summaryrefslogtreecommitdiff
path: root/sbin/bioctl
AgeCommit message (Collapse)Author
2021-02-08Make bioctl properly verify raidlevels specified via the -c option.Stefan Sperling
Trailing characters in the option argument were ignored, such that -cC1 (typo of -c1C) was interpreted as -cC instead of being rejected. ok jsing@
2021-02-08Add a RAID1C (raid1 + crypto) softraid(8) discipline.Stefan Sperling
The RAID1C discipline encrypts data like the CRYPTO discipline, and accepts multiple chunks during creation and assembly like the RAID1 discipline. To deal with failing disks a RAID1C volume may be assembled with a smaller number of chunks than the volume was created with. The volume will then come up in degraded state. If the volume is now detached and assembled again with the correct number of chunks, any re-added chunks will require a rebuild. Consequently, assembling RAID1C volumes requires careful attention to the chunks passed via 'bioctl -l'. If a chunk is accidentally omitted from the command line during volume assembly, then this chunk will need to be rebuilt. At least one known-good chunk is required in order to assemble the volume. Like CRYPTO, RAID1C supports passphrase and key-disk authentication. Key-disk based volumes are assembled automatically if the key disk is present while the system is booting up. Unlike CRYPTO and RAID1, there is no boot support for RAID1C yet. RAID1C largely reuses existing code of RAID1 and CRYPTO disciplines. At present RAID1C's discipline-specific data structure is shared with that of the CRYPTO discipline to allow re-use of existing CRYPTO code. A custom RAID1C data structure would require CRYPTO code to access struct sr_crypto via a pointer instead of via a member field of struct sr_discipline. ok jsing@
2020-10-30Do not use ".Ar device" for both an option argument and for the operand.Ingo Schwarze
Instead, use ".Ar chunk" for the -R option argument just like it is already done for -l and -O. While here, polish a few minor details in the vicinity of the word "device". OK kn@
2020-09-28Revert a wording change that was made in revision 1.05solene
which was reverting a change made into 1.03 bioctl -d is "detaching" and not "deleting" a volume
2020-04-25Reduce minimum allowed number of chunks in a CONCAT volume from 2 toKenneth R Westerback
1. This increases the number of volumes that can be created on a single disk from 7 to 15. i.e. a disk can be sliced into a maximum of 225 (15 * 15) filesystems instead of a mere 105 (7 * 15). ok deraadt@
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
2019-05-11Kill a couple of superfluous "return;" statementsKenneth R Westerback
at the end of void functions. First one pointed out by Andrey Sokolov via bugs@
2018-07-09Unify and disambiguate various aspects of the terminology, clarifyIngo Schwarze
that there is only one softraid(4) controller (called softraid0), and clarify that you cannot add or delete chunks, but merely replace them. Tweaks and OK jsing@, and OK henning@ on a previous version.
2017-07-09remove redundant variable declarations in Makefiles, since those areMarc Espie
the default. okay millert@
2017-04-06less chatty EXAMPLES; from anton lindqvistJason McIntyre
2016-12-20This commit removes bio_status() calls after a BIOCLOCATE since thePatrick Wildt
bio status will never be updated on a BIOCLOCATE. In addition with missed zeroing of the passed bio struct, this could lead to a print of uninitialized memory. While there, properly zero the bio struct before passing it to ioctl(). ok mikeb@
2016-11-27Document bioctl -d as a "detach" rather than a "delete" operation.Stefan Sperling
ok tb@ danj@ deraadt@
2016-10-20optarg is declared in unistd.h and usage is __dead. From Jan Stary.Theo Buehler
ok natano
2016-09-21Document auto rounds.Joel Sing
2016-09-21Add support for automatically selecting the number of rounds to use withJoel Sing
bcrypt pbkdf, based on system performance. This is based on the bcrypt autorounds code we have in libc. Discussed with djm@ and tedu@.
2016-09-21Be clearer with the description of bioctl(8)'s -r option.Joel Sing
ok jmc@
2016-09-19Update for bcrypt pbkdf.Joel Sing
2016-09-19Switch softraid crypto from PKCS5 PBKDF2 to bcrypt PBKDF.Joel Sing
New volumes will be created with bcrypt PBKDF, however existing volumes will continue to use PKCS5 PBKDF2 until a passphrase change is made. If you're booting from softraid crypto, ensure that your boot loader has been upgraded to a version that supports bcrypt prior to changing your passphrase. Also be aware that once the passphrase has been changed, an older version of bioctl(8) (one that does not support bcrypt PBKDF) will not be able to "unlock" the volume. Partly based on a diff from djm@.
2016-09-10Teach bioctl derive_key() how to handle bcrypt_pbkdf.Joel Sing
Part of a diff from djm@
2016-09-10Ugh, too many initialisms...Joel Sing
2016-09-10Clean up some softraid crypto code - rename struct sr_crypto_kdf_pbkdf2 toJoel Sing
sr_crypto_pbkdf (since it is useable for more than just pkcs5_pbkdf2) and embed a struct sr_crypto_genkdf within it, rather than redeclaring the same fields. Rename SR_CRYPTOKDFT_PBKDF2 to SR_CRYPTOKDFT_PCKS5_PBKDF2 and add SR_CRYPTOKDFT_BCRYPT_PBKDF for upcoming changes.
2016-09-08When changing the passphrase, keep the previous number of rounds, unlessJoel Sing
specified otherwise. Part of a diff from halex@
2016-09-08Shuffle some code to make futher changes easier - pass the KDF type intoJoel Sing
derive_key_pkcs(), check the type and rounds in one place, unify the rounds too small error.
2016-09-08When changing a passphrase, use bio_kdf_generate() so that we generate aJoel Sing
new salt and respect the specified number of rounds. Before changing your softraid crypto passphrase ensure that you are running a kernel with r1.131 of softraid_crypto.c, otherwise the volume will become unusable. Same diff also from djm@ and halex@
2016-05-13overzealous use of errx() hides useful information about errors.Ted Unangst
ok benno millert
2016-04-04Remove caveat about only supporting 512-byte sectors.Kenneth R Westerback
2016-02-04Fix an unitialized variable; pointed out by jsg@.Masao Uebayashi
2015-10-22halex removed the -p restriction, so do not document it;Jason McIntyre
from kirill bychkov
2015-09-12obvious macros fixes:Ingo Schwarze
* use .Cm for fixed argument strings * properly use .Ar on individual arguments * drop redundant .Bk
2015-07-18remove the restriction to disallow the use of a passphrase file duringAlexander Hall
initial creation of a crypto volume ok phessler
2015-05-30fix usage();Jason McIntyre
2015-05-29Initial addition of ``Patrol Read'' support in bio(4), biocto(8), andMasao Uebayashi
mfi(4). Based on FreeBSD, but done without mfiutil(8). OK deraadt@
2015-05-11explicit_bzero(3) on private data, in case of core dumps (and being a good ↵Martin Pelikan
example) ok florian jsing
2015-04-11Re-enable the RAID 5 discipline for softraid(4).Joel Sing
The RAID 5 implementation has been largely rewritten during the last two hackathons in Dunedin - it now needs further testing and usage.
2015-03-18Sort getopt() string.Masao Uebayashi
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
Predefined strings are not very portable across troff implementations, and they make the source much harder to read. Usually the intended character can be written directly. No output changes, except for two instances where the incorrect escape was used in the first place. tweaks + ok schwarze@
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-10-08tedu the tedu code that tedu forgot to tedu when he tedued the other partJoel Sing
of this tedu code.
2014-07-20Make sure the correct errno is reported by warn* or err* and notPhilip Guenther
the errno of an intervening cleanup operation like close/unlink/etc. Diff from Doug Hogan (doug (at) acyclic.org)
2014-04-22malloc/memset -> calloc. from peter maloneTed Unangst
2014-01-18Disable the RAID 5 discipline in bioctl, as the current softraid RAID 5Joel Sing
discipline will more than likely eat data if a drive is lost. Discussed with krw@
2014-01-18Remove the RAID 4 discipline from softraid. Anyone sensible would use RAIDJoel Sing
5 instead of RAID 4, assuming both were functional. Discussed with krw@
2014-01-18Remove -Wbounded: it is now the compiler default.Martynas Venckus
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
Careful second audit by millert
2013-11-11oops, forgot a #ifdef AOE in last commitTheo de Raadt
2013-11-04substantial namespace cleanup. Might go a little bit too far, but weTheo de Raadt
can expose some of the kernel structures with split .h files if need be. Discussed with various, including jsing.
2013-10-31Make sure -v output is properly aligned with the normal output.Mark Kettenis
2013-10-23Add support for displaying the cache write policy of RAID volumes to bioctl(8)Mark Kettenis
and make mfi(4) pass up the necessary information. Adding support for other RAID controllers is left as an excercise to the reader. ok deraadt@
2013-08-11capitalize RAID in one spot.Brad Smith
2013-07-16Add missing .Mt macros for AUTHORS email addresses.Ingo Schwarze
From Jan Stary <hans at stare dot cz>. ok jmc@