#
6dedde71 |
|
01-May-2018 |
Sean Klein <smklein@google.com> |
[block] Implement v2 of Block Protocol - "Transactions" renamed to "Groups". The term transaction remains, and is used to corresponds to a single FIFO request. - "Groups" pre-allocated by block server. Clients can use groups between [0, MAX_TXN_GROUP_COUNT) without needing to allocate. Groups signify structures that can wait to transmit responses for a collection of transactions. These transactions may be requested via "BLOCKIO_TXN_GROUP"; the block-client library does this automatically. - "One-shot" transactions, which are not associated with a group, are also implemented. All "one-shot" transactions receive a FIFO response. ZX-1584 #done ZX-1580 #comment In Progress TEST=ramdisk, fvm, zxcrypt, block, fs tests, running iochk manually Change-Id: I7caf342804baf32543adfef3fec76f7d77d89b3f
|
#
29fb0bfa |
|
05-Jul-2018 |
Benjamin Lerman <qsr@chromium.org> |
[zx] Add new API for zx::time This also change zx::clock to be a class instead of a namespace, because nested namespaces are banned. TEST=Everything still compiles, tests still pass. Change-Id: I954558aaaed554fe088c11ff7bbc7d914eebdf6f
|
#
2d54b055 |
|
04-Jul-2018 |
Benjamin Lerman <qsr@chromium.org> |
[zx] Prepare to use typed clock for zx::time This CL introduces zx::base_time, zx::time_utc and zx::time_thread as alias to zx::time. It also introduces a new templated factory method to produce zx::base_time. This is in preparation for the time type to be different depending on the clock used. After this CL, clients will be able to use both the current API, as well as the typed API. When all clients have migrated to the new API, the old API will be removed and the time types will be enforced. TEST=Everything still compiles ZX-2338 Change-Id: I3b6f4eced5df23b8dc4b1310bd8d0a89291b07a8
|
#
049ff83d |
|
15-May-2018 |
Tricia Landers <planders@google.com> |
[ramdisk] Fail after block count instead of transaction count. Test: Ramdisk and zxcrypt tests Change-Id: Idf80102b6c04dd8c468f347607502672df0b91db
|
#
f177f3e0 |
|
16-Jun-2018 |
Sean Klein <smklein@google.com> |
[fvm][zxcrypt] Refactor libraries to avoid fdio dependency ZX-2266 #done Test: Refactor; relying on exitant library/driver tests. Change-Id: Ia54acac0fb8056c91b26c097a8efae22dd0c5b3a
|
#
5385b50e |
|
25-May-2018 |
Aaron Green <aarongreen@google.com> |
[crypto] Split Bytes class This CL breaks out the Secret class from the Bytes class. A number of paranoid but expensive functions are only needed for security sensitve secrets, e.g. mandatory_memset in the destructor of keys. This split allows only the data that needs the paranoia to pay for it. Change-Id: Ib3fdc23ef7c0f86a6549c639353ac72bb35ebedf
|
#
379f22fa |
|
06-Jun-2018 |
Adam Barth <abarth@google.com> |
[fdio] Move headers into lib/fdio/... Change-Id: Ie8d74e716da913bf6e2672c4acf8cd67b4962b7f
|
#
01dd8550 |
|
21-Mar-2018 |
Aaron Green <aarongreen@google.com> |
[devmgr][fs-management][zxcrypt] Add zxcrypt detection This CL adds zxcrypt volume detection and auto-binding. Long term, this will only work for zxcrypt volumes using unattended encryption, that is, those not depending on user authentication. Change-Id: Iaf97e44ce63b467c7a714df8adccc9adf124e74d
|
#
2440abdb |
|
21-Mar-2018 |
Aaron Green <aarongreen@google.com> |
[paver] Add zxcrypt support This CL adds a flag to FVM sparse containers. This flag indicates to the disk paver that it should use a zxcrypt volume on top of the FVM partition. The ability to set the flag in the host FVM tool will be added in a later CL. Change-Id: Ica8a416ca7244b1bf8e045ededb2bcfe845092f5
|
#
dacd6af7 |
|
24-Apr-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Don't cache parent block information This CL removes the copy of the block_info_t from the zxcrypt device. Caching such information caused it to be invalid after FVM resizes. This also caused the 'synthetic' block size to be removed, which hasn't been needed since the Jan. refactor, and which broke atomicity with lower layers. ZX-1948 #comment Fixed Change-Id: I8d2e9ab8eb965f7ead1796eb38d9dc0e6ee939f8
|
#
d7781bda |
|
23-Feb-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Prevent large request starvation This CL tweaks how large I/O requests get deferred. Currently, when a request is queued via BlockQueue, the code checks if there's enough resources in the pool to immediately send the request to the device or encrypter (for reads and writes, respectively). If not, it is added to an internal queue which is checked when BlockRelease is called. If a large request gets queued, it may get consistently preempted by smaller requests that skip the queue. The new approach checks always adds requests to the end of the queue if it is non-empty. The chance of stalling remains low as max_transfer_size if 1/4 of the overall pool size. Additionally, the code has been refactored to only need to grab the lock once to add or remove a request from the queue (instead of thrice previously). Change-Id: I1d07de8ccfd90edf52b7337b56b7ef1596316aef
|
#
85c26aed |
|
17-Apr-2018 |
Aaron Green <aarongreen@google.com> |
[fs-management] Make wait_for_device recursive This CL teaches wait_for_driver_bind to wait for parent devices if they have not yet been bound, and renames it to wait_for_device. This simplifies usage when multiple devices are expected to bind, e.g. rebinding a ramdisk with a zxcrypt device in an FVM partition. This CL does NOT simplify the call sites which have unsafe path manipulations involving strcpy and strcat. These buffer overflows will be addressed in following CLs (see SEC-70). ZX-2016 #comment Allows moving zxcrypt_create out of disk-pave.cpp Change-Id: I218ad02d8969ab51bd1dcd35efe864355ba1b151
|
#
e0d70dec |
|
16-Mar-2018 |
James Robinson <jamesr@google.com> |
[zx] Move public zx headers to match naming convention The zx library provides headers intended for general use, so the include path should be spelled <lib/zx/foo.h> as per https://fuchsia.googlesource.com/docs/+/master/development/languages/c-cpp/naming.md. This moves the headers into the proper location and updates includes to match. Change-Id: I6fc9b2a491b5f8b0d270c4dfc77fa4be5739071b
|
#
226f4c5e |
|
16-Mar-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Use wait_for_driver_bind in TestDevice This CL replaces the block watcher from TestDevice with the more standard one in ulib/fs-management. The most salient difference is the lack of a timeout, but that's acceptable as these routines are not expected to fail. It also adds error messages around the calls to bind drivers to devices, so that the culprit may be more easily identified in the case of test flake. ZX-1825 #comment Expected to be fixed Change-Id: I0caaa9bb752492ebba84a3def90eb46df86bcabc
|
#
c40adafa |
|
13-Feb-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Refactor TestDevice This CL refactors TestDevice's lifecycle, especially with regards to its block fifo lifecycle management. I am fairly certain the root cause of the test flake was the way I was using |fdio_watch_directory| did not guarantee I wouldn't get the wrong device when aggressively un/binding. That method calls a provided callback whenever files are added, removed, etc. to a directory. Watching a directory in the /dev tree is the only way to be notified of new devices being added or removed right now. Notably, it immediately invokes the callback with an 'add' event for each existing files. Previously, since multiple devices could be added by binding a single driver (i.e., the requested driver, auto-detected FVM drivers and a mid-layer driver for each), the code watched the /dev/class/block directory for an alias whose topological path ended in the right suffix. This was racy since we might get an 'add' event for a device from a previous test that hadn't quite unbound, and mtach the suffix. The new approach recursively calls |fdio_watch_directory| for each element in the topological path, thus guaranteeing we can only bind to the new ramdisk created for each test. ZX-1659 #comment Fixes the test flake Change-Id: I3fbf571e5d81a528ecccb9067fe8742e1cf4a151
|
#
813145a3 |
|
12-Feb-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Rewrite TestDevice a unit test helpers There's some outstanding flake in the zxcrypt unit tests, but current output from failed tests isn't sufficiently useful in isolating it. This CL attempts to improve the reporting of unexpected errors by converting the methods of zxcrypt::testing::TestDevice to be unit test helpers as defined in unittest.h. ZX-1659 Change-Id: Ie23b323e559099ce4b2527ff07a87aee669f4449
|
#
128b37f1 |
|
19-Jan-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Add encrypted block device filter driver This CL adds the actual driver and associated tests. The driver consists of the Device itself, extra fields used to associate I/O requests with pooled resources used to perform cryptographic transformations, and threaded workers used to perform that work asynchonously. Change-Id: Ib1ac05c6abda076359264b861946d23aba98d983
|
#
ad68da1d |
|
19-Jan-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Improve Volume support for Cipher, FVM This CL modifies three areas of Volume: 1. It moves all metadata to the first two FVM slices and doesn't use the last one. 2. It tweaks some tests and test conditions to accomdate changes in ramdisks. 3. It refactors Bind to initialize one cipher at a time. Change-Id: Iff7629473e93beb5fb38a3d97002cc799fc67da1
|
#
16e16ded |
|
19-Jan-2018 |
Aaron Green <aarongreen@google.com> |
[crypto][fdio][zxcrypt] Improve debug output This CL improves fdio/debug's xprintf with location info. Change-Id: Idd05c0439258ed3fe160086bcce05575eddbc38b
|
#
1aa56bb7 |
|
19-Jan-2018 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Rename superblock to volume zxcrypt::Superblock evolved beyond just an interface for a single block of metadata into something more like a zxcrypt volume interface. This CL renames the class to reflect that. Change-Id: I8602a9531687df31e84f701e277f07238c519b6e
|
#
aa3b7734 |
|
24-Jan-2018 |
Adam Barth <abarth@google.com> |
[zx] Update callers to zx::time and zx::duration types The zx_time_t and zx_duration_t variants will be removed eventually. Change-Id: Icc54983edc154eee2d1258160f921c3afc212ae0
|
#
885d05a1 |
|
17-Oct-2017 |
Aaron Green <aarongreen@google.com> |
[zxcrypt] Add Superblock class This CL adds Superblock, which encapsulates how the cryptographic metadata is stored and retrieved by zxcrypt. I/O performance is not as critical a concern here, as the superblock is generally only involved in 'lifecycle' events of a zxcrypt device, that is formatting, binding, rekeying, and shredding, and not individual data transfers. Change-Id: I73cebf8d653cee9c00ce7a952bc75852361fec8b
|