g_bde.c revision 143418
1251767Sgibbs/*- 2251767Sgibbs * Copyright (c) 2002 Poul-Henning Kamp 3251767Sgibbs * Copyright (c) 2002 Networks Associates Technology, Inc. 4251767Sgibbs * All rights reserved. 5251767Sgibbs * 6251767Sgibbs * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7251767Sgibbs * and NAI Labs, the Security Research Division of Network Associates, Inc. 8251767Sgibbs * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 9251767Sgibbs * DARPA CHATS research program. 10251767Sgibbs * 11251767Sgibbs * Redistribution and use in source and binary forms, with or without 12251767Sgibbs * modification, are permitted provided that the following conditions 13251767Sgibbs * are met: 14251767Sgibbs * 1. Redistributions of source code must retain the above copyright 15251767Sgibbs * notice, this list of conditions and the following disclaimer. 16251767Sgibbs * 2. Redistributions in binary form must reproduce the above copyright 17251767Sgibbs * notice, this list of conditions and the following disclaimer in the 18251767Sgibbs * documentation and/or other materials provided with the distribution. 19251767Sgibbs * 20251767Sgibbs * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 21251767Sgibbs * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22251767Sgibbs * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23251767Sgibbs * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 24251767Sgibbs * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25251767Sgibbs * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26251767Sgibbs * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27251767Sgibbs * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28251767Sgibbs * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29251767Sgibbs * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30251767Sgibbs * SUCH DAMAGE. 31251767Sgibbs * 32251767Sgibbs * $FreeBSD: head/sys/geom/bde/g_bde.c 143418 2005-03-11 15:42:51Z ume $ 33251767Sgibbs * 34251767Sgibbs */ 35251767Sgibbs 36251767Sgibbs#include <sys/param.h> 37251767Sgibbs#include <sys/bio.h> 38251767Sgibbs#include <sys/lock.h> 39251767Sgibbs#include <sys/mutex.h> 40251767Sgibbs#include <sys/malloc.h> 41251767Sgibbs#include <sys/systm.h> 42251767Sgibbs#include <sys/kernel.h> 43251767Sgibbs#include <sys/kthread.h> 44251767Sgibbs 45251767Sgibbs#include <crypto/rijndael/rijndael-api-fst.h> 46251767Sgibbs#include <crypto/sha2/sha2.h> 47251767Sgibbs#include <geom/geom.h> 48251767Sgibbs#include <geom/bde/g_bde.h> 49251767Sgibbs#define BDE_CLASS_NAME "BDE" 50251767Sgibbs 51251767Sgibbsstatic void 52251767Sgibbsg_bde_start(struct bio *bp) 53251767Sgibbs{ 54251767Sgibbs 55251767Sgibbs switch (bp->bio_cmd) { 56251767Sgibbs case BIO_DELETE: 57251767Sgibbs case BIO_READ: 58251767Sgibbs case BIO_WRITE: 59251767Sgibbs g_bde_start1(bp); 60251767Sgibbs break; 61251767Sgibbs case BIO_GETATTR: 62251767Sgibbs g_io_deliver(bp, EOPNOTSUPP); 63251767Sgibbs break; 64251767Sgibbs default: 65251767Sgibbs g_io_deliver(bp, EOPNOTSUPP); 66251767Sgibbs return; 67251767Sgibbs } 68251767Sgibbs return; 69251767Sgibbs} 70251767Sgibbs 71251767Sgibbsstatic void 72251767Sgibbsg_bde_orphan(struct g_consumer *cp) 73251767Sgibbs{ 74251767Sgibbs struct g_geom *gp; 75251767Sgibbs struct g_provider *pp; 76251767Sgibbs struct g_bde_softc *sc; 77251767Sgibbs int error; 78251767Sgibbs 79251767Sgibbs g_trace(G_T_TOPOLOGY, "g_bde_orphan(%p/%s)", cp, cp->provider->name); 80251767Sgibbs g_topology_assert(); 81251767Sgibbs KASSERT(cp->provider->error != 0, 82251767Sgibbs ("g_bde_orphan with error == 0")); 83251767Sgibbs 84251767Sgibbs gp = cp->geom; 85251767Sgibbs sc = gp->softc; 86251767Sgibbs gp->flags |= G_GEOM_WITHER; 87251767Sgibbs error = cp->provider->error; 88251767Sgibbs LIST_FOREACH(pp, &gp->provider, provider) 89251767Sgibbs g_orphan_provider(pp, error); 90251767Sgibbs bzero(sc, sizeof(struct g_bde_softc)); /* destroy evidence */ 91251767Sgibbs return; 92251767Sgibbs} 93251767Sgibbs 94251767Sgibbsstatic int 95251767Sgibbsg_bde_access(struct g_provider *pp, int dr, int dw, int de) 96251767Sgibbs{ 97251767Sgibbs struct g_geom *gp; 98251767Sgibbs struct g_consumer *cp; 99251767Sgibbs 100 gp = pp->geom; 101 cp = LIST_FIRST(&gp->consumer); 102 if (cp->acr == 0 && cp->acw == 0 && cp->ace == 0) { 103 de++; 104 dr++; 105 } 106 /* ... and let go of it on last close */ 107 if ((cp->acr + dr) == 0 && (cp->acw + dw) == 0 && (cp->ace + de) == 1) { 108 de--; 109 dr--; 110 } 111 return (g_access(cp, dr, dw, de)); 112} 113 114static void 115g_bde_create_geom(struct gctl_req *req, struct g_class *mp, struct g_provider *pp) 116{ 117 struct g_geom *gp; 118 struct g_consumer *cp; 119 struct g_bde_key *kp; 120 int error, i; 121 u_int sectorsize; 122 off_t mediasize; 123 struct g_bde_softc *sc; 124 void *pass; 125 void *key; 126 127 g_trace(G_T_TOPOLOGY, "g_bde_create_geom(%s, %s)", mp->name, pp->name); 128 g_topology_assert(); 129 gp = NULL; 130 131 132 gp = g_new_geomf(mp, "%s.bde", pp->name); 133 cp = g_new_consumer(gp); 134 g_attach(cp, pp); 135 error = g_access(cp, 1, 1, 1); 136 if (error) { 137 g_detach(cp); 138 g_destroy_consumer(cp); 139 g_destroy_geom(gp); 140 gctl_error(req, "could not access consumer"); 141 return; 142 } 143 pass = NULL; 144 key = NULL; 145 do { 146 pass = gctl_get_param(req, "pass", &i); 147 if (pass == NULL || i != SHA512_DIGEST_LENGTH) { 148 gctl_error(req, "No usable key presented"); 149 break; 150 } 151 key = gctl_get_param(req, "key", &i); 152 if (key != NULL && i != 16) { 153 gctl_error(req, "Invalid key presented"); 154 break; 155 } 156 sectorsize = cp->provider->sectorsize; 157 mediasize = cp->provider->mediasize; 158 sc = g_malloc(sizeof(struct g_bde_softc), M_WAITOK | M_ZERO); 159 gp->softc = sc; 160 sc->geom = gp; 161 sc->consumer = cp; 162 163 error = g_bde_decrypt_lock(sc, pass, key, 164 mediasize, sectorsize, NULL); 165 bzero(sc->sha2, sizeof sc->sha2); 166 if (error) 167 break; 168 kp = &sc->key; 169 170 /* Initialize helper-fields */ 171 kp->keys_per_sector = kp->sectorsize / G_BDE_SKEYLEN; 172 kp->zone_cont = kp->keys_per_sector * kp->sectorsize; 173 kp->zone_width = kp->zone_cont + kp->sectorsize; 174 kp->media_width = kp->sectorN - kp->sector0 - 175 G_BDE_MAXKEYS * kp->sectorsize; 176 177 /* Our external parameters */ 178 sc->zone_cont = kp->zone_cont; 179 sc->mediasize = g_bde_max_sector(kp); 180 sc->sectorsize = kp->sectorsize; 181 182 TAILQ_INIT(&sc->freelist); 183 TAILQ_INIT(&sc->worklist); 184 mtx_init(&sc->worklist_mutex, "g_bde_worklist", NULL, MTX_DEF); 185 /* XXX: error check */ 186 kthread_create(g_bde_worker, gp, &sc->thread, 0, 0, 187 "g_bde %s", gp->name); 188 pp = g_new_providerf(gp, gp->name); 189#if 0 190 /* 191 * XXX: Disable this for now. Appearantly UFS no longer 192 * XXX: issues BIO_DELETE requests correctly, with the obvious 193 * XXX: outcome that userdata is trashed. 194 */ 195 pp->flags |= G_PF_CANDELETE; 196#endif 197 pp->stripesize = kp->zone_cont; 198 pp->stripeoffset = 0; 199 pp->mediasize = sc->mediasize; 200 pp->sectorsize = sc->sectorsize; 201 g_error_provider(pp, 0); 202 break; 203 } while (0); 204 if (pass != NULL) 205 bzero(pass, SHA512_DIGEST_LENGTH); 206 if (key != NULL) 207 bzero(key, 16); 208 if (error == 0) 209 return; 210 g_access(cp, -1, -1, -1); 211 g_detach(cp); 212 g_destroy_consumer(cp); 213 if (gp->softc != NULL) 214 g_free(gp->softc); 215 g_destroy_geom(gp); 216 return; 217} 218 219 220static int 221g_bde_destroy_geom(struct gctl_req *req, struct g_class *mp, struct g_geom *gp) 222{ 223 struct g_consumer *cp; 224 struct g_provider *pp; 225 struct g_bde_softc *sc; 226 227 g_trace(G_T_TOPOLOGY, "g_bde_destroy_geom(%s, %s)", mp->name, gp->name); 228 g_topology_assert(); 229 /* 230 * Orderly detachment. 231 */ 232 KASSERT(gp != NULL, ("NULL geom")); 233 pp = LIST_FIRST(&gp->provider); 234 KASSERT(pp != NULL, ("NULL provider")); 235 if (pp->acr > 0 || pp->acw > 0 || pp->ace > 0) 236 return (EBUSY); 237 sc = gp->softc; 238 cp = LIST_FIRST(&gp->consumer); 239 KASSERT(cp != NULL, ("NULL consumer")); 240 sc->dead = 1; 241 wakeup(sc); 242 g_access(cp, -1, -1, -1); 243 g_detach(cp); 244 g_destroy_consumer(cp); 245 while (sc->dead != 2 && !LIST_EMPTY(&pp->consumers)) 246 tsleep(sc, PRIBIO, "g_bdedie", hz); 247 mtx_destroy(&sc->worklist_mutex); 248 bzero(&sc->key, sizeof sc->key); 249 g_free(sc); 250 g_wither_geom(gp, ENXIO); 251 return (0); 252} 253 254static void 255g_bde_ctlreq(struct gctl_req *req, struct g_class *mp, char const *verb) 256{ 257 struct g_geom *gp; 258 struct g_provider *pp; 259 260 if (!strcmp(verb, "create geom")) { 261 pp = gctl_get_provider(req, "provider"); 262 if (pp != NULL) 263 g_bde_create_geom(req, mp, pp); 264 } else if (!strcmp(verb, "destroy geom")) { 265 gp = gctl_get_geom(req, mp, "geom"); 266 if (gp != NULL) 267 g_bde_destroy_geom(req, mp, gp); 268 } else { 269 gctl_error(req, "unknown verb"); 270 } 271} 272 273static struct g_class g_bde_class = { 274 .name = BDE_CLASS_NAME, 275 .version = G_VERSION, 276 .destroy_geom = g_bde_destroy_geom, 277 .ctlreq = g_bde_ctlreq, 278 .start = g_bde_start, 279 .orphan = g_bde_orphan, 280 .access = g_bde_access, 281 .spoiled = g_std_spoiled, 282}; 283 284DECLARE_GEOM_CLASS(g_bde_class, g_bde); 285