1eda14cbcSMatt Macy /* 2eda14cbcSMatt Macy * CDDL HEADER START 3eda14cbcSMatt Macy * 4eda14cbcSMatt Macy * The contents of this file are subject to the terms of the 5eda14cbcSMatt Macy * Common Development and Distribution License (the "License"). 6eda14cbcSMatt Macy * You may not use this file except in compliance with the License. 7eda14cbcSMatt Macy * 8eda14cbcSMatt Macy * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9271171e0SMartin Matuska * or https://opensource.org/licenses/CDDL-1.0. 10eda14cbcSMatt Macy * See the License for the specific language governing permissions 11eda14cbcSMatt Macy * and limitations under the License. 12eda14cbcSMatt Macy * 13eda14cbcSMatt Macy * When distributing Covered Code, include this CDDL HEADER in each 14eda14cbcSMatt Macy * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15eda14cbcSMatt Macy * If applicable, add the following below this CDDL HEADER, with the 16eda14cbcSMatt Macy * fields enclosed by brackets "[]" replaced with your own identifying 17eda14cbcSMatt Macy * information: Portions Copyright [yyyy] [name of copyright owner] 18eda14cbcSMatt Macy * 19eda14cbcSMatt Macy * CDDL HEADER END 20eda14cbcSMatt Macy */ 21eda14cbcSMatt Macy /* 22eda14cbcSMatt Macy * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 23eda14cbcSMatt Macy * Copyright (c) 2013, 2016 by Delphix. All rights reserved. 24eda14cbcSMatt Macy * Copyright 2013 Saso Kiselkov. All rights reserved. 25eda14cbcSMatt Macy */ 26eda14cbcSMatt Macy 27eda14cbcSMatt Macy #include <sys/zfs_context.h> 28eda14cbcSMatt Macy #include <sys/spa.h> 29eda14cbcSMatt Macy #include <sys/spa_impl.h> 30eda14cbcSMatt Macy #include <sys/zio.h> 31eda14cbcSMatt Macy #include <sys/zio_checksum.h> 32eda14cbcSMatt Macy #include <sys/zil.h> 33eda14cbcSMatt Macy #include <sys/abd.h> 34eda14cbcSMatt Macy #include <zfs_fletcher.h> 35eda14cbcSMatt Macy 36eda14cbcSMatt Macy /* 37eda14cbcSMatt Macy * Checksum vectors. 38eda14cbcSMatt Macy * 39eda14cbcSMatt Macy * In the SPA, everything is checksummed. We support checksum vectors 40eda14cbcSMatt Macy * for three distinct reasons: 41eda14cbcSMatt Macy * 42eda14cbcSMatt Macy * 1. Different kinds of data need different levels of protection. 43eda14cbcSMatt Macy * For SPA metadata, we always want a very strong checksum. 44eda14cbcSMatt Macy * For user data, we let users make the trade-off between speed 45eda14cbcSMatt Macy * and checksum strength. 46eda14cbcSMatt Macy * 47eda14cbcSMatt Macy * 2. Cryptographic hash and MAC algorithms are an area of active research. 48eda14cbcSMatt Macy * It is likely that in future hash functions will be at least as strong 49eda14cbcSMatt Macy * as current best-of-breed, and may be substantially faster as well. 50eda14cbcSMatt Macy * We want the ability to take advantage of these new hashes as soon as 51eda14cbcSMatt Macy * they become available. 52eda14cbcSMatt Macy * 53eda14cbcSMatt Macy * 3. If someone develops hardware that can compute a strong hash quickly, 54eda14cbcSMatt Macy * we want the ability to take advantage of that hardware. 55eda14cbcSMatt Macy * 56eda14cbcSMatt Macy * Of course, we don't want a checksum upgrade to invalidate existing 57eda14cbcSMatt Macy * data, so we store the checksum *function* in eight bits of the bp. 58eda14cbcSMatt Macy * This gives us room for up to 256 different checksum functions. 59eda14cbcSMatt Macy * 60eda14cbcSMatt Macy * When writing a block, we always checksum it with the latest-and-greatest 61eda14cbcSMatt Macy * checksum function of the appropriate strength. When reading a block, 62eda14cbcSMatt Macy * we compare the expected checksum against the actual checksum, which we 63eda14cbcSMatt Macy * compute via the checksum function specified by BP_GET_CHECKSUM(bp). 64eda14cbcSMatt Macy * 65eda14cbcSMatt Macy * SALTED CHECKSUMS 66eda14cbcSMatt Macy * 67eda14cbcSMatt Macy * To enable the use of less secure hash algorithms with dedup, we 68eda14cbcSMatt Macy * introduce the notion of salted checksums (MACs, really). A salted 69eda14cbcSMatt Macy * checksum is fed both a random 256-bit value (the salt) and the data 70eda14cbcSMatt Macy * to be checksummed. This salt is kept secret (stored on the pool, but 71eda14cbcSMatt Macy * never shown to the user). Thus even if an attacker knew of collision 72eda14cbcSMatt Macy * weaknesses in the hash algorithm, they won't be able to mount a known 73eda14cbcSMatt Macy * plaintext attack on the DDT, since the actual hash value cannot be 74eda14cbcSMatt Macy * known ahead of time. How the salt is used is algorithm-specific 75eda14cbcSMatt Macy * (some might simply prefix it to the data block, others might need to 76eda14cbcSMatt Macy * utilize a full-blown HMAC). On disk the salt is stored in a ZAP 77eda14cbcSMatt Macy * object in the MOS (DMU_POOL_CHECKSUM_SALT). 78eda14cbcSMatt Macy * 79eda14cbcSMatt Macy * CONTEXT TEMPLATES 80eda14cbcSMatt Macy * 81eda14cbcSMatt Macy * Some hashing algorithms need to perform a substantial amount of 82eda14cbcSMatt Macy * initialization work (e.g. salted checksums above may need to pre-hash 83eda14cbcSMatt Macy * the salt) before being able to process data. Performing this 84eda14cbcSMatt Macy * redundant work for each block would be wasteful, so we instead allow 85eda14cbcSMatt Macy * a checksum algorithm to do the work once (the first time it's used) 86eda14cbcSMatt Macy * and then keep this pre-initialized context as a template inside the 87eda14cbcSMatt Macy * spa_t (spa_cksum_tmpls). If the zio_checksum_info_t contains 88eda14cbcSMatt Macy * non-NULL ci_tmpl_init and ci_tmpl_free callbacks, they are used to 89eda14cbcSMatt Macy * construct and destruct the pre-initialized checksum context. The 90eda14cbcSMatt Macy * pre-initialized context is then reused during each checksum 91eda14cbcSMatt Macy * invocation and passed to the checksum function. 92eda14cbcSMatt Macy */ 93eda14cbcSMatt Macy 94eda14cbcSMatt Macy static void 95eda14cbcSMatt Macy abd_checksum_off(abd_t *abd, uint64_t size, 96eda14cbcSMatt Macy const void *ctx_template, zio_cksum_t *zcp) 97eda14cbcSMatt Macy { 98e92ffd9bSMartin Matuska (void) abd, (void) size, (void) ctx_template; 99eda14cbcSMatt Macy ZIO_SET_CHECKSUM(zcp, 0, 0, 0, 0); 100eda14cbcSMatt Macy } 101eda14cbcSMatt Macy 102eda14cbcSMatt Macy static void 103eda14cbcSMatt Macy abd_fletcher_2_native(abd_t *abd, uint64_t size, 104eda14cbcSMatt Macy const void *ctx_template, zio_cksum_t *zcp) 105eda14cbcSMatt Macy { 106e92ffd9bSMartin Matuska (void) ctx_template; 107eda14cbcSMatt Macy fletcher_init(zcp); 108eda14cbcSMatt Macy (void) abd_iterate_func(abd, 0, size, 109eda14cbcSMatt Macy fletcher_2_incremental_native, zcp); 110eda14cbcSMatt Macy } 111eda14cbcSMatt Macy 112eda14cbcSMatt Macy static void 113eda14cbcSMatt Macy abd_fletcher_2_byteswap(abd_t *abd, uint64_t size, 114eda14cbcSMatt Macy const void *ctx_template, zio_cksum_t *zcp) 115eda14cbcSMatt Macy { 116e92ffd9bSMartin Matuska (void) ctx_template; 117eda14cbcSMatt Macy fletcher_init(zcp); 118eda14cbcSMatt Macy (void) abd_iterate_func(abd, 0, size, 119eda14cbcSMatt Macy fletcher_2_incremental_byteswap, zcp); 120eda14cbcSMatt Macy } 121eda14cbcSMatt Macy 122eda14cbcSMatt Macy static inline void 123eda14cbcSMatt Macy abd_fletcher_4_impl(abd_t *abd, uint64_t size, zio_abd_checksum_data_t *acdp) 124eda14cbcSMatt Macy { 125eda14cbcSMatt Macy fletcher_4_abd_ops.acf_init(acdp); 126eda14cbcSMatt Macy abd_iterate_func(abd, 0, size, fletcher_4_abd_ops.acf_iter, acdp); 127eda14cbcSMatt Macy fletcher_4_abd_ops.acf_fini(acdp); 128eda14cbcSMatt Macy } 129eda14cbcSMatt Macy 130eda14cbcSMatt Macy void 131eda14cbcSMatt Macy abd_fletcher_4_native(abd_t *abd, uint64_t size, 132eda14cbcSMatt Macy const void *ctx_template, zio_cksum_t *zcp) 133eda14cbcSMatt Macy { 134e92ffd9bSMartin Matuska (void) ctx_template; 135eda14cbcSMatt Macy fletcher_4_ctx_t ctx; 136eda14cbcSMatt Macy 137eda14cbcSMatt Macy zio_abd_checksum_data_t acd = { 138eda14cbcSMatt Macy .acd_byteorder = ZIO_CHECKSUM_NATIVE, 139eda14cbcSMatt Macy .acd_zcp = zcp, 140eda14cbcSMatt Macy .acd_ctx = &ctx 141eda14cbcSMatt Macy }; 142eda14cbcSMatt Macy 143eda14cbcSMatt Macy abd_fletcher_4_impl(abd, size, &acd); 144eda14cbcSMatt Macy 145eda14cbcSMatt Macy } 146eda14cbcSMatt Macy 147eda14cbcSMatt Macy void 148eda14cbcSMatt Macy abd_fletcher_4_byteswap(abd_t *abd, uint64_t size, 149eda14cbcSMatt Macy const void *ctx_template, zio_cksum_t *zcp) 150eda14cbcSMatt Macy { 151e92ffd9bSMartin Matuska (void) ctx_template; 152eda14cbcSMatt Macy fletcher_4_ctx_t ctx; 153eda14cbcSMatt Macy 154eda14cbcSMatt Macy zio_abd_checksum_data_t acd = { 155eda14cbcSMatt Macy .acd_byteorder = ZIO_CHECKSUM_BYTESWAP, 156eda14cbcSMatt Macy .acd_zcp = zcp, 157eda14cbcSMatt Macy .acd_ctx = &ctx 158eda14cbcSMatt Macy }; 159eda14cbcSMatt Macy 160eda14cbcSMatt Macy abd_fletcher_4_impl(abd, size, &acd); 161eda14cbcSMatt Macy } 162eda14cbcSMatt Macy 163*718519f4SMartin Matuska /* 164*718519f4SMartin Matuska * Checksum vectors. 165*718519f4SMartin Matuska * 166*718519f4SMartin Matuska * Note: you cannot change the name string for these functions, as they are 167*718519f4SMartin Matuska * embedded in on-disk data in some places (eg dedup table names). 168*718519f4SMartin Matuska */ 169be181ee2SMartin Matuska zio_checksum_info_t zio_checksum_table[ZIO_CHECKSUM_FUNCTIONS] = { 170eda14cbcSMatt Macy {{NULL, NULL}, NULL, NULL, 0, "inherit"}, 171eda14cbcSMatt Macy {{NULL, NULL}, NULL, NULL, 0, "on"}, 172eda14cbcSMatt Macy {{abd_checksum_off, abd_checksum_off}, 173eda14cbcSMatt Macy NULL, NULL, 0, "off"}, 1742a58b312SMartin Matuska {{abd_checksum_sha256, abd_checksum_sha256}, 175eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_EMBEDDED, 176eda14cbcSMatt Macy "label"}, 1772a58b312SMartin Matuska {{abd_checksum_sha256, abd_checksum_sha256}, 178eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_EMBEDDED, 179eda14cbcSMatt Macy "gang_header"}, 180eda14cbcSMatt Macy {{abd_fletcher_2_native, abd_fletcher_2_byteswap}, 181eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_EMBEDDED, "zilog"}, 182eda14cbcSMatt Macy {{abd_fletcher_2_native, abd_fletcher_2_byteswap}, 183eda14cbcSMatt Macy NULL, NULL, 0, "fletcher2"}, 184eda14cbcSMatt Macy {{abd_fletcher_4_native, abd_fletcher_4_byteswap}, 185eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_METADATA, "fletcher4"}, 1862a58b312SMartin Matuska {{abd_checksum_sha256, abd_checksum_sha256}, 187eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP | 188eda14cbcSMatt Macy ZCHECKSUM_FLAG_NOPWRITE, "sha256"}, 189eda14cbcSMatt Macy {{abd_fletcher_4_native, abd_fletcher_4_byteswap}, 190eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_EMBEDDED, "zilog2"}, 191eda14cbcSMatt Macy {{abd_checksum_off, abd_checksum_off}, 192eda14cbcSMatt Macy NULL, NULL, 0, "noparity"}, 1932a58b312SMartin Matuska {{abd_checksum_sha512_native, abd_checksum_sha512_byteswap}, 194eda14cbcSMatt Macy NULL, NULL, ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP | 195eda14cbcSMatt Macy ZCHECKSUM_FLAG_NOPWRITE, "sha512"}, 196eda14cbcSMatt Macy {{abd_checksum_skein_native, abd_checksum_skein_byteswap}, 197eda14cbcSMatt Macy abd_checksum_skein_tmpl_init, abd_checksum_skein_tmpl_free, 198eda14cbcSMatt Macy ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP | 199eda14cbcSMatt Macy ZCHECKSUM_FLAG_SALTED | ZCHECKSUM_FLAG_NOPWRITE, "skein"}, 200eda14cbcSMatt Macy {{abd_checksum_edonr_native, abd_checksum_edonr_byteswap}, 201eda14cbcSMatt Macy abd_checksum_edonr_tmpl_init, abd_checksum_edonr_tmpl_free, 202eda14cbcSMatt Macy ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_SALTED | 203eda14cbcSMatt Macy ZCHECKSUM_FLAG_NOPWRITE, "edonr"}, 2041f1e2261SMartin Matuska {{abd_checksum_blake3_native, abd_checksum_blake3_byteswap}, 2051f1e2261SMartin Matuska abd_checksum_blake3_tmpl_init, abd_checksum_blake3_tmpl_free, 2061f1e2261SMartin Matuska ZCHECKSUM_FLAG_METADATA | ZCHECKSUM_FLAG_DEDUP | 2071f1e2261SMartin Matuska ZCHECKSUM_FLAG_SALTED | ZCHECKSUM_FLAG_NOPWRITE, "blake3"}, 208eda14cbcSMatt Macy }; 209eda14cbcSMatt Macy 210eda14cbcSMatt Macy /* 211eda14cbcSMatt Macy * The flag corresponding to the "verify" in dedup=[checksum,]verify 212eda14cbcSMatt Macy * must be cleared first, so callers should use ZIO_CHECKSUM_MASK. 213eda14cbcSMatt Macy */ 214eda14cbcSMatt Macy spa_feature_t 215eda14cbcSMatt Macy zio_checksum_to_feature(enum zio_checksum cksum) 216eda14cbcSMatt Macy { 217eda14cbcSMatt Macy VERIFY((cksum & ~ZIO_CHECKSUM_MASK) == 0); 218eda14cbcSMatt Macy 219eda14cbcSMatt Macy switch (cksum) { 2201f1e2261SMartin Matuska case ZIO_CHECKSUM_BLAKE3: 2211f1e2261SMartin Matuska return (SPA_FEATURE_BLAKE3); 222eda14cbcSMatt Macy case ZIO_CHECKSUM_SHA512: 223eda14cbcSMatt Macy return (SPA_FEATURE_SHA512); 224eda14cbcSMatt Macy case ZIO_CHECKSUM_SKEIN: 225eda14cbcSMatt Macy return (SPA_FEATURE_SKEIN); 226eda14cbcSMatt Macy case ZIO_CHECKSUM_EDONR: 227eda14cbcSMatt Macy return (SPA_FEATURE_EDONR); 228eda14cbcSMatt Macy default: 229eda14cbcSMatt Macy return (SPA_FEATURE_NONE); 230eda14cbcSMatt Macy } 231eda14cbcSMatt Macy } 232eda14cbcSMatt Macy 233eda14cbcSMatt Macy enum zio_checksum 234eda14cbcSMatt Macy zio_checksum_select(enum zio_checksum child, enum zio_checksum parent) 235eda14cbcSMatt Macy { 236eda14cbcSMatt Macy ASSERT(child < ZIO_CHECKSUM_FUNCTIONS); 237eda14cbcSMatt Macy ASSERT(parent < ZIO_CHECKSUM_FUNCTIONS); 238eda14cbcSMatt Macy ASSERT(parent != ZIO_CHECKSUM_INHERIT && parent != ZIO_CHECKSUM_ON); 239eda14cbcSMatt Macy 240eda14cbcSMatt Macy if (child == ZIO_CHECKSUM_INHERIT) 241eda14cbcSMatt Macy return (parent); 242eda14cbcSMatt Macy 243eda14cbcSMatt Macy if (child == ZIO_CHECKSUM_ON) 244eda14cbcSMatt Macy return (ZIO_CHECKSUM_ON_VALUE); 245eda14cbcSMatt Macy 246eda14cbcSMatt Macy return (child); 247eda14cbcSMatt Macy } 248eda14cbcSMatt Macy 249eda14cbcSMatt Macy enum zio_checksum 250eda14cbcSMatt Macy zio_checksum_dedup_select(spa_t *spa, enum zio_checksum child, 251eda14cbcSMatt Macy enum zio_checksum parent) 252eda14cbcSMatt Macy { 253eda14cbcSMatt Macy ASSERT((child & ZIO_CHECKSUM_MASK) < ZIO_CHECKSUM_FUNCTIONS); 254eda14cbcSMatt Macy ASSERT((parent & ZIO_CHECKSUM_MASK) < ZIO_CHECKSUM_FUNCTIONS); 255eda14cbcSMatt Macy ASSERT(parent != ZIO_CHECKSUM_INHERIT && parent != ZIO_CHECKSUM_ON); 256eda14cbcSMatt Macy 257eda14cbcSMatt Macy if (child == ZIO_CHECKSUM_INHERIT) 258eda14cbcSMatt Macy return (parent); 259eda14cbcSMatt Macy 260eda14cbcSMatt Macy if (child == ZIO_CHECKSUM_ON) 261eda14cbcSMatt Macy return (spa_dedup_checksum(spa)); 262eda14cbcSMatt Macy 263eda14cbcSMatt Macy if (child == (ZIO_CHECKSUM_ON | ZIO_CHECKSUM_VERIFY)) 264eda14cbcSMatt Macy return (spa_dedup_checksum(spa) | ZIO_CHECKSUM_VERIFY); 265eda14cbcSMatt Macy 266eda14cbcSMatt Macy ASSERT((zio_checksum_table[child & ZIO_CHECKSUM_MASK].ci_flags & 267eda14cbcSMatt Macy ZCHECKSUM_FLAG_DEDUP) || 268eda14cbcSMatt Macy (child & ZIO_CHECKSUM_VERIFY) || child == ZIO_CHECKSUM_OFF); 269eda14cbcSMatt Macy 270eda14cbcSMatt Macy return (child); 271eda14cbcSMatt Macy } 272eda14cbcSMatt Macy 273eda14cbcSMatt Macy /* 274eda14cbcSMatt Macy * Set the external verifier for a gang block based on <vdev, offset, txg>, 275eda14cbcSMatt Macy * a tuple which is guaranteed to be unique for the life of the pool. 276eda14cbcSMatt Macy */ 277eda14cbcSMatt Macy static void 278eda14cbcSMatt Macy zio_checksum_gang_verifier(zio_cksum_t *zcp, const blkptr_t *bp) 279eda14cbcSMatt Macy { 280eda14cbcSMatt Macy const dva_t *dva = BP_IDENTITY(bp); 281783d3ff6SMartin Matuska uint64_t txg = BP_GET_BIRTH(bp); 282eda14cbcSMatt Macy 283eda14cbcSMatt Macy ASSERT(BP_IS_GANG(bp)); 284eda14cbcSMatt Macy 285eda14cbcSMatt Macy ZIO_SET_CHECKSUM(zcp, DVA_GET_VDEV(dva), DVA_GET_OFFSET(dva), txg, 0); 286eda14cbcSMatt Macy } 287eda14cbcSMatt Macy 288eda14cbcSMatt Macy /* 289eda14cbcSMatt Macy * Set the external verifier for a label block based on its offset. 290eda14cbcSMatt Macy * The vdev is implicit, and the txg is unknowable at pool open time -- 291eda14cbcSMatt Macy * hence the logic in vdev_uberblock_load() to find the most recent copy. 292eda14cbcSMatt Macy */ 293eda14cbcSMatt Macy static void 294eda14cbcSMatt Macy zio_checksum_label_verifier(zio_cksum_t *zcp, uint64_t offset) 295eda14cbcSMatt Macy { 296eda14cbcSMatt Macy ZIO_SET_CHECKSUM(zcp, offset, 0, 0, 0); 297eda14cbcSMatt Macy } 298eda14cbcSMatt Macy 299eda14cbcSMatt Macy /* 300eda14cbcSMatt Macy * Calls the template init function of a checksum which supports context 301eda14cbcSMatt Macy * templates and installs the template into the spa_t. 302eda14cbcSMatt Macy */ 303eda14cbcSMatt Macy static void 304eda14cbcSMatt Macy zio_checksum_template_init(enum zio_checksum checksum, spa_t *spa) 305eda14cbcSMatt Macy { 306eda14cbcSMatt Macy zio_checksum_info_t *ci = &zio_checksum_table[checksum]; 307eda14cbcSMatt Macy 308eda14cbcSMatt Macy if (ci->ci_tmpl_init == NULL) 309eda14cbcSMatt Macy return; 310eda14cbcSMatt Macy if (spa->spa_cksum_tmpls[checksum] != NULL) 311eda14cbcSMatt Macy return; 312eda14cbcSMatt Macy 313eda14cbcSMatt Macy VERIFY(ci->ci_tmpl_free != NULL); 314eda14cbcSMatt Macy mutex_enter(&spa->spa_cksum_tmpls_lock); 315eda14cbcSMatt Macy if (spa->spa_cksum_tmpls[checksum] == NULL) { 316eda14cbcSMatt Macy spa->spa_cksum_tmpls[checksum] = 317eda14cbcSMatt Macy ci->ci_tmpl_init(&spa->spa_cksum_salt); 318eda14cbcSMatt Macy VERIFY(spa->spa_cksum_tmpls[checksum] != NULL); 319eda14cbcSMatt Macy } 320eda14cbcSMatt Macy mutex_exit(&spa->spa_cksum_tmpls_lock); 321eda14cbcSMatt Macy } 322eda14cbcSMatt Macy 323eda14cbcSMatt Macy /* convenience function to update a checksum to accommodate an encryption MAC */ 324eda14cbcSMatt Macy static void 325eda14cbcSMatt Macy zio_checksum_handle_crypt(zio_cksum_t *cksum, zio_cksum_t *saved, boolean_t xor) 326eda14cbcSMatt Macy { 327eda14cbcSMatt Macy /* 328eda14cbcSMatt Macy * Weak checksums do not have their entropy spread evenly 329eda14cbcSMatt Macy * across the bits of the checksum. Therefore, when truncating 330eda14cbcSMatt Macy * a weak checksum we XOR the first 2 words with the last 2 so 331eda14cbcSMatt Macy * that we don't "lose" any entropy unnecessarily. 332eda14cbcSMatt Macy */ 333eda14cbcSMatt Macy if (xor) { 334eda14cbcSMatt Macy cksum->zc_word[0] ^= cksum->zc_word[2]; 335eda14cbcSMatt Macy cksum->zc_word[1] ^= cksum->zc_word[3]; 336eda14cbcSMatt Macy } 337eda14cbcSMatt Macy 338eda14cbcSMatt Macy cksum->zc_word[2] = saved->zc_word[2]; 339eda14cbcSMatt Macy cksum->zc_word[3] = saved->zc_word[3]; 340eda14cbcSMatt Macy } 341eda14cbcSMatt Macy 342eda14cbcSMatt Macy /* 343eda14cbcSMatt Macy * Generate the checksum. 344eda14cbcSMatt Macy */ 345eda14cbcSMatt Macy void 346eda14cbcSMatt Macy zio_checksum_compute(zio_t *zio, enum zio_checksum checksum, 347eda14cbcSMatt Macy abd_t *abd, uint64_t size) 348eda14cbcSMatt Macy { 349eda14cbcSMatt Macy static const uint64_t zec_magic = ZEC_MAGIC; 350eda14cbcSMatt Macy blkptr_t *bp = zio->io_bp; 351eda14cbcSMatt Macy uint64_t offset = zio->io_offset; 352eda14cbcSMatt Macy zio_checksum_info_t *ci = &zio_checksum_table[checksum]; 353eda14cbcSMatt Macy zio_cksum_t cksum, saved; 354eda14cbcSMatt Macy spa_t *spa = zio->io_spa; 355eda14cbcSMatt Macy boolean_t insecure = (ci->ci_flags & ZCHECKSUM_FLAG_DEDUP) == 0; 356eda14cbcSMatt Macy 357eda14cbcSMatt Macy ASSERT((uint_t)checksum < ZIO_CHECKSUM_FUNCTIONS); 358eda14cbcSMatt Macy ASSERT(ci->ci_func[0] != NULL); 359eda14cbcSMatt Macy 360eda14cbcSMatt Macy zio_checksum_template_init(checksum, spa); 361eda14cbcSMatt Macy 362eda14cbcSMatt Macy if (ci->ci_flags & ZCHECKSUM_FLAG_EMBEDDED) { 363eda14cbcSMatt Macy zio_eck_t eck; 364eda14cbcSMatt Macy size_t eck_offset; 365eda14cbcSMatt Macy 366da5137abSMartin Matuska memset(&saved, 0, sizeof (zio_cksum_t)); 367eda14cbcSMatt Macy 368eda14cbcSMatt Macy if (checksum == ZIO_CHECKSUM_ZILOG2) { 369eda14cbcSMatt Macy zil_chain_t zilc; 370eda14cbcSMatt Macy abd_copy_to_buf(&zilc, abd, sizeof (zil_chain_t)); 371eda14cbcSMatt Macy 372525fe93dSMartin Matuska uint64_t nused = P2ROUNDUP_TYPED(zilc.zc_nused, 373525fe93dSMartin Matuska ZIL_MIN_BLKSZ, uint64_t); 374525fe93dSMartin Matuska ASSERT3U(size, >=, nused); 375525fe93dSMartin Matuska size = nused; 376eda14cbcSMatt Macy eck = zilc.zc_eck; 377eda14cbcSMatt Macy eck_offset = offsetof(zil_chain_t, zc_eck); 378eda14cbcSMatt Macy } else { 379525fe93dSMartin Matuska ASSERT3U(size, >=, sizeof (zio_eck_t)); 380eda14cbcSMatt Macy eck_offset = size - sizeof (zio_eck_t); 381eda14cbcSMatt Macy abd_copy_to_buf_off(&eck, abd, eck_offset, 382eda14cbcSMatt Macy sizeof (zio_eck_t)); 383eda14cbcSMatt Macy } 384eda14cbcSMatt Macy 385eda14cbcSMatt Macy if (checksum == ZIO_CHECKSUM_GANG_HEADER) { 386eda14cbcSMatt Macy zio_checksum_gang_verifier(&eck.zec_cksum, bp); 387eda14cbcSMatt Macy } else if (checksum == ZIO_CHECKSUM_LABEL) { 388eda14cbcSMatt Macy zio_checksum_label_verifier(&eck.zec_cksum, offset); 389eda14cbcSMatt Macy } else { 390eda14cbcSMatt Macy saved = eck.zec_cksum; 391eda14cbcSMatt Macy eck.zec_cksum = bp->blk_cksum; 392eda14cbcSMatt Macy } 393eda14cbcSMatt Macy 394eda14cbcSMatt Macy abd_copy_from_buf_off(abd, &zec_magic, 395eda14cbcSMatt Macy eck_offset + offsetof(zio_eck_t, zec_magic), 396eda14cbcSMatt Macy sizeof (zec_magic)); 397eda14cbcSMatt Macy abd_copy_from_buf_off(abd, &eck.zec_cksum, 398eda14cbcSMatt Macy eck_offset + offsetof(zio_eck_t, zec_cksum), 399eda14cbcSMatt Macy sizeof (zio_cksum_t)); 400eda14cbcSMatt Macy 401eda14cbcSMatt Macy ci->ci_func[0](abd, size, spa->spa_cksum_tmpls[checksum], 402eda14cbcSMatt Macy &cksum); 403eda14cbcSMatt Macy if (bp != NULL && BP_USES_CRYPT(bp) && 404eda14cbcSMatt Macy BP_GET_TYPE(bp) != DMU_OT_OBJSET) 405eda14cbcSMatt Macy zio_checksum_handle_crypt(&cksum, &saved, insecure); 406eda14cbcSMatt Macy 407eda14cbcSMatt Macy abd_copy_from_buf_off(abd, &cksum, 408eda14cbcSMatt Macy eck_offset + offsetof(zio_eck_t, zec_cksum), 409eda14cbcSMatt Macy sizeof (zio_cksum_t)); 410eda14cbcSMatt Macy } else { 411eda14cbcSMatt Macy saved = bp->blk_cksum; 412eda14cbcSMatt Macy ci->ci_func[0](abd, size, spa->spa_cksum_tmpls[checksum], 413eda14cbcSMatt Macy &cksum); 414eda14cbcSMatt Macy if (BP_USES_CRYPT(bp) && BP_GET_TYPE(bp) != DMU_OT_OBJSET) 415eda14cbcSMatt Macy zio_checksum_handle_crypt(&cksum, &saved, insecure); 416eda14cbcSMatt Macy bp->blk_cksum = cksum; 417eda14cbcSMatt Macy } 418eda14cbcSMatt Macy } 419eda14cbcSMatt Macy 420eda14cbcSMatt Macy int 421eda14cbcSMatt Macy zio_checksum_error_impl(spa_t *spa, const blkptr_t *bp, 422eda14cbcSMatt Macy enum zio_checksum checksum, abd_t *abd, uint64_t size, uint64_t offset, 423eda14cbcSMatt Macy zio_bad_cksum_t *info) 424eda14cbcSMatt Macy { 425eda14cbcSMatt Macy zio_checksum_info_t *ci = &zio_checksum_table[checksum]; 426eda14cbcSMatt Macy zio_cksum_t actual_cksum, expected_cksum; 427eda14cbcSMatt Macy zio_eck_t eck; 428eda14cbcSMatt Macy int byteswap; 429eda14cbcSMatt Macy 430eda14cbcSMatt Macy if (checksum >= ZIO_CHECKSUM_FUNCTIONS || ci->ci_func[0] == NULL) 431eda14cbcSMatt Macy return (SET_ERROR(EINVAL)); 432eda14cbcSMatt Macy 433eda14cbcSMatt Macy zio_checksum_template_init(checksum, spa); 434eda14cbcSMatt Macy 4352a58b312SMartin Matuska IMPLY(bp == NULL, ci->ci_flags & ZCHECKSUM_FLAG_EMBEDDED); 4362a58b312SMartin Matuska IMPLY(bp == NULL, checksum == ZIO_CHECKSUM_LABEL); 4372a58b312SMartin Matuska 438eda14cbcSMatt Macy if (ci->ci_flags & ZCHECKSUM_FLAG_EMBEDDED) { 439eda14cbcSMatt Macy zio_cksum_t verifier; 440eda14cbcSMatt Macy size_t eck_offset; 441eda14cbcSMatt Macy 442eda14cbcSMatt Macy if (checksum == ZIO_CHECKSUM_ZILOG2) { 443eda14cbcSMatt Macy zil_chain_t zilc; 444eda14cbcSMatt Macy uint64_t nused; 445eda14cbcSMatt Macy 446eda14cbcSMatt Macy abd_copy_to_buf(&zilc, abd, sizeof (zil_chain_t)); 447eda14cbcSMatt Macy 448eda14cbcSMatt Macy eck = zilc.zc_eck; 449eda14cbcSMatt Macy eck_offset = offsetof(zil_chain_t, zc_eck) + 450eda14cbcSMatt Macy offsetof(zio_eck_t, zec_cksum); 451eda14cbcSMatt Macy 452eda14cbcSMatt Macy if (eck.zec_magic == ZEC_MAGIC) { 453eda14cbcSMatt Macy nused = zilc.zc_nused; 454eda14cbcSMatt Macy } else if (eck.zec_magic == BSWAP_64(ZEC_MAGIC)) { 455eda14cbcSMatt Macy nused = BSWAP_64(zilc.zc_nused); 456eda14cbcSMatt Macy } else { 457eda14cbcSMatt Macy return (SET_ERROR(ECKSUM)); 458eda14cbcSMatt Macy } 459eda14cbcSMatt Macy 460525fe93dSMartin Matuska nused = P2ROUNDUP_TYPED(nused, ZIL_MIN_BLKSZ, uint64_t); 461525fe93dSMartin Matuska if (size < nused) 462eda14cbcSMatt Macy return (SET_ERROR(ECKSUM)); 463525fe93dSMartin Matuska size = nused; 464eda14cbcSMatt Macy } else { 465525fe93dSMartin Matuska if (size < sizeof (zio_eck_t)) 466525fe93dSMartin Matuska return (SET_ERROR(ECKSUM)); 467eda14cbcSMatt Macy eck_offset = size - sizeof (zio_eck_t); 468eda14cbcSMatt Macy abd_copy_to_buf_off(&eck, abd, eck_offset, 469eda14cbcSMatt Macy sizeof (zio_eck_t)); 470eda14cbcSMatt Macy eck_offset += offsetof(zio_eck_t, zec_cksum); 471eda14cbcSMatt Macy } 472eda14cbcSMatt Macy 473eda14cbcSMatt Macy if (checksum == ZIO_CHECKSUM_GANG_HEADER) 474eda14cbcSMatt Macy zio_checksum_gang_verifier(&verifier, bp); 475eda14cbcSMatt Macy else if (checksum == ZIO_CHECKSUM_LABEL) 476eda14cbcSMatt Macy zio_checksum_label_verifier(&verifier, offset); 477eda14cbcSMatt Macy else 478eda14cbcSMatt Macy verifier = bp->blk_cksum; 479eda14cbcSMatt Macy 480eda14cbcSMatt Macy byteswap = (eck.zec_magic == BSWAP_64(ZEC_MAGIC)); 481eda14cbcSMatt Macy 482eda14cbcSMatt Macy if (byteswap) 483eda14cbcSMatt Macy byteswap_uint64_array(&verifier, sizeof (zio_cksum_t)); 484eda14cbcSMatt Macy 485eda14cbcSMatt Macy expected_cksum = eck.zec_cksum; 486eda14cbcSMatt Macy 487eda14cbcSMatt Macy abd_copy_from_buf_off(abd, &verifier, eck_offset, 488eda14cbcSMatt Macy sizeof (zio_cksum_t)); 489eda14cbcSMatt Macy 490eda14cbcSMatt Macy ci->ci_func[byteswap](abd, size, 491eda14cbcSMatt Macy spa->spa_cksum_tmpls[checksum], &actual_cksum); 492eda14cbcSMatt Macy 493eda14cbcSMatt Macy abd_copy_from_buf_off(abd, &expected_cksum, eck_offset, 494eda14cbcSMatt Macy sizeof (zio_cksum_t)); 495eda14cbcSMatt Macy 496eda14cbcSMatt Macy if (byteswap) { 497eda14cbcSMatt Macy byteswap_uint64_array(&expected_cksum, 498eda14cbcSMatt Macy sizeof (zio_cksum_t)); 499eda14cbcSMatt Macy } 500eda14cbcSMatt Macy } else { 501eda14cbcSMatt Macy byteswap = BP_SHOULD_BYTESWAP(bp); 502eda14cbcSMatt Macy expected_cksum = bp->blk_cksum; 503eda14cbcSMatt Macy ci->ci_func[byteswap](abd, size, 504eda14cbcSMatt Macy spa->spa_cksum_tmpls[checksum], &actual_cksum); 505eda14cbcSMatt Macy } 506eda14cbcSMatt Macy 507eda14cbcSMatt Macy /* 508eda14cbcSMatt Macy * MAC checksums are a special case since half of this checksum will 509eda14cbcSMatt Macy * actually be the encryption MAC. This will be verified by the 510eda14cbcSMatt Macy * decryption process, so we just check the truncated checksum now. 511eda14cbcSMatt Macy * Objset blocks use embedded MACs so we don't truncate the checksum 512eda14cbcSMatt Macy * for them. 513eda14cbcSMatt Macy */ 514eda14cbcSMatt Macy if (bp != NULL && BP_USES_CRYPT(bp) && 515eda14cbcSMatt Macy BP_GET_TYPE(bp) != DMU_OT_OBJSET) { 516eda14cbcSMatt Macy if (!(ci->ci_flags & ZCHECKSUM_FLAG_DEDUP)) { 517eda14cbcSMatt Macy actual_cksum.zc_word[0] ^= actual_cksum.zc_word[2]; 518eda14cbcSMatt Macy actual_cksum.zc_word[1] ^= actual_cksum.zc_word[3]; 519eda14cbcSMatt Macy } 520eda14cbcSMatt Macy 521eda14cbcSMatt Macy actual_cksum.zc_word[2] = 0; 522eda14cbcSMatt Macy actual_cksum.zc_word[3] = 0; 523eda14cbcSMatt Macy expected_cksum.zc_word[2] = 0; 524eda14cbcSMatt Macy expected_cksum.zc_word[3] = 0; 525eda14cbcSMatt Macy } 526eda14cbcSMatt Macy 527eda14cbcSMatt Macy if (info != NULL) { 528eda14cbcSMatt Macy info->zbc_checksum_name = ci->ci_name; 529eda14cbcSMatt Macy info->zbc_byteswapped = byteswap; 530eda14cbcSMatt Macy info->zbc_injected = 0; 531eda14cbcSMatt Macy info->zbc_has_cksum = 1; 532eda14cbcSMatt Macy } 533eda14cbcSMatt Macy 534eda14cbcSMatt Macy if (!ZIO_CHECKSUM_EQUAL(actual_cksum, expected_cksum)) 535eda14cbcSMatt Macy return (SET_ERROR(ECKSUM)); 536eda14cbcSMatt Macy 537eda14cbcSMatt Macy return (0); 538eda14cbcSMatt Macy } 539eda14cbcSMatt Macy 540eda14cbcSMatt Macy int 541eda14cbcSMatt Macy zio_checksum_error(zio_t *zio, zio_bad_cksum_t *info) 542eda14cbcSMatt Macy { 543eda14cbcSMatt Macy blkptr_t *bp = zio->io_bp; 544eda14cbcSMatt Macy uint_t checksum = (bp == NULL ? zio->io_prop.zp_checksum : 545eda14cbcSMatt Macy (BP_IS_GANG(bp) ? ZIO_CHECKSUM_GANG_HEADER : BP_GET_CHECKSUM(bp))); 546eda14cbcSMatt Macy int error; 547eda14cbcSMatt Macy uint64_t size = (bp == NULL ? zio->io_size : 548eda14cbcSMatt Macy (BP_IS_GANG(bp) ? SPA_GANGBLOCKSIZE : BP_GET_PSIZE(bp))); 549eda14cbcSMatt Macy uint64_t offset = zio->io_offset; 550eda14cbcSMatt Macy abd_t *data = zio->io_abd; 551eda14cbcSMatt Macy spa_t *spa = zio->io_spa; 552eda14cbcSMatt Macy 553eda14cbcSMatt Macy error = zio_checksum_error_impl(spa, bp, checksum, data, size, 554eda14cbcSMatt Macy offset, info); 555eda14cbcSMatt Macy 556eda14cbcSMatt Macy if (zio_injection_enabled && error == 0 && zio->io_error == 0) { 557eda14cbcSMatt Macy error = zio_handle_fault_injection(zio, ECKSUM); 558eda14cbcSMatt Macy if (error != 0) 559eda14cbcSMatt Macy info->zbc_injected = 1; 560eda14cbcSMatt Macy } 561eda14cbcSMatt Macy 562eda14cbcSMatt Macy return (error); 563eda14cbcSMatt Macy } 564eda14cbcSMatt Macy 565eda14cbcSMatt Macy /* 566eda14cbcSMatt Macy * Called by a spa_t that's about to be deallocated. This steps through 567eda14cbcSMatt Macy * all of the checksum context templates and deallocates any that were 568eda14cbcSMatt Macy * initialized using the algorithm-specific template init function. 569eda14cbcSMatt Macy */ 570eda14cbcSMatt Macy void 571eda14cbcSMatt Macy zio_checksum_templates_free(spa_t *spa) 572eda14cbcSMatt Macy { 573eda14cbcSMatt Macy for (enum zio_checksum checksum = 0; 574eda14cbcSMatt Macy checksum < ZIO_CHECKSUM_FUNCTIONS; checksum++) { 575eda14cbcSMatt Macy if (spa->spa_cksum_tmpls[checksum] != NULL) { 576eda14cbcSMatt Macy zio_checksum_info_t *ci = &zio_checksum_table[checksum]; 577eda14cbcSMatt Macy 578eda14cbcSMatt Macy VERIFY(ci->ci_tmpl_free != NULL); 579eda14cbcSMatt Macy ci->ci_tmpl_free(spa->spa_cksum_tmpls[checksum]); 580eda14cbcSMatt Macy spa->spa_cksum_tmpls[checksum] = NULL; 581eda14cbcSMatt Macy } 582eda14cbcSMatt Macy } 583eda14cbcSMatt Macy } 584