Merge head

8 files changed, 676 insertions, 93 deletions

diff --git a/sbin/camcontrol/camcontrol.8 b/sbin/camcontrol/camcontrol.8
index df0b3e7..3b5eafe 100644
--- a/sbin/camcontrol/camcontrol.8
+++ b/sbin/camcontrol/camcontrol.8
@@ -27,7 +27,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 24, 2013
+.Dd September 6, 2013
 .Dt CAMCONTROL 8
 .Os
 .Sh NAME
@@ -207,6 +207,19 @@
 .Op Fl w
 .Op Fl y
 .Nm
+.Ic sanitize
+.Op device id
+.Op generic args
+.Aq Fl a Ar overwrite | block | crypto | exitfailure
+.Op Fl c Ar passes
+.Op Fl I
+.Op Fl P Ar pattern
+.Op Fl q
+.Op Fl U
+.Op Fl r
+.Op Fl w
+.Op Fl y
+.Nm
 .Ic idle
 .Op device id
 .Op generic args
@@ -649,7 +662,8 @@ request and not expect CRC bytes to be returned in the response.
 .Bl -tag -width 17n
 .It Fl r Ar len Ar fmt Op args
 This specifies the size of the SMP request, without the CRC bytes, and the
-SMP request format.  If the format is
+SMP request format.
+If the format is
 .Sq - ,
 .Ar len
 bytes of data will be read from standard input and written as the SMP
@@ -1088,16 +1102,132 @@ The user
 will not be asked about the timeout if a timeout is specified on the
 command line.
 .El
+.It Ic sanitize
+Issue the
+.Tn SCSI
+SANITIZE command to the named device.
+.Pp
+.Em WARNING! WARNING! WARNING!
+.Pp
+ALL data in the cache and on the disk will be destroyed or made inaccessible.
+Recovery of the data is not possible.
+Use extreme caution when issuing this command.
+.Pp
+The
+.Sq sanitize
+subcommand takes several arguments that modify its default behavior.
+The
+.Fl q
+and
+.Fl y
+arguments can be useful for scripts.
+.Bl -tag -width 6n
+.It Fl a Ar operation
+Specify the sanitize operation to perform.
+.Bl -tag -width 16n
+.It overwrite
+Perform an overwrite operation by writing a user supplied
+data pattern to the device one or more times.
+The pattern is given by the
+.Fl P
+argument.
+The number of times is given by the
+.Fl c
+argument.
+.It block
+Perform a block erase operation.
+All the device's blocks are set to a vendor defined
+value, typically zero.
+.It crypto
+Perform a cryptographic erase operation.
+The encryption keys are changed to prevent the decryption
+of the data.
+.It exitfailure
+Exits a previously failed sanitize operation.
+A failed sanitize operation can only be exited if it was
+run in the unrestricted completion mode, as provided by the
+.Fl U
+argument.
+.El
+.It Fl c Ar passes
+The number of passes when performing an
+.Sq overwrite
+operation.
+Valid values are between 1 and 31.
+The default is 1.
+.It Fl I
+When performing an
+.Sq overwrite
+operation, the pattern is inverted between consecutive passes.
+.It Fl P Ar pattern
+Path to the file containing the pattern to use when
+performing an
+.Sq overwrite
+operation.
+The pattern is repeated as needed to fill each block.
+.It Fl q
+Be quiet, do not print any status messages.
+This option will not disable
+the questions, however.
+To disable questions, use the
+.Fl y
+argument, below.
+.It Fl U
+Perform the sanitize in the unrestricted completion mode.
+If the operation fails, it can later be exited with the
+.Sq exitfailure
+operation.
+.It Fl r
+Run in
+.Dq report only
+mode.
+This will report status on a sanitize that is already running on the drive.
+.It Fl w
+Issue a non-immediate sanitize command.
+By default,
+.Nm
+issues the SANITIZE command with the immediate bit set.
+This tells the
+device to immediately return the sanitize command, before
+the sanitize has actually completed.
+Then,
+.Nm
+gathers
+.Tn SCSI
+sense information from the device every second to determine how far along
+in the sanitize process it is.
+If the
+.Fl w
+argument is specified,
+.Nm
+will issue a non-immediate sanitize command, and will be unable to print any
+information to let the user know what percentage of the disk has been
+sanitized.
+.It Fl y
+Do not ask any questions.
+By default,
+.Nm
+will ask the user if he/she really wants to sanitize the disk in question,
+and also if the default sanitize command timeout is acceptable.
+The user
+will not be asked about the timeout if a timeout is specified on the
+command line.
+.El
 .It Ic idle
-Put ATA device into IDLE state. Optional parameter
+Put ATA device into IDLE state.
+Optional parameter
 .Pq Fl t
-specifies automatic standby timer value in seconds. Value 0 disables timer.
+specifies automatic standby timer value in seconds.
+Value 0 disables timer.
 .It Ic standby
-Put ATA device into STANDBY state. Optional parameter
+Put ATA device into STANDBY state.
+Optional parameter
 .Pq Fl t
-specifies automatic standby timer value in seconds. Value 0 disables timer.
+specifies automatic standby timer value in seconds.
+Value 0 disables timer.
 .It Ic sleep
-Put ATA device into SLEEP state. Note that the only way get device out of
+Put ATA device into SLEEP state.
+Note that the only way get device out of
 this state may be reset.
 .It Ic security
 Update or report security settings, using an ATA identify command (0xec).
@@ -1123,7 +1253,8 @@ Issuing a secure erase will
 user data on the device and may take several hours to complete.
 .Pp
 When this command is used against an SSD drive all its cells will be marked as
-empty, restoring it to factory default write performance. For SSD's this action
+empty, restoring it to factory default write performance.
+For SSD's this action
 usually takes just a few seconds.
 .It Fl f
 .Pp
@@ -1153,8 +1284,10 @@ the devices configured security level.
 .Pp
 Specifies which security level to set when issuing a
 .Fl s Ar pwd
-command. The security level determines device behavior when the master
-password is used to unlock the device. When the security level is set to high
+command.
+The security level determines device behavior when the master
+password is used to unlock the device.
+When the security level is set to high
 the device requires the unlock command and the master password to unlock.
 When the security level is set to maximum the device requires a secure erase
 with the master password to unlock.
@@ -1173,7 +1306,8 @@ argument, below.
 .It Fl s Ar pwd
 .Pp
 Password the device (enable security) using the given password for the selected
-user. This option can be combined with other options such as
+user.
+This option can be combined with other options such as
 .Fl e Em pwd
 .Pp
 A master password may be set in a addition to the user password. The purpose of
@@ -1212,7 +1346,7 @@ Confirm yes to dangerous options such as
 without prompting for confirmation.
 .Pp
 .El
-If the password specified for any action commands doesn't match the configured
+If the password specified for any action commands does not match the configured
 password for the specified user the command will fail.
 .Pp
 The password in all cases is limited to 32 characters, longer passwords will
@@ -1269,7 +1403,7 @@ call can be made without a power-on reset or a hardware reset of the device.
 .It Fl U Ar pwd
 .Pp
 Unlock the HPA configuration of the specified device using the given password.
-If the password specified doesn't match the password configured via
+If the password specified does not match the password configured via
 .Fl p Ar pwd
 the command will fail.
 .Pp
@@ -1300,6 +1434,8 @@ PLEXTOR
 .It
 QUANTUM
 .It
+SAMSUNG
+.It
 SEAGATE
 .El
 .Pp
@@ -1474,7 +1610,7 @@ This will
 .Em ERASE ALL
 data from the device, so backup your data before using!
 .Pp
-This command can be used used against an SSD drive to restoring it to
+This command can be used against an SSD drive to restoring it to
 factory default write performance.
 .Bd -literal -offset indent
 camcontrol hpa ada0
diff --git a/sbin/camcontrol/camcontrol.c b/sbin/camcontrol/camcontrol.c
index 76b3939..e80c549 100644
--- a/sbin/camcontrol/camcontrol.c
+++ b/sbin/camcontrol/camcontrol.c
@@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/ioctl.h>
 #include <sys/stdint.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/endian.h>
 #include <sys/sbuf.h>
 
@@ -93,7 +94,8 @@ typedef enum {
 	CAM_CMD_SMP_MANINFO	= 0x0000001b,
 	CAM_CMD_DOWNLOAD_FW	= 0x0000001c,
 	CAM_CMD_SECURITY	= 0x0000001d,
-	CAM_CMD_HPA		= 0x0000001e
+	CAM_CMD_HPA		= 0x0000001e,
+	CAM_CMD_SANITIZE	= 0x0000001f,
 } cam_cmdmask;
 
 typedef enum {
@@ -209,6 +211,7 @@ static struct camcontrol_opts option_table[] = {
 	{"rate", CAM_CMD_RATE, CAM_ARG_NONE, negotiate_opts},
 	{"debug", CAM_CMD_DEBUG, CAM_ARG_NONE, "IPTSXcp"},
 	{"format", CAM_CMD_FORMAT, CAM_ARG_NONE, "qrwy"},
+	{"sanitize", CAM_CMD_SANITIZE, CAM_ARG_NONE, "a:c:IP:qrUwy"},
 	{"idle", CAM_CMD_IDLE, CAM_ARG_NONE, "t:"},
 	{"standby", CAM_CMD_STANDBY, CAM_ARG_NONE, "t:"},
 	{"sleep", CAM_CMD_SLEEP, CAM_ARG_NONE, ""},
@@ -301,6 +304,8 @@ static int ratecontrol(struct cam_device *device, int retry_count,
 		       int timeout, int argc, char **argv, char *combinedopt);
 static int scsiformat(struct cam_device *device, int argc, char **argv,
 		      char *combinedopt, int retry_count, int timeout);
+static int scsisanitize(struct cam_device *device, int argc, char **argv,
+			char *combinedopt, int retry_count, int timeout);
 static int scsireportluns(struct cam_device *device, int argc, char **argv,
 			  char *combinedopt, int retry_count, int timeout);
 static int scsireadcapacity(struct cam_device *device, int argc, char **argv,
@@ -5537,6 +5542,402 @@ scsiformat_bailout:
 }
 
 static int
+scsisanitize(struct cam_device *device, int argc, char **argv,
+	     char *combinedopt, int retry_count, int timeout)
+{
+	union ccb *ccb;
+	u_int8_t action = 0;
+	int c;
+	int ycount = 0, quiet = 0;
+	int error = 0, retval = 0;
+	int use_timeout = 10800 * 1000;
+	int immediate = 1;
+	int invert = 0;
+	int passes = 0;
+	int ause = 0;
+	int fd = -1;
+	const char *pattern = NULL;
+	u_int8_t *data_ptr = NULL;
+	u_int32_t dxfer_len = 0;
+	u_int8_t byte2 = 0;
+	int num_warnings = 0;
+	int reportonly = 0;
+
+	ccb = cam_getccb(device);
+
+	if (ccb == NULL) {
+		warnx("scsisanitize: error allocating ccb");
+		return(1);
+	}
+
+	bzero(&(&ccb->ccb_h)[1],
+	      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+
+	while ((c = getopt(argc, argv, combinedopt)) != -1) {
+		switch(c) {
+		case 'a':
+			if (strcasecmp(optarg, "overwrite") == 0)
+				action = SSZ_SERVICE_ACTION_OVERWRITE;
+			else if (strcasecmp(optarg, "block") == 0)
+				action = SSZ_SERVICE_ACTION_BLOCK_ERASE;
+			else if (strcasecmp(optarg, "crypto") == 0)
+				action = SSZ_SERVICE_ACTION_CRYPTO_ERASE;
+			else if (strcasecmp(optarg, "exitfailure") == 0)
+				action = SSZ_SERVICE_ACTION_EXIT_MODE_FAILURE;
+			else {
+				warnx("invalid service operation \"%s\"",
+				      optarg);
+				error = 1;
+				goto scsisanitize_bailout;
+			}
+			break;
+		case 'c':
+			passes = strtol(optarg, NULL, 0);
+			if (passes < 1 || passes > 31) {
+				warnx("invalid passes value %d", passes);
+				error = 1;
+				goto scsisanitize_bailout;
+			}
+			break;
+		case 'I':
+			invert = 1;
+			break;
+		case 'P':
+			pattern = optarg;
+			break;
+		case 'q':
+			quiet++;
+			break;
+		case 'U':
+			ause = 1;
+			break;
+		case 'r':
+			reportonly = 1;
+			break;
+		case 'w':
+			immediate = 0;
+			break;
+		case 'y':
+			ycount++;
+			break;
+		}
+	}
+
+	if (reportonly)
+		goto doreport;
+
+	if (action == 0) {
+		warnx("an action is required");
+		error = 1;
+		goto scsisanitize_bailout;
+	} else if (action == SSZ_SERVICE_ACTION_OVERWRITE) {
+		struct scsi_sanitize_parameter_list *pl;
+		struct stat sb;
+		ssize_t sz, amt;
+
+		if (pattern == NULL) {
+			warnx("overwrite action requires -P argument");
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+		fd = open(pattern, O_RDONLY);
+		if (fd < 0) {
+			warn("cannot open pattern file %s", pattern);
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+		if (fstat(fd, &sb) < 0) {
+			warn("cannot stat pattern file %s", pattern);
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+		sz = sb.st_size;
+		if (sz > SSZPL_MAX_PATTERN_LENGTH) {
+			warnx("pattern file size exceeds maximum value %d",
+			      SSZPL_MAX_PATTERN_LENGTH);
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+		dxfer_len = sizeof(*pl) + sz;
+		data_ptr = calloc(1, dxfer_len);
+		if (data_ptr == NULL) {
+			warnx("cannot allocate parameter list buffer");
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+
+		amt = read(fd, data_ptr + sizeof(*pl), sz);
+		if (amt < 0) {
+			warn("cannot read pattern file");
+			error = 1;
+			goto scsisanitize_bailout;
+		} else if (amt != sz) {
+			warnx("short pattern file read");
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+
+		pl = (struct scsi_sanitize_parameter_list *)data_ptr;
+		if (passes == 0)
+			pl->byte1 = 1;
+		else
+			pl->byte1 = passes;
+		if (invert != 0)
+			pl->byte1 |= SSZPL_INVERT;
+		scsi_ulto2b(sz, pl->length);
+	} else {
+		const char *arg;
+
+		if (passes != 0)
+			arg = "-c";
+		else if (invert != 0)
+			arg = "-I";
+		else if (pattern != NULL)
+			arg = "-P";
+		else
+			arg = NULL;
+		if (arg != NULL) {
+			warnx("%s argument only valid with overwrite "
+			      "operation", arg);
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+	}
+
+	if (quiet == 0) {
+		fprintf(stdout, "You are about to REMOVE ALL DATA from the "
+			"following device:\n");
+
+		error = scsidoinquiry(device, argc, argv, combinedopt,
+				      retry_count, timeout);
+
+		if (error != 0) {
+			warnx("scsisanitize: error sending inquiry");
+			goto scsisanitize_bailout;
+		}
+	}
+
+	if (ycount == 0) {
+		if (!get_confirmation()) {
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+	}
+
+	if (timeout != 0)
+		use_timeout = timeout;
+
+	if (quiet == 0) {
+		fprintf(stdout, "Current sanitize timeout is %d seconds\n",
+			use_timeout / 1000);
+	}
+
+	/*
+	 * If the user hasn't disabled questions and didn't specify a
+	 * timeout on the command line, ask them if they want the current
+	 * timeout.
+	 */
+	if ((ycount == 0)
+	 && (timeout == 0)) {
+		char str[1024];
+		int new_timeout = 0;
+
+		fprintf(stdout, "Enter new timeout in seconds or press\n"
+			"return to keep the current timeout [%d] ",
+			use_timeout / 1000);
+
+		if (fgets(str, sizeof(str), stdin) != NULL) {
+			if (str[0] != '\0')
+				new_timeout = atoi(str);
+		}
+
+		if (new_timeout != 0) {
+			use_timeout = new_timeout * 1000;
+			fprintf(stdout, "Using new timeout value %d\n",
+				use_timeout / 1000);
+		}
+	}
+
+	byte2 = action;
+	if (ause != 0)
+		byte2 |= SSZ_UNRESTRICTED_EXIT;
+	if (immediate != 0)
+		byte2 |= SSZ_IMMED;
+
+	scsi_sanitize(&ccb->csio,
+		      /* retries */ retry_count,
+		      /* cbfcnp */ NULL,
+		      /* tag_action */ MSG_SIMPLE_Q_TAG,
+		      /* byte2 */ byte2,
+		      /* control */ 0,
+		      /* data_ptr */ data_ptr,
+		      /* dxfer_len */ dxfer_len,
+		      /* sense_len */ SSD_FULL_SIZE,
+		      /* timeout */ use_timeout);
+
+	/* Disable freezing the device queue */
+	ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
+
+	if (arglist & CAM_ARG_ERR_RECOVER)
+		ccb->ccb_h.flags |= CAM_PASS_ERR_RECOVER;
+
+	if (((retval = cam_send_ccb(device, ccb)) < 0)
+	 || ((immediate == 0)
+	   && ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP))) {
+		const char errstr[] = "error sending sanitize command";
+
+		if (retval < 0)
+			warn(errstr);
+		else
+			warnx(errstr);
+
+		if (arglist & CAM_ARG_VERBOSE) {
+			cam_error_print(device, ccb, CAM_ESF_ALL,
+					CAM_EPF_ALL, stderr);
+		}
+		error = 1;
+		goto scsisanitize_bailout;
+	}
+
+	/*
+	 * If we ran in non-immediate mode, we already checked for errors
+	 * above and printed out any necessary information.  If we're in
+	 * immediate mode, we need to loop through and get status
+	 * information periodically.
+	 */
+	if (immediate == 0) {
+		if (quiet == 0) {
+			fprintf(stdout, "Sanitize Complete\n");
+		}
+		goto scsisanitize_bailout;
+	}
+
+doreport:
+	do {
+		cam_status status;
+
+		bzero(&(&ccb->ccb_h)[1],
+		      sizeof(struct ccb_scsiio) - sizeof(struct ccb_hdr));
+
+		/*
+		 * There's really no need to do error recovery or
+		 * retries here, since we're just going to sit in a
+		 * loop and wait for the device to finish sanitizing.
+		 */
+		scsi_test_unit_ready(&ccb->csio,
+				     /* retries */ 0,
+				     /* cbfcnp */ NULL,
+				     /* tag_action */ MSG_SIMPLE_Q_TAG,
+				     /* sense_len */ SSD_FULL_SIZE,
+				     /* timeout */ 5000);
+
+		/* Disable freezing the device queue */
+		ccb->ccb_h.flags |= CAM_DEV_QFRZDIS;
+
+		retval = cam_send_ccb(device, ccb);
+
+		/*
+		 * If we get an error from the ioctl, bail out.  SCSI
+		 * errors are expected.
+		 */
+		if (retval < 0) {
+			warn("error sending CAMIOCOMMAND ioctl");
+			if (arglist & CAM_ARG_VERBOSE) {
+				cam_error_print(device, ccb, CAM_ESF_ALL,
+						CAM_EPF_ALL, stderr);
+			}
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+
+		status = ccb->ccb_h.status & CAM_STATUS_MASK;
+
+		if ((status != CAM_REQ_CMP)
+		 && (status == CAM_SCSI_STATUS_ERROR)
+		 && ((ccb->ccb_h.status & CAM_AUTOSNS_VALID) != 0)) {
+			struct scsi_sense_data *sense;
+			int error_code, sense_key, asc, ascq;
+
+			sense = &ccb->csio.sense_data;
+			scsi_extract_sense_len(sense, ccb->csio.sense_len -
+			    ccb->csio.sense_resid, &error_code, &sense_key,
+			    &asc, &ascq, /*show_errors*/ 1);
+
+			/*
+			 * According to the SCSI-3 spec, a drive that is in the
+			 * middle of a sanitize should return NOT READY with an
+			 * ASC of "logical unit not ready, sanitize in
+			 * progress". The sense key specific bytes will then
+			 * be a progress indicator.
+			 */
+			if ((sense_key == SSD_KEY_NOT_READY)
+			 && (asc == 0x04) && (ascq == 0x1b)) {
+				uint8_t sks[3];
+
+				if ((scsi_get_sks(sense, ccb->csio.sense_len -
+				     ccb->csio.sense_resid, sks) == 0)
+				 && (quiet == 0)) {
+					int val;
+					u_int64_t percentage;
+
+					val = scsi_2btoul(&sks[1]);
+					percentage = 10000 * val;
+
+					fprintf(stdout,
+						"\rSanitizing:  %ju.%02u %% "
+						"(%d/%d) done",
+						(uintmax_t)(percentage /
+						(0x10000 * 100)),
+						(unsigned)((percentage /
+						0x10000) % 100),
+						val, 0x10000);
+					fflush(stdout);
+				} else if ((quiet == 0)
+					&& (++num_warnings <= 1)) {
+					warnx("Unexpected SCSI Sense Key "
+					      "Specific value returned "
+					      "during sanitize:");
+					scsi_sense_print(device, &ccb->csio,
+							 stderr);
+					warnx("Unable to print status "
+					      "information, but sanitze will "
+					      "proceed.");
+					warnx("will exit when sanitize is "
+					      "complete");
+				}
+				sleep(1);
+			} else {
+				warnx("Unexpected SCSI error during sanitize");
+				cam_error_print(device, ccb, CAM_ESF_ALL,
+						CAM_EPF_ALL, stderr);
+				error = 1;
+				goto scsisanitize_bailout;
+			}
+
+		} else if (status != CAM_REQ_CMP) {
+			warnx("Unexpected CAM status %#x", status);
+			if (arglist & CAM_ARG_VERBOSE)
+				cam_error_print(device, ccb, CAM_ESF_ALL,
+						CAM_EPF_ALL, stderr);
+			error = 1;
+			goto scsisanitize_bailout;
+		}
+	} while((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP);
+
+	if (quiet == 0)
+		fprintf(stdout, "\nSanitize Complete\n");
+
+scsisanitize_bailout:
+	if (fd >= 0)
+		close(fd);
+	if (data_ptr != NULL)
+		free(data_ptr);
+	cam_freeccb(ccb);
+
+	return(error);
+}
+
+static int
 scsireportluns(struct cam_device *device, int argc, char **argv,
 	       char *combinedopt, int retry_count, int timeout)
 {
@@ -7361,6 +7762,10 @@ usage(int printlong)
 "                              [-q][-R syncrate][-v][-T <enable|disable>]\n"
 "                              [-U][-W bus_width]\n"
 "        camcontrol format     [dev_id][generic args][-q][-r][-w][-y]\n"
+"        camcontrol sanitize   [dev_id][generic args]\n"
+"                              [-a overwrite|block|crypto|exitfailure]\n"
+"                              [-c passes][-I][-P pattern][-q][-U][-r][-w]\n"
+"                              [-y]\n"
 "        camcontrol idle       [dev_id][generic args][-t time]\n"
 "        camcontrol standby    [dev_id][generic args][-t time]\n"
 "        camcontrol sleep      [dev_id][generic args]\n"
@@ -7403,6 +7808,7 @@ usage(int printlong)
 "tags        report or set the number of transaction slots for a device\n"
 "negotiate   report or set device negotiation parameters\n"
 "format      send the SCSI FORMAT UNIT command to the named device\n"
+"sanitize    send the SCSI SANITIZE command to the named device\n"
 "idle        send the ATA IDLE command to the named device\n"
 "standby     send the ATA STANDBY command to the named device\n"
 "sleep       send the ATA SLEEP command to the named device\n"
@@ -7498,6 +7904,16 @@ usage(int printlong)
 "-r                run in report only mode\n"
 "-w                don't send immediate format command\n"
 "-y                don't ask any questions\n"
+"sanitize arguments:\n"
+"-a operation      operation mode: overwrite, block, crypto or exitfailure\n"
+"-c passes         overwrite passes to perform (1 to 31)\n"
+"-I                invert overwrite pattern after each pass\n"
+"-P pattern        path to overwrite pattern file\n"
+"-q                be quiet, don't print status messages\n"
+"-r                run in report only mode\n"
+"-U                run operation in unrestricted completion exit mode\n"
+"-w                don't send immediate sanitize command\n"
+"-y                don't ask any questions\n"
 "idle/standby arguments:\n"
 "-t <arg>          number of seconds before respective state.\n"
 "fwdownload arguments:\n"
@@ -7860,6 +8276,10 @@ main(int argc, char **argv)
 			    arglist & CAM_ARG_VERBOSE, retry_count, timeout,
 			    get_disk_type(cam_dev));
 			break;
+		case CAM_CMD_SANITIZE:
+			error = scsisanitize(cam_dev, argc, argv,
+					     combinedopt, retry_count, timeout);
+			break;
 #endif /* MINIMALISTIC */
 		case CAM_CMD_USAGE:
 			usage(1);
diff --git a/sbin/camcontrol/fwdownload.c b/sbin/camcontrol/fwdownload.c
index 2fa9ba4..7e57d32 100644
--- a/sbin/camcontrol/fwdownload.c
+++ b/sbin/camcontrol/fwdownload.c
@@ -77,6 +77,7 @@ typedef enum {
 	VENDOR_PLEXTOR,
 	VENDOR_QUALSTAR,
 	VENDOR_QUANTUM,
+	VENDOR_SAMSUNG,
 	VENDOR_SEAGATE,
 	VENDOR_UNKNOWN
 } fw_vendor_t;
@@ -98,6 +99,7 @@ static const struct fw_vendor vendors_list[] = {
 	{VENDOR_PLEXTOR,	"PLEXTOR",	0x2000, 0x04, 0x05, 0, 1},
 	{VENDOR_QUALSTAR,	"QUALSTAR",	0x2030, 0x05, 0x05, 0, 0},
 	{VENDOR_QUANTUM,	"QUANTUM",	0x2000, 0x04, 0x05, 0, 1},
+	{VENDOR_SAMSUNG,	"SAMSUNG",	0x8000, 0x07, 0x07, 0, 1},
 	{VENDOR_SEAGATE,	"SEAGATE",	0x8000, 0x07, 0x07, 0, 1},
 	/* the next 2 are SATA disks going through SAS HBA */
 	{VENDOR_SEAGATE,	"ATA ST",	0x8000, 0x07, 0x07, 0, 1},
diff --git a/sbin/ipf/ipf/Makefile b/sbin/ipf/ipf/Makefile
index 62a9b47..c3938c6 100644
--- a/sbin/ipf/ipf/Makefile
+++ b/sbin/ipf/ipf/Makefile
@@ -4,7 +4,7 @@ PROG=		ipf
 SRCS=		${GENHDRS} ipf.c ipfcomp.c ipf_y.c ipf_l.c bpf_filter.c
 MAN=		ipfilter.4 ipfilter.5 ipf.8 ipf.4 ipf.5 ipl.4
 MLINKS=		ipf.5 ipf.conf.5 ipf.5 ipf6.conf.5
-CFLAGS+=	-I. -DIPFILTER_BPF
+CFLAGS+=	-I. -DIPFILTER_BPF -DHAS_SYS_MD5_H
 
 GENHDRS=	ipf_l.h ipf_y.h
 DPSRCS+=	${GENHDRS}
diff --git a/sbin/ipf/ipftest/Makefile b/sbin/ipf/ipftest/Makefile
index d089b2b..32b074c 100644
--- a/sbin/ipf/ipftest/Makefile
+++ b/sbin/ipf/ipftest/Makefile
@@ -2,15 +2,22 @@
 
 PROG=		ipftest
 SRCS=		${GENHDRS} ipftest.c fil.c ip_frag.c ip_state.c ip_nat.c \
+		ip_nat6.c \
 		ip_proxy.c ip_auth.c ip_htable.c ip_lookup.c \
 		ip_pool.c ip_scan.c ip_sync.c ip_rules.c \
 		ip_fil.c ip_log.c ippool_y.c ippool_l.c ipf_y.c \
-		ipf_l.c ipnat_y.c ipnat_l.c md5.c radix.c bpf_filter.c
+		ipf_l.c ipnat_y.c ipnat_l.c md5.c radix_ipf.c ip_dstlist.c
 MAN=		ipftest.1
 
 WARNS?=		0
 CFLAGS+=	-DIPFILTER_LOG -DIPFILTER_COMPILED -DIPFILTER_LOOKUP \
-		-DIPFILTER_SCAN -DIPFILTER_SYNC -DIPFILTER_CKSUM -I.
+		-DIPFILTER_SYNC -DIPFILTER_CKSUM -DHAS_SYS_MD5_H -I.
+
+# XXX	The original tarball does not define IPFILTER_SCAN when building this
+# XXX	and other modules. It is believed the reason is it fails to build.
+# XXX	It has been removed for now.
+# XXX CFLAGS+=		-DIPFILTER_SCAN
+
 
 .PATH:		${.CURDIR}/../../../sys/contrib/ipfilter/netinet
 
diff --git a/sbin/ipf/libipf/Makefile b/sbin/ipf/libipf/Makefile
index 43428cc..077062f 100644
--- a/sbin/ipf/libipf/Makefile
+++ b/sbin/ipf/libipf/Makefile
@@ -3,26 +3,43 @@
 LIB=		ipf
 INTERNALLIB=
 
-SRCS=		addicmp.c addipopt.c alist_free.c alist_new.c bcopywrap.c \
-		binprint.c buildopts.c checkrev.c count4bits.c count6bits.c \
-		debug.c facpri.c fill6bits.c flags.c gethost.c getifname.c \
+SRCS=		addicmp.c addipopt.c alist_free.c alist_new.c allocmbt.c \
+		assigndefined.c bcopywrap.c \
+		binprint.c buildopts.c checkrev.c connecttcp.c \
+		count4bits.c count6bits.c \
+		debug.c dupmbt.c \
+		facpri.c familyname.c \
+		fill6bits.c findword.c \
+		flags.c freembt.c ftov.c \
+		genmask.c \
+		gethost.c getifname.c geticmptype.c \
 		getnattype.c getport.c getportproto.c getproto.c getsumd.c \
-		hostname.c icmpcode.c initparse.c ionames.c \
-		ipf_dotuning.c ipft_ef.c ipft_hx.c ipft_pc.c ipft_sn.c \
-		ipft_td.c ipft_tx.c ipoptsec.c kmem.c kmemcpywrap.c \
-		kvatoname.c load_file.c load_hash.c load_hashnode.c \
+		hostname.c icmpcode.c icmptypename.c icmptypes.c \
+		initparse.c interror.c ionames.c \
+		ipf_dotuning.c ipf_perror.c ipft_hx.c ipft_pc.c \
+		ipft_tx.c ipoptsec.c kmem.c kmemcpywrap.c \
+		kvatoname.c load_dstlist.c load_dstlistnode.c load_file.c \
+		load_hash.c load_hashnode.c \
 		load_http.c load_pool.c load_poolnode.c load_url.c \
+		mb_hexdump.c msgdsize.c \
 		mutex_emul.c nametokva.c nat_setgroupmap.c ntomask.c \
-		optname.c optprint.c optprintv6.c optvalue.c portname.c \
-		print_toif.c printactivenat.c printaps.c printbuf.c \
+		optname.c optprint.c optprintv6.c optvalue.c parsefields.c \
+		parseipfexpr.c parsewhoisline.c poolio.c portname.c \
+		prependmbt.c \
+		print_toif.c printactiveaddr.c printactivenat.c printaddr.c \
+		printaps.c printbuf.c printdstl_live.c printdstlist.c \
+		printdstlistdata.c printdstlistnode.c printdstlistpolicy.c \
+		printfieldhdr.c \
 		printfr.c printfraginfo.c printhash.c printhash_live.c \
-		printhashdata.c printhashnode.c printhostmap.c \
-		printhostmask.c printifname.c printip.c printlog.c \
-		printmask.c printnat.c printpacket.c printpacket6.c \
-		printpool.c printpool_live.c printpooldata.c printpoolnode.c \
-		printportcmp.c printproto.c printsbuf.c printstate.c \
-		printtqtable.c printtunable.c remove_hash.c remove_hashnode.c \
+		printhashdata.c printhashnode.c printhost.c printhostmap.c \
+		printhostmask.c printifname.c printip.c printipfexpr.c printiphdr.c printlog.c printlookup.c \
+		printmask.c printnat.c printnataddr.c printnatfield.c printnatside.c printpacket.c printpacket6.c \
+		printpool.c printpool_live.c printpooldata.c printpoolfield.c printpoolnode.c \
+		printportcmp.c printproto.c printsbuf.c printstate.c printstatefields.c \
+		printtcpflags.c \
+		printtqtable.c printtunable.c printunit.c remove_hash.c remove_hashnode.c \
 		remove_pool.c remove_poolnode.c resetlexer.c rwlock_emul.c \
+		save_execute.c save_file.c save_nothing.c save_syslog.c save_v1trap.c save_v2trap.c vtof.c \
 		tcp_flags.c tcpflags.c tcpoptnames.c v6ionames.c v6optvalue.c \
 		var.c verbose.c
 
diff --git a/sbin/newfs_msdos/newfs_msdos.c b/sbin/newfs_msdos/newfs_msdos.c
index fe1631a..217b720 100644
--- a/sbin/newfs_msdos/newfs_msdos.c
+++ b/sbin/newfs_msdos/newfs_msdos.c
@@ -139,8 +139,8 @@ struct de {
     u_int8_t deName[11];		/* name and extension */
     u_int8_t deAttributes;		/* attributes */
     u_int8_t rsvd[10];			/* reserved */
-    u_int8_t deMTime[2];		/* creation time */
-    u_int8_t deMDate[2];		/* creation date */
+    u_int8_t deMTime[2];		/* last-modified time */
+    u_int8_t deMDate[2];		/* last-modified date */
     u_int8_t deStartCluster[2];		/* starting cluster */
     u_int8_t deFileSize[4];		/* size */
 } __packed;
diff --git a/sbin/swapon/swapon.c b/sbin/swapon/swapon.c
index d93277c..bf621c1 100644
--- a/sbin/swapon/swapon.c
+++ b/sbin/swapon/swapon.c
@@ -1,4 +1,4 @@
-/*
+/*-
  * Copyright (c) 1980, 1993
  *	The Regents of the University of California.  All rights reserved.
  *
@@ -83,16 +83,16 @@ main(int argc, char **argv)
 	struct fstab *fsp;
 	const char *swfile;
 	char *ptr;
-	int ret;
-	int ch, doall;
-	int sflag = 0, lflag = 0, late = 0, hflag = 0;
+	int ret, ch, doall;
+	int sflag, lflag, late, hflag;
 	const char *etc_fstab;
 
+	sflag = lflag = late = hflag = 0;
 	if ((ptr = strrchr(argv[0], '/')) == NULL)
 		ptr = argv[0];
-	if (strstr(ptr, "swapon"))
+	if (strstr(ptr, "swapon") != NULL)
 		which_prog = SWAPON;
-	else if (strstr(ptr, "swapoff"))
+	else if (strstr(ptr, "swapoff") != NULL)
 		which_prog = SWAPOFF;
 	orig_prog = which_prog;
 	
@@ -104,9 +104,8 @@ main(int argc, char **argv)
 			if (which_prog == SWAPCTL) {
 				doall = 1;
 				which_prog = SWAPON;
-			} else {
+			} else
 				usage();
-			}
 			break;
 		case 'a':
 			if (which_prog == SWAPON || which_prog == SWAPOFF)
@@ -149,9 +148,8 @@ main(int argc, char **argv)
 			if (which_prog == SWAPCTL) {
 				doall = 1;
 				which_prog = SWAPOFF;
-			} else {
+			} else
 				usage();
-			}
 			break;
 		case 'F':
 			etc_fstab = optarg;
@@ -170,13 +168,20 @@ main(int argc, char **argv)
 	if (which_prog == SWAPON || which_prog == SWAPOFF) {
 		if (doall) {
 			while ((fsp = getfsent()) != NULL) {
-				if (strcmp(fsp->fs_type, FSTAB_SW))
+				if (strcmp(fsp->fs_type, FSTAB_SW) != 0)
 					continue;
-				if (strstr(fsp->fs_mntops, "noauto"))
+				if (strstr(fsp->fs_mntops, "noauto") != NULL)
 					continue;
+				/*
+				 * Forcibly enable "late" option when file= is
+				 * specified.  This is because mounting file
+				 * systems with rw option is typically
+				 * required to make the backing store ready.
+				 */
 				if (which_prog != SWAPOFF &&
-				    strstr(fsp->fs_mntops, "late") &&
-				    !late)
+				    (strstr(fsp->fs_mntops, "late") != NULL ||
+				     strstr(fsp->fs_mntops, "file=") != NULL) &&
+				    late == 0)
 					continue;
 				swfile = swap_on_off(fsp->fs_spec, 1,
 				    fsp->fs_mntops);
@@ -184,15 +189,14 @@ main(int argc, char **argv)
 					ret = 1;
 					continue;
 				}
-				if (!qflag) {
+				if (qflag == 0) {
 					printf("%s: %sing %s as swap device\n",
 					    getprogname(),
 					    (which_prog == SWAPOFF) ?
 					    "remov" : "add", swfile);
 				}
 			}
-		}
-		else if (!*argv)
+		} else if (*argv == NULL)
 			usage();
 		for (; *argv; ++argv) {
 			swfile = swap_on_off(*argv, 0, NULL);
@@ -281,7 +285,7 @@ swap_on_off_gbde(const char *name, int doingall)
 		if (error) {
 			/* bde device found.  Ignore it. */
 			free(dname);
-			if (!qflag)
+			if (qflag == 0)
 				warnx("%s: Device already in use", name);
 			return (NULL);
 		}
@@ -301,7 +305,7 @@ swap_on_off_gbde(const char *name, int doingall)
 		free(dname);
 		if (error) {
 			/* bde device not found.  Ignore it. */
-			if (!qflag)
+			if (qflag == 0)
 				warnx("%s: Device not found", name);
 			return (NULL);
 		}
@@ -316,18 +320,16 @@ swap_on_geli_args(const char *mntops)
 {
 	const char *aalgo, *ealgo, *keylen_str, *sectorsize_str;
 	const char *aflag, *eflag, *lflag, *sflag;
-	char *p;
-	char *args;
-	char *token, *string, *ops;
+	char *p, *args, *token, *string, *ops;
 	int argsize, pagesize;
 	size_t pagesize_len;
 	u_long ul;
 
-	/* Use built-in defaults for geli(8) */
+	/* Use built-in defaults for geli(8). */
 	aalgo = ealgo = keylen_str = "";
 	aflag = eflag = lflag = "";
 
-	/* We will always specify sectorsize */
+	/* We will always specify sectorsize. */
 	sflag = " -s ";
 	sectorsize_str = NULL;
 
@@ -364,7 +366,8 @@ swap_on_geli_args(const char *mntops)
 						errno = EINVAL;
 				}
 				if (errno) {
-					warn("Invalid sectorsize: %s", sectorsize_str);
+					warn("Invalid sectorsize: %s",
+					    sectorsize_str);
 					free(ops);
 					return (NULL);
 				}
@@ -382,7 +385,7 @@ swap_on_geli_args(const char *mntops)
 	 * pagesize as sector size.
 	 */
 	if (sectorsize_str == NULL) {
-		/* Use pagesize as default sectorsize */
+		/* Use pagesize as default sectorsize. */
 		pagesize = getpagesize();
 		pagesize_len = snprintf(NULL, 0, "%d", pagesize) + 1;
 		p = alloca(pagesize_len);
@@ -401,15 +404,14 @@ swap_on_geli_args(const char *mntops)
 static const char *
 swap_on_off_geli(const char *name, char *mntops, int doingall)
 {
-	char *dname;
-	char *args;
 	struct stat sb;
+	char *dname, *args;
 	int error;
 
 	error = stat(name, &sb);
 
 	if (which_prog == SWAPON) do {
-		/* Skip if the .eli device already exists */
+		/* Skip if the .eli device already exists. */
 		if (error == 0)
 			break;
 
@@ -430,8 +432,8 @@ swap_on_off_geli(const char *name, char *mntops, int doingall)
 		free(args);
 
 		if (error) {
-			/* error occured during creation */
-			if (!qflag)
+			/* error occured during creation. */
+			if (qflag == 0)
 				warnx("%s: Invalid parameters", name);
 			return (NULL);
 		}
@@ -536,7 +538,7 @@ swap_on_off_md(const char *name, char *mntops, int doingall)
 			if (error == 0) {
 				/* md device found.  Ignore it. */
 				close(fd);
-				if (!qflag)
+				if (qflag == 0)
 					warnx("md%d on %s: Device already "
 					    "in use", mdunit, vnodefile);
 				free(vnodefile);
@@ -719,13 +721,13 @@ swap_on_off_sfile(const char *name, int doingall)
 	if (error == -1) {
 		switch (errno) {
 		case EBUSY:
-			if (!doingall)
+			if (doingall == 0)
 				warnx("%s: Device already in use", name);
 			break;
 		case EINVAL:
 			if (which_prog == SWAPON)
 				warnx("%s: NSWAPDEV limit reached", name);
-			else if (!doingall)
+			else if (doingall == 0)
 				warn("%s", name);
 			break;
 		default:
@@ -740,6 +742,7 @@ swap_on_off_sfile(const char *name, int doingall)
 static void
 usage(void)
 {
+
 	fprintf(stderr, "usage: %s ", getprogname());
 	switch(orig_prog) {
 	case SWAPON:
@@ -757,16 +760,14 @@ static void
 sizetobuf(char *buf, size_t bufsize, int hflag, long long val, int hlen,
     long blocksize)
 {
+	char tmp[16];
 
 	if (hflag == 'H') {
-		char tmp[16];
-
 		humanize_number(tmp, 5, (int64_t)val, "", HN_AUTOSCALE,
 		    HN_B | HN_NOSPACE | HN_DECIMAL);
 		snprintf(buf, bufsize, "%*s", hlen, tmp);
-	} else {
+	} else
 		snprintf(buf, bufsize, "%*lld", hlen, val / blocksize);
-	}
 }
 
 static void
@@ -785,32 +786,32 @@ swaplist(int lflag, int sflag, int hflag)
 	pagesize = getpagesize();
 	switch(hflag) {
 	case 'G':
-	    blocksize = 1024 * 1024 * 1024;
-	    strlcpy(buf, "1GB-blocks", sizeof(buf));
-	    hlen = 10;
-	    break;
+		blocksize = 1024 * 1024 * 1024;
+		strlcpy(buf, "1GB-blocks", sizeof(buf));
+		hlen = 10;
+		break;
 	case 'H':
-	    blocksize = -1;
-	    strlcpy(buf, "Bytes", sizeof(buf));
-	    hlen = 10;
-	    break;
+		blocksize = -1;
+		strlcpy(buf, "Bytes", sizeof(buf));
+		hlen = 10;
+		break;
 	case 'K':
-	    blocksize = 1024;
-	    strlcpy(buf, "1kB-blocks", sizeof(buf));
-	    hlen = 10;
-	    break;
+		blocksize = 1024;
+		strlcpy(buf, "1kB-blocks", sizeof(buf));
+		hlen = 10;
+		break;
 	case 'M':
-	    blocksize = 1024 * 1024;
-	    strlcpy(buf, "1MB-blocks", sizeof(buf));
-	    hlen = 10;
-	    break;
+		blocksize = 1024 * 1024;
+		strlcpy(buf, "1MB-blocks", sizeof(buf));
+		hlen = 10;
+		break;
 	default:
-	    getbsize(&hlen, &blocksize);
-	    snprintf(buf, sizeof(buf), "%ld-blocks", blocksize);
-	    break;
+		getbsize(&hlen, &blocksize);
+		snprintf(buf, sizeof(buf), "%ld-blocks", blocksize);
+		break;
 	}
 	
-	mibsize = sizeof mib / sizeof mib[0];
+	mibsize = nitems(mib);
 	if (sysctlnametomib("vm.swap_info", mib, &mibsize) == -1)
 		err(1, "sysctlnametomib()");