259065 |
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
243333 |
20-Nov-2012 |
jh |
- Don't pass geom and provider names as format strings. - Add __printflike() attributes. - Remove an extra argument for the g_new_geomf() call in swapongeom_ev().
Reviewed by: pjd
|
239790 |
28-Aug-2012 |
ed |
Remove unneeded G_PF_CANDELETE flag.
This flag is only used by GEOM so it can be propagated to the character device's SI_CANDELETE. Unfortunately, SI_CANDELETE seems to do nothing.
|
238198 |
07-Jul-2012 |
trasz |
Fix orphan() methods of several GEOM classes to not assume that there is an error set on the provider. With GEOM resizing, class can become orphaned when it doesn't implement resize() method and the provider size decreases.
Reviewed by: mav Sponsored by: FreeBSD Foundation
|
219029 |
25-Feb-2011 |
netchild |
Add some FEATURE macros for various GEOM classes.
No FreeBSD version bump, the userland application to query the features will be committed last and can serve as an indication of the availablility if needed.
Sponsored by: Google Summer of Code 2010 Submitted by: kibab Reviewed by: silence on geom@ during 2 weeks X-MFC after: to be determined in last commit with code from this project
|
172836 |
20-Oct-2007 |
julian |
Rename the kthread_xxx (e.g. kthread_create()) calls to kproc_xxx as they actually make whole processes. Thos makes way for us to add REAL kthread_create() and friends that actually make theads. it turns out that most of these calls actually end up being moved back to the thread version when it's added. but we need to make this cosmetic change first.
I'd LOVE to do this rename in 7.0 so that we can eventually MFC the new kthread_xxx() calls.
|
160964 |
04-Aug-2006 |
yar |
Commit the results of the typo hunt by Darren Pilgrim. This change affects documentation and comments only, no real code involved.
PR: misc/101245 Submitted by: Darren Pilgrim <darren pilgrim bitfreak org> Tested by: md5(1) MFC after: 1 week
|
152966 |
30-Nov-2005 |
sobomax |
Kill leading whilespace.
|
151897 |
31-Oct-2005 |
rwatson |
Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in memory monitoring tools such as vmstat.
- Remove punctuation that is incompatible with using memory type names as file names, such as '/' characters.
- Disambiguate some collisions by adding subsystem prefixes to some memory types.
- Generally prefer lower case to upper case.
- If the same type is defined in multiple architecture directories, attempt to use the same name in additional cases.
Not all instances were caught in this change, so more work is required to finish this conversion. Similar changes are required for UMA zone names.
|
148192 |
20-Jul-2005 |
phk |
Comment typo
|
143418 |
11-Mar-2005 |
ume |
stop including rijndael-api-fst.h from rijndael.h. this is required to integrate opencrypto into crypto.
|
139778 |
06-Jan-2005 |
imp |
/* -> /*- for copyright notices, minor format tweaks as necessary
|
138888 |
15-Dec-2004 |
brueffer |
Fix typo in a comment.
MFC after: 3 days
|
135085 |
11-Sep-2004 |
phk |
Fix a problem that shows up if less than the full complement of lock sectors are defined ("number_of_keys" argument to gbde init being less than 4 in the default compile).
|
135084 |
11-Sep-2004 |
phk |
Respect that G_BDE_MAXKEYS is a compile time variable.
|
133318 |
08-Aug-2004 |
phk |
Tag all geom classes in the tree with a version number.
|
133314 |
08-Aug-2004 |
phk |
Use default method initialization on geoms.
|
126674 |
05-Mar-2004 |
jhb |
kthread_exit() no longer requires Giant, so don't force callers to acquire Giant just to call kthread_exit().
Requested by: many
|
125803 |
14-Feb-2004 |
phk |
Do not check error code from closing ->access() calls, we know they succeed.
|
125755 |
12-Feb-2004 |
phk |
Remove the absolute count g_access_abs() function since experience has shown that it is not useful.
Rename the relative count g_access_rel() function to g_access(), only the name has changed.
Change all g_access_rel() calls in our CVS tree to call g_access() instead.
Add an #ifndef BURN_BRIDGES #define of g_access_rel() for source code compatibility.
|
125591 |
08-Feb-2004 |
phk |
Polish the work/state engine in preparation for HW-crypto support.
|
125590 |
08-Feb-2004 |
phk |
Add a missing error case return.
Problem reported by: Flemming Jacobsen <fj@batmule.dk>
|
125579 |
07-Feb-2004 |
phk |
We don't need to hold Giant to create the worker kthread.
|
124869 |
23-Jan-2004 |
phk |
Remove the MD5_KEY debugging tool
|
120876 |
07-Oct-2003 |
phk |
Interior decoration changes.
|
119891 |
08-Sep-2003 |
phk |
Correct bzero length so we clear the entire key structure.
|
119809 |
06-Sep-2003 |
phk |
Bzero the right number of bytes.
Found by: Juergen Buchmueller <pullmoll@stop1984.com>
|
115624 |
01-Jun-2003 |
phk |
Simplify the GEOM OAM api: Drop the request type, and let everything hinge on the "verb" parameter which the class gets to interpret as it sees fit.
Move the entire request into the kernel and move changed parameters back when done.
|
115507 |
31-May-2003 |
phk |
Remove unused variable.
Found by: FlexeLint
|
115505 |
31-May-2003 |
phk |
Don't use & in front of arrays.
Found by: FlexeLint
|
115504 |
31-May-2003 |
phk |
Remove unused variable.
Found by: FlexeLint
|
115468 |
31-May-2003 |
phk |
Remove the G_CLASS_INITIALIZER, we do not need it anymore.
|
114720 |
05-May-2003 |
phk |
Re-order the the initialization slightly to improve structure.
|
114715 |
05-May-2003 |
phk |
Use a dedicated malloc(9) bucket for sector storage.
|
114543 |
02-May-2003 |
phk |
Considering that I did cast the arguments to (intmax_t) I must have been sleepy since I used %qd instead of %jd.
|
114251 |
29-Apr-2003 |
phk |
Fix an obscure fencepost error in GBDE's sector mapping code:
For certain combinations of sectorsize, mediasize and random numbers (used to define the mapping), a multisector read or write would ignore some subset of the sectors past the first sector in the request because those sectors would be mapped past the end of the parent device, and normal "end of media" truncation would zap that part of the request.
Rev 1.19+1.20 of g_bde_work.c added the check which should have alerted me to this happening. This commit maps the request correctly and adds KASSERTS to make sure things stay inside the parent device.
This does not change the on-disk layout of GBDE, there is no need to backup/restore.
|
114250 |
29-Apr-2003 |
phk |
Typo in last commit: Do not press xZZ to leave vi(1).
|
114249 |
29-Apr-2003 |
phk |
When a bio comes back from below with a zero error code, check that it wrote the full length. The only case where this should be able to happen is if we try to read/write past the end and the request is truncated. We obviously should never try to do that, so this code should never activate.
|
114167 |
28-Apr-2003 |
phk |
I accidentally leaked this debugging tool in with my last commit.
Disable it with a direct warning.
|
114153 |
28-Apr-2003 |
phk |
Rename g_bde_get_sector() to g_bde_get_keysector() and pick up the offset from the work packet.
|
114152 |
28-Apr-2003 |
phk |
Only attempt total cache-purge once in case of failure.
|
114150 |
28-Apr-2003 |
phk |
Better criteria for skipping disk reading BIO_READ work packets.
|
114148 |
28-Apr-2003 |
phk |
Explicitly set the sector state to JUNK if we encounter a read-error.
|
114088 |
26-Apr-2003 |
phk |
Bail as soon as the first write request has failed, there is no point in trying the second write if the first one went nowhere.
|
114087 |
26-Apr-2003 |
phk |
Appearantly UFS no longer issues BIO_DELETE requests correctly, and consequently trashes data. Disable BIO_DELETE handling in gbde for now.
|
114041 |
25-Apr-2003 |
phk |
Do an explicit retry after we have dumped the cache, rather than a (potential) tail recursion.
|
114040 |
25-Apr-2003 |
phk |
If on a BIO_READ request, we failed to allocate the bio for reading our key-sector, we would end up returning the read without an error, despite the fact that the data was not correctly decrypted.
This would result in data corruption on read, but intact data still on the media.
|
114038 |
25-Apr-2003 |
phk |
Fix a problem and slightly improve the ENOMEM handling:
Give up the entire bio as soon as we detect a problem.
When we detect a problem, give up the bio by contributing the remainder with ENOMEM, rather than kicking the bio back right away.
If we failed on a non-first iteration we previously could end up modifying fields in the bio after we delivered it. This could account for memory corruption (none directly reported) on machines with GBDE.
|
114035 |
25-Apr-2003 |
phk |
Don't count a sector in the cache unless we manage to create it.
|
114034 |
25-Apr-2003 |
phk |
Rename g_bde_release_sector() to g_bde_release_keysector() and pick up the sector from the work item.
|
114033 |
25-Apr-2003 |
phk |
Rename g_bde_read_sector() to g_bde_read_keysector() pick up the offset in the work structure.
|
113032 |
03-Apr-2003 |
phk |
Remove all references to BIO_SETATTR. We will not be using it.
|
113010 |
03-Apr-2003 |
phk |
Use sys/endian.h instead of geom_enc.c for endian-agnostfication.
|
112926 |
01-Apr-2003 |
phk |
Remove the old config interface now that the new OAM is functional.
|
112828 |
29-Mar-2003 |
phk |
Add create_geom and destroy_geom methods.
|
112594 |
25-Mar-2003 |
phk |
Forward compatibility: NULL check the passed in meta argument.
|
112552 |
24-Mar-2003 |
phk |
Premptively change initializations of struct g_class to use C99 sparse struct initializations before we extend the struct with new OAM related member functions.
|
112367 |
18-Mar-2003 |
phk |
Including <sys/stdint.h> is (almost?) universally only to be able to use %j in printfs, so put a newsted include in <sys/systm.h> where the printf prototype lives and save everybody else the trouble.
|
111964 |
07-Mar-2003 |
phk |
Limit our requests to DFLTPHYS, this is generally a good idea for memory-allocation purposes. Right now it is also a very good idea because we hit a Giant assertion in the free(9) processing if we free something larger than 64k.
|
111119 |
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
110712 |
11-Feb-2003 |
phk |
Typo in last commit.
|
110710 |
11-Feb-2003 |
phk |
Better names for struct disk elements: d_maxsize, d_stripeoffset and d_stripesisze;
Introduce si_stripesize and si_stripeoffset in struct cdev so we can make the visible to clustering code.
Add stripesize and stripeoffset to providers.
DTRT with stripesize and stripeoffset in various places in GEOM.
|
110697 |
11-Feb-2003 |
phk |
Unconditionally make our provider with G_PF_CANDELETE.
|
110541 |
08-Feb-2003 |
phk |
Move the g_stat struct to its own .h file, we will export it to other code.
Insted of embedding a struct g_stat in consumers and providers, merely include a pointer.
Remove a couple of <sys/time.h> includes now unneeded.
Add a special allocator for struct g_stat. This allocator will allocate entire pages and hand out g_stat functions from there. The "id" field indicates free/used status.
Add "/dev/geom.stats" device driver whic exports the pages from the allocator to userland with mmap(2) in read-only mode.
This mmap(2) interface should be considered a non-public interface and the functions in libgeom (not yet committed) should be used to access the statistics data.
|
110518 |
07-Feb-2003 |
phk |
Add the new statistics structure, put one in consumers and providers. include <sys/time.h> as necessary.
|
109623 |
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
108558 |
02-Jan-2003 |
phk |
Optimize the size of the work-items by letting the mapping function decide the largest size which stays inside the zone and does not collide with a lock sector.
|
108060 |
18-Dec-2002 |
phk |
Solve another bug in the mapping code: correctly skip lock sectors. Make sure sector zero is protected if it contains metadata.
Lower WARNS for gbde to 3 on non-i386 archs. rijndael-fst is evil but appearntly does the right thing and passes the test-vectors.
MFC Candidate.
|
108052 |
18-Dec-2002 |
phk |
Fix two blunders in the mapping functions which can lead to corrupt data, for request sizes larger than the sectorsize or for multi-key setups.
See warning mailed to current@ for details of recovery.
Found by: Marcus Reid <marcus@blazingdot.com>
|
107831 |
13-Dec-2002 |
phk |
Fix spelling in comment.
|
107451 |
01-Dec-2002 |
phk |
Conceiveably, there may exist an algorithm which can tell if a sequence of bytes are the output of AES/128/CBC or ARC4RANDOM. Encrypt the random data with which we wipe when we get a BIO_DELETE to make such an algorithm useful.
Sponsored by: DARPA & NAI Labs Approved by: re (blanket)
|
107450 |
01-Dec-2002 |
phk |
Use unsigned for an index.
Sponsored by: DARPA & NAI Labs. Approved by: re (blanket).
|
106518 |
06-Nov-2002 |
phk |
Straighten up the geom.ctl config interface definitions.
Sponsored by: DARPA & NAI Labs
|
106407 |
04-Nov-2002 |
phk |
Run a revision on the GBDE encryption facility.
Replace ARC4 with SHA2-512. Change lock-structure encoding to use random ordering rather for obscurity. Encrypt lock-structure with AES/256 instead of AES/128. Change kkey derivation to be MD5 hash based. Watch for malloc(M_NOWAIT) failures and ditch our cache when they happen. Remove clause 3 of the license with NAI Labs consent.
Many thanks to "Lucky Green" <shamrock@cypherpunks.to> and "David Wagner" <daw@cs.berkeley.edu>, for code reading, inputs and suggestions.
This code has still not been stared at for 10 years by a gang of hard-core cryptographers. Discretion advised.
NB: These changes result in the on-disk format changing: dump/restore needed.
Sponsored by: DARPA & NAI Labs.
|
106226 |
30-Oct-2002 |
phk |
Change the kkey generation cherry-picker to use MD5.
Sponsored by: DARPA & NAI Labs
|
106085 |
28-Oct-2002 |
phk |
Fix a bug in the cherry-picker kkey generator routine.
WARNING: You need to backup and restore the _unencrypted_ contents WARNING: of your GBDE disks when you take this update!
Sponsored by: DARPA & NAI Labs.
|
105551 |
20-Oct-2002 |
phk |
Now that the sectorsize and mediasize are properties of the provider, don't take the detour over the I/O path to discover them using getattr(), we can just pick them out directly.
Do note though, that for now they are only valid after the first open of the underlying disk device due compatibility with the old disk_create() API. This will change in the future so they will always be valid.
Sponsored by: DARPA & NAI Labs.
|
105542 |
20-Oct-2002 |
phk |
Make the sectorsize a property of providers so we can include it in the XML output.
Sponsored by: DARPA & NAI Labs
|
105520 |
20-Oct-2002 |
phk |
Be consistent about functions being static.
Spotted by: FlexeLint
|
105512 |
20-Oct-2002 |
phk |
Constify input to the arc4 seed function. Implement the lockfile hunting in sector zero.
Sponsored by: DARPA & NAI Labs.
|
105465 |
19-Oct-2002 |
phk |
Fix a missing initialization.
|
105464 |
19-Oct-2002 |
phk |
Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access to the contents of "cold disks" with or without destruction activation.
Major features:
* Based on AES, MD5 and ARC4 algorithms. * Four cryptographic barriers: 1) Pass-phrase encrypts the master key. 2) Pass-phrase + Lock data locates master key. 3) 128 bit key derived from 2048 bit master key protects sector key. 3) 128 bit random single-use sector keys protect data payload. * Up to four different changeable pass-phrases. * Blackening feature for provable destruction of master key material. * Isotropic disk contents offers no information about sector contents. * Configurable destination sector range allows steganographic deployment.
This commit adds the kernel part, separate commits will follow for the userland utility and documentation.
This software was developed for the FreeBSD Project by Poul-Henning Kamp and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
Many thanks to Robert Watson, CBOSS Principal Investigator for making this possible.
Sponsored by: DARPA & NAI Labs.
|