From owner-freebsd-geom@FreeBSD.ORG Mon Jun 4 11:07:38 2012 Return-Path: Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4B3171065670 for ; Mon, 4 Jun 2012 11:07:38 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2AE9C8FC15 for ; Mon, 4 Jun 2012 11:07:38 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q54B7chQ017426 for ; Mon, 4 Jun 2012 11:07:38 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q54B7bhS017424 for freebsd-geom@FreeBSD.org; Mon, 4 Jun 2012 11:07:37 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Jun 2012 11:07:37 GMT Message-Id: <201206041107.q54B7bhS017424@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-geom@FreeBSD.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jun 2012 11:07:38 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/165745 geom [geom] geom_multipath page fault on removed drive o kern/165428 geom [glabel][patch] Add xfs support to glabel o kern/164254 geom [geom] gjournal not stopping on GPT partitions o kern/164252 geom [geom] gjournal overflow o kern/164143 geom [geom] Partition table not recognized after upgrade R8 a kern/163020 geom [geli] [patch] enable the Camellia-XTS on GEOM ELI o kern/162010 geom [geli] panic: Provider's error should be set (error=0) o kern/161979 geom [geom] glabel doesn't update after newfs, and glabel s o kern/161752 geom [geom] glabel(8) doesn't get gpt label change o bin/161677 geom gpart(8) Probably bug in gptboot o kern/160562 geom [geom][patch] Allow to insert new component to geom_ra o kern/160409 geom [geli] failed to attach provider f kern/159595 geom [geom] [panic] panic on gmirror unload in vbox [regres p kern/158398 geom [headers] [patch] includes o kern/158197 geom [geom] geom_cache with size>1000 leads to panics o kern/157879 geom [libgeom] [regression] ABI change without version bump o kern/157863 geom [geli] kbdmux prevents geli passwords from being enter o kern/157739 geom [geom] GPT labels with geom_multipath o kern/157724 geom [geom] gpart(8) 'add' command must preserve gap for sc o kern/157723 geom [geom] GEOM should not process 'c' (raw) partitions fo o kern/157108 geom [gjournal] dumpon(8) fails on gjournal providers o kern/155994 geom [geom] Long "Suspend time" when reading large files fr o kern/154226 geom [geom] GEOM label does not change when you modify them o kern/150858 geom [geom] [geom_label] [patch] glabel(8) is not compatibl o kern/150626 geom [geom] [gjournal] gjournal(8) destroys label o kern/150555 geom [geom] gjournal unusable on GPT partitions o kern/150334 geom [geom] [udf] [patch] geom label does not support UDF o kern/149762 geom volume labels with rogue characters o bin/149215 geom [panic] [geom_part] gpart(8): Delete linux's slice via o kern/147667 geom [gmirror] Booting with one component of a gmirror, the o kern/145818 geom [geom] geom_stat_open showing cached information for n o kern/145042 geom [geom] System stops booting after printing message "GE o kern/143455 geom gstripe(8) in RELENG_8 (31st Jan 2010) broken o kern/142563 geom [geom] [hang] ioctl freeze in zpool o kern/141740 geom [geom] gjournal(8): g_journal_destroy concurrent error o kern/140352 geom [geom] gjournal + glabel not working o kern/135898 geom [geom] Severe filesystem corruption - large files or l o kern/134113 geom [geli] Problem setting secondary GELI key o kern/133931 geom [geli] [request] intentionally wrong password to destr o bin/132845 geom [geom] [patch] ggated(8) does not close files opened a o bin/131415 geom [geli] keystrokes are unregulary sent to Geli when typ o kern/131353 geom [geom] gjournal(8) kernel lock o kern/129674 geom [geom] gjournal root did not mount on boot o kern/129645 geom gjournal(8): GEOM_JOURNAL causes system to fail to boo o kern/129245 geom [geom] gcache is more suitable for suffix based provid o kern/127420 geom [geom] [gjournal] [panic] Journal overflow on gmirrore o kern/124973 geom [gjournal] [patch] boot order affects geom_journal con o kern/124969 geom gvinum(8): gvinum raid5 plex does not detect missing s o kern/123962 geom [panic] [gjournal] gjournal (455Gb data, 8Gb journal), o kern/123122 geom [geom] GEOM / gjournal kernel lock o kern/122738 geom [geom] gmirror list "losts consumers" after gmirror de o kern/122067 geom [geom] [panic] Geom crashed during boot o kern/121364 geom [gmirror] Removing all providers create a "zombie" mir o kern/120091 geom [geom] [geli] [gjournal] geli does not prompt for pass o kern/115856 geom [geli] ZFS thought it was degraded when it should have o kern/115547 geom [geom] [patch] [request] let GEOM Eli get password fro f kern/113957 geom [gmirror] gmirror is intermittently reporting a degrad o kern/113837 geom [geom] unable to access 1024 sector size storage o kern/113419 geom [geom] geom fox multipathing not failing back o kern/107707 geom [geom] [patch] [request] add new class geom_xbox360 to o kern/94632 geom [geom] Kernel output resets input while GELI asks for o kern/90582 geom [geom] [panic] Restore cause panic string (ffs_blkfree o bin/90093 geom fdisk(8) incapable of altering in-core geometry o kern/87544 geom [gbde] mmaping large files on a gbde filesystem deadlo o bin/86388 geom [geom] [geom_part] periodic(8) daily should backup gpa o kern/84556 geom [geom] [panic] GBDE-encrypted swap causes panic at shu o kern/79251 geom [2TB] newfs fails on 2.6TB gbde device o kern/79035 geom [vinum] gvinum unable to create a striped set of mirro o bin/78131 geom gbde(8) "destroy" not working. 69 problems total. From owner-freebsd-geom@FreeBSD.ORG Tue Jun 5 14:05:16 2012 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53D891065697; Tue, 5 Jun 2012 14:05:16 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DE1838FC08; Tue, 5 Jun 2012 14:05:15 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q55E5FmO056306; Tue, 5 Jun 2012 14:05:15 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q55E5FcW056301; Tue, 5 Jun 2012 14:05:15 GMT (envelope-from gavin) Date: Tue, 5 Jun 2012 14:05:15 GMT Message-Id: <201206051405.q55E5FcW056301@freefall.freebsd.org> To: wollman@csail.mit.edu, gavin@FreeBSD.org, freebsd-geom@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/165745: [geom] geom_multipath page fault on removed drive X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 14:05:16 -0000 Synopsis: [geom] geom_multipath page fault on removed drive State-Changed-From-To: open->feedback State-Changed-By: gavin State-Changed-When: Tue Jun 5 14:02:24 UTC 2012 State-Changed-Why: To submitter: it sounds like this may be fixed - are you still able to recreate the problem? http://www.freebsd.org/cgi/query-pr.cgi?pr=165745 From owner-freebsd-geom@FreeBSD.ORG Tue Jun 5 16:10:19 2012 Return-Path: Delivered-To: freebsd-geom@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B798F1065728 for ; Tue, 5 Jun 2012 16:10:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 103468FC18 for ; Tue, 5 Jun 2012 16:10:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q55GAIBC084919 for ; Tue, 5 Jun 2012 16:10:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q55GAIZT084918; Tue, 5 Jun 2012 16:10:18 GMT (envelope-from gnats) Date: Tue, 5 Jun 2012 16:10:18 GMT Message-Id: <201206051610.q55GAIZT084918@freefall.freebsd.org> To: freebsd-geom@FreeBSD.org From: Garrett Wollman Cc: Subject: Re: kern/165745: [geom] geom_multipath page fault on removed drive X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Garrett Wollman List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 16:10:19 -0000 The following reply was made to PR kern/165745; it has been noted by GNATS. From: Garrett Wollman To: gavin@FreeBSD.org Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/165745: [geom] geom_multipath page fault on removed drive Date: Tue, 5 Jun 2012 12:03:57 -0400 < To submitter: it sounds like this may be fixed - are you still able > to recreate the problem? I haven't had time to backport the new version to 9.0, nor to actually reboot the server we are testing to install a new kernel. This will get done when I need to put the server into production, assuming 9.1 isn't released by then. -GAWollman From owner-freebsd-geom@FreeBSD.ORG Sat Jun 9 20:58:10 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7854F1065670 for ; Sat, 9 Jun 2012 20:58:10 +0000 (UTC) (envelope-from john@saltant.com) Received: from hapkido.dreamhost.com (hapkido.dreamhost.com [66.33.216.122]) by mx1.freebsd.org (Postfix) with ESMTP id 4E4318FC0C for ; Sat, 9 Jun 2012 20:58:10 +0000 (UTC) Received: from homiemail-a33.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by hapkido.dreamhost.com (Postfix) with ESMTP id DB75E78333 for ; Sat, 9 Jun 2012 14:00:34 -0700 (PDT) Received: from homiemail-a33.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a33.g.dreamhost.com (Postfix) with ESMTP id BC9CC594059 for ; Sat, 9 Jun 2012 13:57:58 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=saltant.com; h=message-id:date :from:mime-version:to:subject:content-type: content-transfer-encoding; q=dns; s=saltant.com; b=cGmzDJj8kmVyV qcpk1w1scVkBBnV4EsvGn5GS2A+hqmoL53uLUZy67uS/AhkfzcRiFb+6j9YhhMcA YLXt8EPo0DVIsbvl3LtATpuPBzGjkzvD79aiAFhovKnrIv+MyxxuQKzNa0r31Y/9 AShpoty+N0Xc87AwHIavzxJvcvmPs8= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=saltant.com; h=message-id :date:from:mime-version:to:subject:content-type: content-transfer-encoding; s=saltant.com; bh=kbfFlg8b8vxh7YBiWIu 8rZ93DMQ=; b=e0JvkvZNp6UhD28bxGPuZdYB3sshLPEQTYbGOa9ZmZllnYiERWc CQ8cHFmxYg9Z3mRMY1XCfxSjtqUudpMsY4BqTCytbkjB8FjJExKZRXMuo6YiECnC T/624QkDXCrZfzurxMk+SgLF66aMuroDrgF0DOj9o1ZCmahNnVveaX2s= Received: from imago.y.saltant.net (vice.saltant.net [96.227.187.16]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: john@saltant.com) by homiemail-a33.g.dreamhost.com (Postfix) with ESMTPSA id 910D9594058 for ; Sat, 9 Jun 2012 13:57:58 -0700 (PDT) Message-ID: <4FD3B8D5.7030906@saltant.com> Date: Sat, 09 Jun 2012 16:57:57 -0400 From: "John W. O'Brien" Organization: Saltant Solutions User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-geom@freebsd.org X-Enigmail-Version: 1.5pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Scope and purpose of each kind geli key X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 20:58:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello freebsd-geom@, I recently started using geli and found it necessary to read a bunch of source code to supplement the manpages and Handbook sections. In particular, there are several different kinds of keys (and sources of key material), but they are not clearly differentiated in the docs. Of course, one need not understand the entire geli architecture and theory of operation in order to use it, but a bit more context would make things easier. So, the purpose of this inquiry is twofold: first, to sanity check what I think I learned from my studies; second, to find out if others would find it useful for me to take a swipe at integrating this information into the docs. Master Key - ---------- There is exactly one Master Key per provider, and it never changes for the life of the provider. It is generated in userland upon init (or onetime) and the user can select the key length (-l). Up to two, encrypted copies of the Master Key can be stored in the provider metadata. Each copy is encrypted with a Key Encrypting Key derived from a User Key. Storage Key - ----------- The Storage Key(s) are deterministically derived by the kernel and cached in memory during operation. Each is generated from the Master Key and is based on the block offset. The total number of Storage Keys used by a given provider depends on the size of the provider; one Storage Key per 2^20 blocks. A block's offset is used as an Initialization Vector (IV) when encrypting or decrypting its data with the applicable Storage Key. User Key - -------- Upon init, attach, setkey, and resume, the user provides a User Key comprised of one or more User Key components; files (-k, -K), a passphrase, or stored passphrases (-j, -J). All components are processed in userland to generate a Key Encrypting Key which is used to access one of the two, encrypted Master Key copies stored in the provider metadata. Key Encrypting Key - ------------------ Each Key Encrypting Key is generated from a User Key and used to encrypt a copy of the Master Key on init or setkey, and to decrypt a copy of the Master Key on attach, setkey, or resume. For my sake and the sake of future mailing list archaeologists, are there any errors or significant ambiguities in my description? Once I've addressed any problems, would this, or something like it, be a welcome addition to the manpage and/or the Handbook? If so, is the level sufficient, or would more detail about salt, hashes, and so forth be appropriate? I will solicit editorial input in the event that this is going to see the light of day as a patch attached to a PR. Regards, John -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP07jVAAoJEEdKvTwaez9wph8H/2QiVPg9uEBqC/uY8kF+Dj0t TMIglXexx5D8b+AVxi3RSivm8atIDp9JqnUHM+C76N4qGzvd/cRTlMMqxuZIdMha FIX2LGp9yvIuVbMJXAKoFKIte2lNKo3v75U6EmX5Bv/YLwIO8y57cpIXxz5W7tLJ 53+5n46ChUp9Kcfdusls0lpsqe72MBainq4maJlnW2TfKWlOiXHBkg0FbpcCPSPh k/Nic/yyCPThD55E+DJy9XU9FKnVUy+1yA8IGnVuwoOBQgFCVXHd0bbqDRhqPG65 SrHmxE6iKYOVBkw1NoWy2OYPEmk8fxWAz2M5+xpN0jed1ejcUZ5Ba4iu3jEDc5s= =47K2 -----END PGP SIGNATURE----- From owner-freebsd-geom@FreeBSD.ORG Sat Jun 9 23:36:16 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2EF5A106564A for ; Sat, 9 Jun 2012 23:36:16 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id AAD9A8FC16 for ; Sat, 9 Jun 2012 23:36:15 +0000 (UTC) Received: by wgbds11 with SMTP id ds11so2009845wgb.31 for ; Sat, 09 Jun 2012 16:36:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=NqnXv1JCwGBEa2z3ujXq7J6XW/hEIXSVt1ypBkq6eyU=; b=BBYjCDge79zcWIr0E9gAxyHsdB+sgoH4hJVTzhZpZagmRNayK6CzMOvL1/TdoWVKgk ue3OTSii3keSjmiA7kKVHHYly2u/EyfDZekzkHhKMnV/FNu6eU9/fYk6u1wpHinLwdZe TWmUNQkzpMBU7lBJC3C1ze0SoakIXYWEZOLcx86L/GbMtBQGP7XWv+x/2dLf7G6SZLrr ZxpaSdXzSeeYENJMIojty649fIRYDpb0khUDX61BtCJycSw7gVEiTK4OHxcLbZSTUCuh mjMyd6Zk6NaaUUavxa3A+zFDNQ7OCCeZzq9xF/JzeIZGvL7UyOx20r1K4oTyF18kZ+98 +yDQ== Received: by 10.216.144.216 with SMTP id n66mr3697057wej.107.1339284974486; Sat, 09 Jun 2012 16:36:14 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id f19sm20086657wiw.11.2012.06.09.16.36.12 (version=SSLv3 cipher=OTHER); Sat, 09 Jun 2012 16:36:13 -0700 (PDT) Date: Sun, 10 Jun 2012 00:36:11 +0100 From: RW To: freebsd-geom@freebsd.org Message-ID: <20120610003611.23cba4c7@gumby.homeunix.com> In-Reply-To: <4FD3B8D5.7030906@saltant.com> References: <4FD3B8D5.7030906@saltant.com> X-Mailer: Claws Mail 3.8.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Scope and purpose of each kind geli key X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jun 2012 23:36:16 -0000 On Sat, 09 Jun 2012 16:57:57 -0400 John W. O'Brien wrote: > There is exactly one Master Key per provider, and it never changes for > the life of the provider. It is generated in userland upon init (or > onetime) and the user can select the key length (-l). I think it's fixed at 512 bits and -l determines the key size of the actual encryption algorithm. > Storage Key per 2^20 blocks. A block's offset is used as an > Initialization Vector (IV) when encrypting or decrypting its data with > the applicable Storage Key. I thought that the IV came from a hash that includes the offset, but I'm not sure. > > For my sake and the sake of future mailing list archaeologists, are > there any errors or significant ambiguities in my description? Once > I've addressed any problems, would this, or something like it, be a > welcome addition to the manpage and/or the Handbook? IMO this is far too much information for the man page or handbook - it might be turned into an article though. What I think is important is that the user understands that the actual encryption derives from a fixed master key and there are two encrypted copies of this, each encrypted with one of the user keys. The above is important to understand because it removes a lot of confusion about what the user keys do and what happens when you change passphrase. It's important to know that changing a compromised user key is ineffective if the metadata has also been compromised. I don't see anything else helps to understand how to use geli, it just buries the useful bit.