#
330726 |
|
10-Mar-2018 |
asomers |
MFC r323314, r323338, r328849
r323314: Audit userspace geom code for leaking memory to disk
Any geom class using g_metadata_store, as well as geom_virstor which duplicated g_metadata_store internally, would dump sectorsize - mdsize bytes of userspace memory following the metadata block stored. This is most or all geom classes (gcache, gconcat, geli, gjournal, glabel, gmirror, gmultipath, graid3, gshsec, gstripe, and geom_virstor).
PR: 222077 (comment #3) Reported by: Maxim Khitrov <max AT mxcrypt.com> Reviewed by: des Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12269
r323338: Fix information leak in geli(8) integrity mode
In integrity mode, a larger logical sector (e.g., 4096 bytes) spans several physical sectors (e.g., 512 bytes) on the backing device. Due to hash overhead, a 4096 byte logical sector takes 8.5625 512-byte physical sectors. This means that only 288 bytes (256 data + 32 hash) of the last 512 byte sector are used.
The memory allocation used to store the encrypted data to be written to the physical sectors comes from malloc(9) and does not use M_ZERO.
Previously, nothing initialized the final physical sector backing each logical sector, aside from the hash + encrypted data portion. So 224 bytes of kernel heap memory was leaked to every block :-(.
This patch addresses the issue by initializing the trailing portion of the physical sector in every logical sector to zeros before use. A much simpler but higher overhead fix would be to tag the entire allocation M_ZERO.
PR: 222077 Reported by: Maxim Khitrov <max AT mxcrypt.com> Reviewed by: emaste Security: yes Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D12272
r328849: geom: don't write stack garbage in disk labels
Most consumers of g_metadata_store were passing in partially unallocated memory, resulting in stack garbage being written to disk labels. Fix them by zeroing the memory first.
gvirstor repeated the same mistake, but in the kernel.
Also, glabel's label contained a fixed-size string that wasn't initialized to zero.
PR: 222077 Reported by: Maxim Khitrov <max@mxcrypt.com> Reviewed by: cem X-MFC-With: 323314 X-MFC-With: 323338 Differential Revision: https://reviews.freebsd.org/D14164
|
#
330449 |
|
05-Mar-2018 |
eadler |
MFC r326276:
various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task.
The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
No functional change intended.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
245456 |
|
15-Jan-2013 |
mav |
Allow to insert new component to geom_raid3 without specifying number.
PR: kern/160562 MFC after: 2 weeks
|
#
217305 |
|
12-Jan-2011 |
ae |
Sector size can not be greater than MAXPHYS. Since GRAID3 calculates sector size from user-specified block size, report to user about big blocksize.
PR: kern/147851 MFC after: 1 week
|
#
213662 |
|
09-Oct-2010 |
ae |
Replace strlen(_PATH_DEV) with sizeof(_PATH_DEV) - 1.
Suggested by: kib Approved by: kib (mentor) MFC after: 5 days
|
#
212554 |
|
13-Sep-2010 |
pjd |
- Remove gc_argname field. It was introduced for gpart(8), but if I understand everything correctly, we don't really need it. - Provide default numeric value as strings. This allows to simplify a lot of code. - Bump version number.
|
#
201578 |
|
05-Jan-2010 |
mav |
For completeness, add -s argument, manually specifying array block size.
|
#
169586 |
|
15-May-2007 |
marcel |
Add gpart(8).
In order to support gpart(8), geom(8) needs to support a named argument. Also, optional string parameters are a requirement. Both have been added to the infrastructure. The former required all existing classes to be adjusted.
|
#
163888 |
|
01-Nov-2006 |
pjd |
Now, that we have gjournal in the tree add possibility to configure gmirror and graid3 in a way that it is not resynchronized after a power failure or system crash. It is safe when gjournal is running on top of gmirror/graid3.
|
#
163205 |
|
10-Oct-2006 |
pjd |
Be sure to not create devices with (mediasize % sectorsize) != 0.
Reported by: xride MFC after: 1 week
|
#
163204 |
|
10-Oct-2006 |
pjd |
Be sure to not create device which
|
#
162868 |
|
30-Sep-2006 |
pjd |
MFp4: G_TYPE_BOOL sounds much better than G_TYPE_NONE.
Changes: 98722
|
#
155175 |
|
01-Feb-2006 |
pjd |
Remove trailing spaces.
|
#
153190 |
|
06-Dec-2005 |
pjd |
- The geom(8) utility only uses three types of arguments: string (char *), value (intmax_t) and boolean (int). Based on that provide three functions: - gctl_get_ascii() - gctl_get_int() - gctl_get_intmax() - Hide gctl_get_param() function, as it is only used internally in subr.c. - Allow to provide argument name as (fmt, ...). - Assert geom(8) bugs (missing argument is a geom(8) bug).
- Clean-up and simplify the code by using new functions and assumtions (no more checking for missing argument).
Tested by: regression tests
|
#
149302 |
|
19-Aug-2005 |
pjd |
Move function for calculating number of bits into more central place. I want to use it so more.
MFC after: 3 days
|
#
147947 |
|
13-Jul-2005 |
pjd |
Don't forget to initialize 'id' field.
MFC after: 3 days
|
#
143586 |
|
14-Mar-2005 |
pjd |
Define subcommands' usage inside g_command structure.
MFC after: 1 week
|
#
142727 |
|
27-Feb-2005 |
pjd |
- Add md_provsize field to metadata, which will help with shared-last-sector problem. After this change, even if there is more than one provider with the same last sector, the proper one will be chosen based on its size. It still doesn't fix the 'c' partition problem (when da0s1 can be confused with da0s1c) and situation when 'a' partition starts at offset 0 (then da0s1a can be confused with da0s1 and da0s1c). One can use '-h' option there, when creating device or avoid sharing last sector. Actually, when providers share the same last sector and their size is equal, they provide exactly the same data, so the name (da0s1, da0s1a, da0s1c) isn't important at all. - Provide backward compatibility. - Update copyright's year.
MFC after: 1 week
|
#
140298 |
|
15-Jan-2005 |
pjd |
Fix arguments syntax.
Manual pages fixes by: ru MFC after: 3 days
|
#
139295 |
|
25-Dec-2004 |
pjd |
- Add genid field to the metadata which will allow to improve reliability a bit. After this change, when component is disconnected because of an I/O error, it will not be connected and synchronized automatically, it will be logged as broken and skipped. Autosynchronization can occur, when component is disconnected (on orphan event) and connected again - there were no I/O error, so there is no need to not connected the component, but when there were writes while it wasn't connected, it will be synchronized. This fix cases, when component is disconnected because of I/O error and can be connected again and again. - Bump version number. - Implement backward compatibility mechanism. After this change when metadata in old version is detected, it is automatically upgraded to the new (current) version.
|
#
135370 |
|
17-Sep-2004 |
pjd |
Do not exit after printing usage, give geom(8) a chance to show standard commands.
|
#
134539 |
|
30-Aug-2004 |
pjd |
When configuring RAID3 with verification option, force synchronization of parity component, because we can't return an EIO error for read of every sector which wasn't written first.
Discussed with: phk
|
#
134420 |
|
28-Aug-2004 |
pjd |
Warn the user if we are not going to use whole provider space.
Requested by: Michael Handler <handler@grendel.net>
|
#
134168 |
|
22-Aug-2004 |
pjd |
Implementation of 'verify reading' algorithm, which uses parity data for verification of regular data when device is in complete state. On verification error, EIO error is returned for the bio and sysctl kern.geom.raid3.stat.parity_mismatch is increased.
Suggested by: phk
|
#
134124 |
|
21-Aug-2004 |
pjd |
Implement new reading algorithm, which will use parity component for reading as well, even if device is in complete state. I observe 40% of speed-up with this option for random read operations, but slowdown for sequential reads. Basically, without this option reading from a RAID3 device built from 5 components (c0-c4) looks like this:
Request no. Used components 1 c0+c1+c2+c3 2 c0+c1+c2+c3 3 c0+c1+c2+c3
With the new feature:
Request no. Used components 1 c0+c1+c2+c3 2 (c1^c2^c3^c4)+c1+c2+c3 3 c0+(c0^c2^c3^c4)+c2+c3 4 c0+c1+(c0^c1^c3^c4)+c3 5 c0+c1+c2+(c0^c1^c2^c4) 6 c0+c1+c2+c3 [...]
|
#
133960 |
|
18-Aug-2004 |
pjd |
Actually one can specify more than one device to stop.
|
#
133808 |
|
16-Aug-2004 |
pjd |
Introduce GEOM RAID3 class, i.e. kernel module, which implements RAID3 transformation and graid3(8) userland utility, which can be used for configuration. No manual page yet, sorry.
Hardware provided by: Daniel Seuffert
|