiple provders to be
initialized in a single command.
- Fix issue where second and subsequent providers would fail init.
  This was due to the metadata struct being zeroed after the first
  provider init was completed, despite containing common data required
  for subsequent providers.
- Fix issue where -B "none" would still result in the metadata being
  backed-up if multiple providers had been specified. This was due to
  the backupfile of "none" being incorrectly made unique for each
  provider by appending "-<prov>".

Approved by:	asomers
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D17096
2018-09-10 14:50:34 +00:00
woodsb02
163a837a7b geli init: Allow initialization of multiple geli providers at once if
they use same passphrase and keyfiles.

Unique salt will be randomly generated for each provider to ensure the
Master Key for each is unique.

This change follows on from r335673 and r336602, which allowed multiple
providers to be attached in a single command.

Reviewed by:	asomers
Approved by:	sobomax
Differential Revision:	https://reviews.freebsd.org/D16115
2018-07-23 23:04:43 +00:00
woodsb02
2f71d56829 geli attach: Fix exit codes and errors not being printed after r335673
Now that multiple providers can be attached at once, exit codes and
error messages must be handled correctly if there are failures in on
any of the providers.

Reported by:	asomers (Kyua test failures via continuous integration)
Reviewed by:	asomers
Approved by:	allanjude
Differential Revision:	https://reviews.freebsd.org/D16386
2018-07-22 13:40:52 +00:00
imp
f37de65a68 Remove three stray instances of zfsloader. 2018-07-20 05:26:14 +00:00
woodsb02
4fcfcecfa8 geli attach multiple providers
Allow attaching of multiple geli providers at once if they use same
passphrase and keyfiles.

This is helpful when the providers being attached are not used for boot,
and therefore the existing code to first try the cached password when
tasting the providers during boot does not apply.

Multiple providers with the same passphrase and keyfiles can be attached
at the same time during system start-up by adding the following to
rc.conf:
  geli_groups="storage backup"
  geli_storage_flags="-k /etc/geli/storage.keys"
  geli_storage_devices="ada0 ada1"
  geli_backup_flags="-j /etc/geli/backup.passfile -k /etc/geli/backup.keys"
  geli_backup_devices="ada2 ada3"

Reviewed by:	wblock, delphij, jilles
Approved by:	sobomax (src), bcr (doc)
Differential Revision:	https://reviews.freebsd.org/D12644
2018-06-26 18:07:16 +00:00
brd
a550f635ac Add a file missed in r335645.
Approved by:	brooks, allanjude (mentor)
Differential Revision:	https://reviews.freebsd.org/D15360
2018-06-25 21:54:39 +00:00
brooks
9fa168b01a Normalize the g(eom,cache,part,...) build.
Rather then combining hardlink creation for the geom(8) binary with
shared library build, move libraries to src/lib/geom so they are
built and installed normally.  Create a common Makefile.classes
which is included by both lib/geom/Makefile and sbin/geom/Makefile
so the symlink and libraries stay in sync.

The relocation of libraries allows libraries to be build for 32-bit
compat.  This also reduces the number of non-standard builds in
the system.

This commit is not sufficent to run a 32-bit /sbin/geom on a 64-bit
system out of the box as it will look in the wrong place for libraries
unless GEOM_LIBRARY_PATH is set appropriatly in the environment.

Reviewed by:	bdrewery
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D15360
2018-06-25 19:55:15 +00:00