Add a note in example as well, that last sector is used for metadata,
so it don't provoke confusions.
Noticed by: Victor Sudakov <sudakov@sibptus.tomsk.ru>
Approved by: re (scottl)
Even if there are no valid keys in metadata, but provider is attached
we can still use setkey subcommand.
Found by: regression tests
Approved by: re (scottl)
sys/geom/eli/g_eli.h 1.3-4
sys/geom/eli/g_eli_ctl.c 1.2
sbin/geom/class/eli/geli.8 1.4-6
sbin/geom/class/eli/geom_eli.c 1.3
Sync with HEAD:
- We don't need to clear allocated memory. This will speed-up things a bit.
- Even if crypto_dispatch() return an error, request is not canceled and
our callback will still be called, just to tell us that requested
failed...
- Always run dedicated kernel thread (even when we have hardware support).
There is no performance impact, but allows to allocate memory with
M_WAITOK flag.
As a side effect this simplify code a bit.
- Allow to change number of iterations for PKCS#5v2. It can only be used
when there is only one key set.
- Add a __packed keyword to g_eli_metadata struct definition, so
sizeof(struct g_eli_metadata) will return the exact number of bytes needed
for storing it on the disk.
Without this change GELI was unusable on amd64 (and probably other 64-bit
archs), because sizeof(struct g_eli_metadata) was greater than 512 bytes
and geli(8) was failing on assertion.
Approved by: re (scottl)
When keys were configured without passphrase, number of iterations in
metadata is equal to -1. if we then wanted to attach provider (or change
keys) and forget about '-p' flag it failed on assertion (quite ok, without
assertion it could call PKCS#5v2 with 4294967295 iterations).
Instead of failing on assertion, remind about '-p' flag.
Approved by: re (kensmith)
sys/geom/eli/g_eli.c 1.4,1.5
- GELI doesn't need cryptodev.
- Because code paths for I/O requests are quite complex, add comments above
the functions which participate in I/O paths.
Approved by: re (kensmith)
Unfortunately dlerror(3) returns string, so there is no clean way to
ignore "no such file" errors only, which I wanted to do.
Because of this I ignored all other errors on dlopen(3) failure as well,
which isn't good.
Fix this situation by calling access(2) on library file first and ignore
only ENOENT error. This allows to report all the rest of dlopen(3) errors.
Approved by: re (kensmith)
- Add code for Ext2FS and ReiserFS labels recognition.
- Avoid creating directories in devfs by changing all '/' in labels to '_'.
Submitted by: Stanislav Sedov <stas@310.ru>
PR: kern/84638
Approved by: re (kensmith)
Don't try to compile geli(8) when NO_CRYPT knob if defined.
Reported by: Alexander Polakov
Committed to HEAD by: ru
Approved by: re (kensmith (implicit))
usage for a subcommand, so no 'usage' function has to be implemented
in class library.
- Bump version number as it breaks ABI, but don't provide backward
compatibility, because there are probably no external consumers of this
geom(8).
This allows to print more precise usage for standard commands and simplify
class libraries a bit.
MFC after: 1 week
warning on 64-bit platforms. Explicitly cast these values to int
to work around this issue, as these values are tend to be small.
Spotted by: ia64 tinderbox
providers.
This prevents from listing geoms like <name>.sync which can be confusing.
It still allows to show details about it by giving its name when listing.
MFC after: 1 week
shared-last-sector problem.
After this change, even if there is more than one provider with the same
last sector, the proper one will be chosen based on its size.
It still doesn't fix the 'c' partition problem (when da0s1 can be confused
with da0s1c) and situation when 'a' partition starts at offset 0
(then da0s1a can be confused with da0s1 and da0s1c). One can use '-h'
option there, when creating device or avoid sharing last sector.
Actually, when providers share the same last sector and their size is equal,
they provide exactly the same data, so the name (da0s1, da0s1a, da0s1c)
isn't important at all.
- Provide backward compatibility.
- Update copyright's year.
MFC after: 1 week