(If there is a legitimate need to correctly encode and pack a
disklabel with an invalid checksum custom tools can be built for
that.)
Make bsd_disklabel_le_dec() validate the magics, number of partitions
(against a new parameter) and the checksum.
Vastly simplify the logic of the GEOM::BSD class implementation:
Let g_bsd_modify() always take a byte-stream label.
This simplifies all users, except the ioctl's which now have to
convert to a byte-stream first. Their loss.
g_bsd_modify() is called with topology held now, and it returns
with it held.
Always update the md5sum in g_bsd_modify(), otherwise the check
is no use after the first modification of the label. Make the
MD5 over the bytestream version of the label.
Move the rawoffset hack to g_bsd_modify() and remove all the
inram/ondisk conversions.
Don't configure hotspots in g_bsd_modify(), do it in taste instead,
we do not support moving the label to a different location on the
fly anyway.
This passes all current regression tests.
For certain combinations of sectorsize, mediasize and random numbers
(used to define the mapping), a multisector read or write would ignore
some subset of the sectors past the first sector in the request because
those sectors would be mapped past the end of the parent device, and
normal "end of media" truncation would zap that part of the request.
Rev 1.19+1.20 of g_bde_work.c added the check which should have alerted
me to this happening. This commit maps the request correctly and
adds KASSERTS to make sure things stay inside the parent device.
This does not change the on-disk layout of GBDE, there is no need to
backup/restore.
it wrote the full length. The only case where this should be able
to happen is if we try to read/write past the end and the request
is truncated. We obviously should never try to do that, so this
code should never activate.
our key-sector, we would end up returning the read without an error,
despite the fact that the data was not correctly decrypted.
This would result in data corruption on read, but intact data still
on the media.
Give up the entire bio as soon as we detect a problem.
When we detect a problem, give up the bio by contributing the
remainder with ENOMEM, rather than kicking the bio back right
away.
If we failed on a non-first iteration we previously could end up
modifying fields in the bio after we delivered it. This could
account for memory corruption (none directly reported) on machines
with GBDE.
