| Age | Commit message (Collapse) | Author |
|---|
|
Spoofed labels have zero duid and there is no reason not to allow them to
work with duid notation.
ok kn@
|
|
d_uid written to disk.
|
|
initialized with arc4random().
|
|
into FS_* values. Similar to what gpt_get_fstype() does. Code is
clearer and better positioned for planned enhancements to
spoofing.
No intentional functional change.
|
|
parameter const.
|
|
|
|
device whose disklabel is being checked. Within checkdisklabel()
use this information to discover a device name iff (sic) the
label is an obsolete version. Use the name to generate a
meaningful warning message asking the user to rewrite the
disklabel and thus promote it to the current version.
Suggested by, feedback from and ok deraadt@
|
|
findblkname() and DISKUNIT(). Allows all block devices, not just
sd* and vnd* to generate useful names in DEBUG output.
Cluebat by deraadt@
|
|
again.
|
|
to always be able to provide a duid, and keep ignoring whole zero duids.
This fixes a race in vnd setup where the disk_attach callback could run
before any I/O occurs on the vnd, thus not having a label available yet.
noticed by otto@ and kn@; ok kn@
|
|
and BOOTABLE, set BOOTABLE attribute bit instead of using the
incorrect GPTDOSACTIVE value, have 'fdisk -v' print out GPT
partition attributes if any of the 64 bits are set, don't spoof
any partition with REQUIRED bit set.
Prompted by kettenis@ stumbling across a machine with 40+ (!!)
REQUIRED GPT partitions.
Tested & ok kettenis@
|
|
ok deraadt@
|
|
ok mpi@ millert@
|
|
it extends beyond the edge of the disk the GPT currently
inhabits. We only care if enough of it is addressable that a
disklabel is accessible.
Brings GPT handling of 'OpenBSD partitions extending too far'
into line with the MBR handling of the same situation.
|
|
|
|
LBA area (gh_lba_start == gh_lba_end) and allowing either or both
of gh_lba_start and gh_lba_end to exceed the size of the disk the
GPT currently inhabits.
Reduces false negatives and inappropriate fall through to MBR
spoofing and allows repair of otherwise valid GPT.
|
|
any attention for some time.
ok otto@ as part of larger diff
|
|
MBR partitions previously enjoyed.
Found and fix tested by matthieu@
|
|
ok mpi@ miod@
|
|
partitions.
miod@ (re)discovered an off-by-one in some device size
calculations. Whether the ancient misbehaviour of some devices to
confuse number of sectors with highest valid sector address or
something newer.
Should fix miod@'s octeon boot disk.
|
|
a uint64_t may not produce the (humanly) obvious result.
Cast one of them to a (uint64_t) in the hope of invoking the
appropriate int promotion god.
CID 1519495
|
|
validity is checked.
Found the hard way by kn@
Cluebats from millert@ and deraadt@.
Fix tested by and ok kn@
|
|
helper functions.
The refactored code ensures disklabels are read from/written to
disk only from/to unused space or an OpenBSD partition. This
prevents accidental damage to filesystems that start immediately
following an MBR or GPT.
The refactored code also finds the disklabel present on the
i386/amd64 floppyXX.img, rather than spoofing the media as a
single MSDOS partition.
Tweak and positive comments from jmatthew@
|
|
header fields gh_csum and gh_part_csum.
Constrain kernel to accepting only correct little-endian
checksums.
Temporarily allow fdisk(8) to read either endian GPTs so that
big-endian GPTs can be made correct by a simple 'fdisk -e' &&
'w'.
Fixes inter-architecture, inter-OS GPT portability and GPT
fdisk(8) on big-endian architectures. Broken since initial GPT
implementation.
Suggestions and ok kettenis@
|
|
allocated memory could be too short for the list of disks. Retry
allocating enough space until it did not change.
The disk list and duid memory are protected by kernel lock. Use
asserts to mark this explicitly.
Reported-by: syzbot+807423f6868bbfb836bc@syzkaller.appspotmail.com
OK anton@ mpi@
|
|
ok semarie@
|
|
partitions into the disklabel.
First, since the alt header is never accessed there is no need to
worry about it being inaccessible.
Second, the GPT header claiming to cover more sectors than the
device has is no reason to ignore all the partitions. The
partition actually present could still be useful.
Issues encountered in the wild by mlarkin@ while accessing some
disk images.
ok deraadt@
|
|
media length check to allow EFI GPT partitions to be smaller that
the entire disk.
Consistently use GPTSECTOR instead of randomly tossing in some
literal '1's.
ok kettenis@
|
|
of the usable LBA range defined by the GPT header. And then shrink
them to the bounds of the first OpenBSD partition if one is found.
While here simplify the logic, eliminate some superfluous variables
and reduce use of magic numbers.
Improvement suggested by sobrado@ ok kettenis@
|
|
EFI GPT partition (0xEE) in the protective MBR to be smaller that the
actual size of the media.
This allows GPT disk images dd'ed onto larger physical media to be
recognized by fdisk(8) and the kernel.
Feedback from kettenis@ on various earlier versions.
|
|
No intentional functional change.
|
|
0xEE (DOSPTYP_EFI) partition, or -1 no usable such partition is found.
Adopt a consistent idiom to capture the index for future use.
Clean up the gpt_chk_mbr() logic to make it clearer what constraints
are being applied when looking for the DOSTYP_EFI partition.
No intentional functional change.
|
|
"IdontNeedEFI", a.k.a. "BIOS boot") as FS_BOOT. Often used to contain the second
stage boot loader binary on disk images.
Makes it easier to recognize/overwrite/remove the contents.
Not yet supported in fdisk(8).
Example image provided by mlarkin@
|
|
ok dlg@
|
|
conversion steps). it only contains kernel prototypes for 4 interfaces,
all of which legitimately belong in sys/systm.h, which are already included
by all enqueue_randomness() users.
|
|
Logic is hard, so keep only one of two logically equivalent statements.
CID 271085
ok kettenis@, deraadt@, miod@
|
|
OK cheloha bluhm
|
|
this gets rid of the source annotation which doesn't really add
anything other than adding complexitiy. randomess is generally
good enough that the few extra bits that the source type would
add are not worth it.
ok mikeb@ deraadt@
|
|
ok krw@
|
|
accepted by both clang and gcc and safe given that varargs arguments are
promoted to int anyway. Using %h in the kernel is discouraged anyway according
to bluhm@.
Unbreaks the tree on gcc architectures.
ok pirofti@, bluhm@, florian@
|
|
ok jca@, florian@
|
|
the random subsystem as entropy. This value is pretty much unknown,
and anyways our entropy input ring does not saturate from knowns.
ok mikeb djm
|
|
on amd64 and i386.
|
|
ok krw@
|
|
one that is not a duplicate and not a zero DUID.
ok krw@
|
|
ok krw@ kettenis@
|
|
|
|
a boot disk has not been selected by its caller.
ok jsing@, millert@
|
|
|
|
returning 0 or 1 since only boolean checks of the result are done.
No need for EINVAL as a return value.
|
