4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
22 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright (c) 2013, 2016 by Delphix. All rights reserved.
24 * Copyright 2013 Saso Kiselkov. All rights reserved.
27 #include <sys/zfs_context.h>
29 #include <sys/spa_impl.h>
31 #include <sys/zio_checksum.h>
34 #include <zfs_fletcher.h>
39 * In the SPA, everything is checksummed. We support checksum vectors
40 * for three distinct reasons:
42 * 1. Different kinds of data need different levels of protection.
43 * For SPA metadata, we always want a very strong checksum.
44 * For user data, we let users make the trade-off between speed
45 * and checksum strength.
47 * 2. Cryptographic hash and MAC algorithms are an area of active research.
48 * It is likely that in future hash functions will be at least as strong
49 * as current best-of-breed, and may be substantially faster as well.
50 * We want the ability to take advantage of these new hashes as soon as
51 * they become available.
53 * 3. If someone develops hardware that can compute a strong hash quickly,
54 * we want the ability to take advantage of that hardware.
56 * Of course, we don't want a checksum upgrade to invalidate existing
57 * data, so we store the checksum *function* in eight bits of the bp.
58 * This gives us room for up to 256 different checksum functions.
60 * When writing a block, we always checksum it with the latest-and-greatest
61 * checksum function of the appropriate strength. When reading a block,
62 * we compare the expected checksum against the actual checksum, which we
63 * compute via the checksum function specified by BP_GET_CHECKSUM(bp).
67 * To enable the use of less secure hash algorithms with dedup, we
68 * introduce the notion of salted checksums (MACs, really). A salted
69 * checksum is fed both a random 256-bit value (the salt) and the data
70 * to be checksummed. This salt is kept secret (stored on the pool, but
71 * never shown to the user). Thus even if an attacker knew of collision
72 * weaknesses in the hash algorithm, they won't be able to mount a known
73 * plaintext attack on the DDT, since the actual hash value cannot be
74 * known ahead of time. How the salt is used is algorithm-specific
75 * (some might simply prefix it to the data block, others might need to
76 * utilize a full-blown HMAC). On disk the salt is stored in a ZAP
77 * object in the MOS (DMU_POOL_CHECKSUM_SALT).
81 * Some hashing algorithms need to perform a substantial amount of
82 * initialization work (e.g. salted checksums above may need to pre-hash
83 * the salt) before being able to process data. Performing this
84 * redundant work for each block would be wasteful, so we instead allow
85 * a checksum algorithm to do the work once (the first time it's used)
86 * and then keep this pre-initialized context as a template inside the
87 * spa_t (spa_cksum_tmpls). If the zio_checksum_info_t contains
88 * non-NULL ci_tmpl_init and ci_tmpl_free callbacks, they are used to
89 * construct and destruct the pre-initialized checksum context. The
90 * pre-initialized context is then reused during each checksum
91 * invocation and passed to the checksum function.
96 abd_checksum_off(abd_t *abd, uint64_t size,
97 const void *ctx_template, zio_cksum_t *zcp)
99 ZIO_SET_CHECKSUM(zcp, 0, 0, 0, 0);
104 abd_fletcher_2_native(abd_t *abd, uint64_t size,
105 const void *ctx_template, zio_cksum_t *zcp)
108 (void) abd_iterate_func(abd, 0, size,
109 fletcher_2_incremental_native, zcp);
114 abd_fletcher_2_byteswap(abd_t *abd, uint64_t size,
115 const void *ctx_template, zio_cksum_t *zcp)
118 (void) abd_iterate_func(abd, 0, size,
119 fletcher_2_incremental_byteswap, zcp);
123 abd_fletcher_4_impl(abd_t *abd, uint64_t size, zio_abd_checksum_data_t *acdp)
125 fletcher_4_abd_ops.acf_init(acdp);
126 abd_iterate_func(abd, 0, size, fletcher_4_abd_ops.acf_iter, acdp);
127 fletcher_4_abd_ops.acf_fini(acdp);
132 abd_fletcher_4_native(abd_t *abd, uint64_t size,
133 const void *ctx_template, zio_cksum_t *zcp)
135 fletcher_4_ctx_t ctx;
137 zio_abd_checksum_data_t acd = {
138 .acd_byteorder = ZIO_CHECKSUM_NATIVE,
143 abd_fletcher_4_impl(abd, size, &acd);
149 abd_fletcher_4_byteswap(abd_t *abd, uint64_t size,
150 const void *ctx_template, zio_cksum_t *zcp)
152 fletcher_4_ctx_t ctx;
154 zio_abd_checksum_data_t acd = {
155 .acd_byteorder = ZIO_CHECKSUM_BYTESWAP,
160 abd_fletcher_4_impl(abd, size, &acd);
163 zio_checksum_info_t zio_checksum_table[ZIO_CHECKSUM_FUNCTIONS] = {
164 {{NULL, NULL}, NULL, NULL, 0, "inherit"},
165 {{NULL, NULL}, NULL, NULL, 0, "on"},
166 {{abd_checksum_off, abd_checksum_off},
167 NULL, NULL, 0, "off"},
168 {{abd_checksum_SHA256, abd_checksum_SHA256},
169 NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_EMBEDDED,
171 {{abd_checksum_SHA256, abd_checksum_SHA256},
172 NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_EMBEDDED,
174 {{abd_fletcher_2_native, abd_fletcher_2_byteswap},
175 NULL, NULL, ZCHECKSUM_FLAG_EMBEDDED, "zilog"},
176 {{abd_fletcher_2_native, abd_fletcher_2_byteswap},
177 NULL, NULL, 0, "fletcher2"},
178 {{abd_fletcher_4_native, abd_fletcher_4_byteswap},
179 NULL, NULL, ZCHECKSUM_FLAG_METADATA, "fletcher4"},
180 {{abd_checksum_SHA256, abd_checksum_SHA256},
181 NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP |
182 ZCHECKSUM_FLAG_NOPWRITE, "sha256"},
183 {{abd_fletcher_4_native, abd_fletcher_4_byteswap},
184 NULL, NULL, ZCHECKSUM_FLAG_EMBEDDED, "zilog2"},
185 {{abd_checksum_off, abd_checksum_off},
186 NULL, NULL, 0, "noparity"},
187 {{abd_checksum_SHA512_native, abd_checksum_SHA512_byteswap},
188 NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP |
189 ZCHECKSUM_FLAG_NOPWRITE, "sha512"},
190 {{abd_checksum_skein_native, abd_checksum_skein_byteswap},
191 abd_checksum_skein_tmpl_init, abd_checksum_skein_tmpl_free,
192 ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP |
193 ZCHECKSUM_FLAG_SALTED | ZCHECKSUM_FLAG_NOPWRITE, "skein"},
194 {{abd_checksum_edonr_native, abd_checksum_edonr_byteswap},
195 abd_checksum_edonr_tmpl_init, abd_checksum_edonr_tmpl_free,
196 ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_SALTED |
197 ZCHECKSUM_FLAG_NOPWRITE, "edonr"},
201 * The flag corresponding to the "verify" in dedup=[checksum,]verify
202 * must be cleared first, so callers should use ZIO_CHECKSUM_MASK.
205 zio_checksum_to_feature(enum zio_checksum cksum)
207 VERIFY((cksum & ~ZIO_CHECKSUM_MASK) == 0);
210 case ZIO_CHECKSUM_SHA512:
211 return (SPA_FEATURE_SHA512);
212 case ZIO_CHECKSUM_SKEIN:
213 return (SPA_FEATURE_SKEIN);
214 case ZIO_CHECKSUM_EDONR:
215 return (SPA_FEATURE_EDONR);
217 return (SPA_FEATURE_NONE);
222 zio_checksum_select(enum zio_checksum child, enum zio_checksum parent)
224 ASSERT(child < ZIO_CHECKSUM_FUNCTIONS);
225 ASSERT(parent < ZIO_CHECKSUM_FUNCTIONS);
226 ASSERT(parent != ZIO_CHECKSUM_INHERIT && parent != ZIO_CHECKSUM_ON);
228 if (child == ZIO_CHECKSUM_INHERIT)
231 if (child == ZIO_CHECKSUM_ON)
232 return (ZIO_CHECKSUM_ON_VALUE);
238 zio_checksum_dedup_select(spa_t *spa, enum zio_checksum child,
239 enum zio_checksum parent)
241 ASSERT((child & ZIO_CHECKSUM_MASK) < ZIO_CHECKSUM_FUNCTIONS);
242 ASSERT((parent & ZIO_CHECKSUM_MASK) < ZIO_CHECKSUM_FUNCTIONS);
243 ASSERT(parent != ZIO_CHECKSUM_INHERIT && parent != ZIO_CHECKSUM_ON);
245 if (child == ZIO_CHECKSUM_INHERIT)
248 if (child == ZIO_CHECKSUM_ON)
249 return (spa_dedup_checksum(spa));
251 if (child == (ZIO_CHECKSUM_ON | ZIO_CHECKSUM_VERIFY))
252 return (spa_dedup_checksum(spa) | ZIO_CHECKSUM_VERIFY);
254 ASSERT((zio_checksum_table[child & ZIO_CHECKSUM_MASK].ci_flags &
255 ZCHECKSUM_FLAG_DEDUP) ||
256 (child & ZIO_CHECKSUM_VERIFY) || child == ZIO_CHECKSUM_OFF);
262 * Set the external verifier for a gang block based on <vdev, offset, txg>,
263 * a tuple which is guaranteed to be unique for the life of the pool.
266 zio_checksum_gang_verifier(zio_cksum_t *zcp, blkptr_t *bp)
268 const dva_t *dva = BP_IDENTITY(bp);
269 uint64_t txg = BP_PHYSICAL_BIRTH(bp);
271 ASSERT(BP_IS_GANG(bp));
273 ZIO_SET_CHECKSUM(zcp, DVA_GET_VDEV(dva), DVA_GET_OFFSET(dva), txg, 0);
277 * Set the external verifier for a label block based on its offset.
278 * The vdev is implicit, and the txg is unknowable at pool open time --
279 * hence the logic in vdev_uberblock_load() to find the most recent copy.
282 zio_checksum_label_verifier(zio_cksum_t *zcp, uint64_t offset)
284 ZIO_SET_CHECKSUM(zcp, offset, 0, 0, 0);
288 * Calls the template init function of a checksum which supports context
289 * templates and installs the template into the spa_t.
292 zio_checksum_template_init(enum zio_checksum checksum, spa_t *spa)
294 zio_checksum_info_t *ci = &zio_checksum_table[checksum];
296 if (ci->ci_tmpl_init == NULL)
298 if (spa->spa_cksum_tmpls[checksum] != NULL)
301 VERIFY(ci->ci_tmpl_free != NULL);
302 mutex_enter(&spa->spa_cksum_tmpls_lock);
303 if (spa->spa_cksum_tmpls[checksum] == NULL) {
304 spa->spa_cksum_tmpls[checksum] =
305 ci->ci_tmpl_init(&spa->spa_cksum_salt);
306 VERIFY(spa->spa_cksum_tmpls[checksum] != NULL);
308 mutex_exit(&spa->spa_cksum_tmpls_lock);
312 * Generate the checksum.
315 zio_checksum_compute(zio_t *zio, enum zio_checksum checksum,
316 abd_t *abd, uint64_t size)
318 blkptr_t *bp = zio->io_bp;
319 uint64_t offset = zio->io_offset;
320 zio_checksum_info_t *ci = &zio_checksum_table[checksum];
322 spa_t *spa = zio->io_spa;
324 ASSERT((uint_t)checksum < ZIO_CHECKSUM_FUNCTIONS);
325 ASSERT(ci->ci_func[0] != NULL);
327 zio_checksum_template_init(checksum, spa);
329 if (ci->ci_flags & ZCHECKSUM_FLAG_EMBEDDED) {
331 void *data = abd_to_buf(abd);
333 if (checksum == ZIO_CHECKSUM_ZILOG2) {
334 zil_chain_t *zilc = data;
336 size = P2ROUNDUP_TYPED(zilc->zc_nused, ZIL_MIN_BLKSZ,
340 eck = (zio_eck_t *)((char *)data + size) - 1;
342 if (checksum == ZIO_CHECKSUM_GANG_HEADER)
343 zio_checksum_gang_verifier(&eck->zec_cksum, bp);
344 else if (checksum == ZIO_CHECKSUM_LABEL)
345 zio_checksum_label_verifier(&eck->zec_cksum, offset);
347 bp->blk_cksum = eck->zec_cksum;
348 eck->zec_magic = ZEC_MAGIC;
349 ci->ci_func[0](abd, size, spa->spa_cksum_tmpls[checksum],
351 eck->zec_cksum = cksum;
353 ci->ci_func[0](abd, size, spa->spa_cksum_tmpls[checksum],
359 zio_checksum_error_impl(spa_t *spa, blkptr_t *bp, enum zio_checksum checksum,
360 abd_t *abd, uint64_t size, uint64_t offset, zio_bad_cksum_t *info)
362 zio_checksum_info_t *ci = &zio_checksum_table[checksum];
364 zio_cksum_t actual_cksum, expected_cksum;
366 if (checksum >= ZIO_CHECKSUM_FUNCTIONS || ci->ci_func[0] == NULL)
367 return (SET_ERROR(EINVAL));
369 zio_checksum_template_init(checksum, spa);
371 if (ci->ci_flags & ZCHECKSUM_FLAG_EMBEDDED) {
373 zio_cksum_t verifier;
375 uint64_t data_size = size;
376 void *data = abd_borrow_buf_copy(abd, data_size);
378 if (checksum == ZIO_CHECKSUM_ZILOG2) {
379 zil_chain_t *zilc = data;
383 if (eck->zec_magic == ZEC_MAGIC) {
384 nused = zilc->zc_nused;
385 } else if (eck->zec_magic == BSWAP_64(ZEC_MAGIC)) {
386 nused = BSWAP_64(zilc->zc_nused);
388 abd_return_buf(abd, data, data_size);
389 return (SET_ERROR(ECKSUM));
392 if (nused > data_size) {
393 abd_return_buf(abd, data, data_size);
394 return (SET_ERROR(ECKSUM));
397 size = P2ROUNDUP_TYPED(nused, ZIL_MIN_BLKSZ, uint64_t);
399 eck = (zio_eck_t *)((char *)data + data_size) - 1;
402 if (checksum == ZIO_CHECKSUM_GANG_HEADER)
403 zio_checksum_gang_verifier(&verifier, bp);
404 else if (checksum == ZIO_CHECKSUM_LABEL)
405 zio_checksum_label_verifier(&verifier, offset);
407 verifier = bp->blk_cksum;
409 byteswap = (eck->zec_magic == BSWAP_64(ZEC_MAGIC));
412 byteswap_uint64_array(&verifier, sizeof (zio_cksum_t));
414 eck_offset = (size_t)(&eck->zec_cksum) - (size_t)data;
415 expected_cksum = eck->zec_cksum;
416 eck->zec_cksum = verifier;
417 abd_return_buf_copy(abd, data, data_size);
419 ci->ci_func[byteswap](abd, size,
420 spa->spa_cksum_tmpls[checksum], &actual_cksum);
421 abd_copy_from_buf_off(abd, &expected_cksum,
422 eck_offset, sizeof (zio_cksum_t));
425 byteswap_uint64_array(&expected_cksum,
426 sizeof (zio_cksum_t));
429 byteswap = BP_SHOULD_BYTESWAP(bp);
430 expected_cksum = bp->blk_cksum;
431 ci->ci_func[byteswap](abd, size,
432 spa->spa_cksum_tmpls[checksum], &actual_cksum);
436 info->zbc_expected = expected_cksum;
437 info->zbc_actual = actual_cksum;
438 info->zbc_checksum_name = ci->ci_name;
439 info->zbc_byteswapped = byteswap;
440 info->zbc_injected = 0;
441 info->zbc_has_cksum = 1;
444 if (!ZIO_CHECKSUM_EQUAL(actual_cksum, expected_cksum))
445 return (SET_ERROR(ECKSUM));
451 zio_checksum_error(zio_t *zio, zio_bad_cksum_t *info)
453 blkptr_t *bp = zio->io_bp;
454 uint_t checksum = (bp == NULL ? zio->io_prop.zp_checksum :
455 (BP_IS_GANG(bp) ? ZIO_CHECKSUM_GANG_HEADER : BP_GET_CHECKSUM(bp)));
457 uint64_t size = (bp == NULL ? zio->io_size :
458 (BP_IS_GANG(bp) ? SPA_GANGBLOCKSIZE : BP_GET_PSIZE(bp)));
459 uint64_t offset = zio->io_offset;
460 abd_t *data = zio->io_abd;
461 spa_t *spa = zio->io_spa;
463 error = zio_checksum_error_impl(spa, bp, checksum, data, size,
466 if (zio_injection_enabled && error == 0 && zio->io_error == 0) {
467 error = zio_handle_fault_injection(zio, ECKSUM);
469 info->zbc_injected = 1;
476 * Called by a spa_t that's about to be deallocated. This steps through
477 * all of the checksum context templates and deallocates any that were
478 * initialized using the algorithm-specific template init function.
481 zio_checksum_templates_free(spa_t *spa)
483 enum zio_checksum checksum;
484 for (checksum = 0; checksum < ZIO_CHECKSUM_FUNCTIONS;
486 if (spa->spa_cksum_tmpls[checksum] != NULL) {
487 zio_checksum_info_t *ci = &zio_checksum_table[checksum];
489 VERIFY(ci->ci_tmpl_free != NULL);
490 ci->ci_tmpl_free(spa->spa_cksum_tmpls[checksum]);
491 spa->spa_cksum_tmpls[checksum] = NULL;