Darren J Moffat
2007-Jul-25 16:53 UTC
[zfs-code] checksum code in userland, when is it called ?
Other than when using ztest when does the ZFS checksum code get run in userland ? The reason I ask is I''m trying to determine if we need to have HMAC variants of SHA256 in libmd or if using libpkcs11 will be sufficient. Or in other words can we assume that svc:/system/cryptosvc will be available (which it needs to be to call APIs in libpkcs11 just now). -- Darren J Moffat
Eric Schrock
2007-Jul-25 17:00 UTC
[zfs-code] checksum code in userland, when is it called ?
The checksum code is currently only used in libzpool, which means ztest and zdb depends on it. There is an open bug where userland code that reads labels (namely import) should also checksum the values. These are always written using ZIO_CHECKSUM_LABEL (currently SHA256). However, this would not leverage the same ZFS checksum code so it''s probably not an issue. - Eric On Wed, Jul 25, 2007 at 05:53:23PM +0100, Darren J Moffat wrote:> Other than when using ztest when does the ZFS checksum code get run in > userland ? > > The reason I ask is I''m trying to determine if we need to have HMAC > variants of SHA256 in libmd or if using libpkcs11 will be sufficient. > Or in other words can we assume that svc:/system/cryptosvc will be > available (which it needs to be to call APIs in libpkcs11 just now). > > -- > Darren J Moffat > _______________________________________________ > zfs-code mailing list > zfs-code at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-code-- Eric Schrock, Solaris Kernel Development http://blogs.sun.com/eschrock
Darren J Moffat
2007-Jul-25 17:08 UTC
[zfs-code] checksum code in userland, when is it called ?
Eric Schrock wrote:> The checksum code is currently only used in libzpool, which means ztest > and zdb depends on it.Good that os what I had hoped for.> There is an open bug where userland code that reads labels (namely > import) should also checksum the values. These are always written using > ZIO_CHECKSUM_LABEL (currently SHA256). However, this would not leverage > the same ZFS checksum code so it''s probably not an issue.I''m not quite sure I understand that last sentence, do you mean that the checksum verification on import would happen in kernel rather than in userland ? -- Darren J Moffat
Eric Schrock
2007-Jul-25 17:13 UTC
[zfs-code] checksum code in userland, when is it called ?
On Wed, Jul 25, 2007 at 06:08:41PM +0100, Darren J Moffat wrote:> > >There is an open bug where userland code that reads labels (namely > >import) should also checksum the values. These are always written using > >ZIO_CHECKSUM_LABEL (currently SHA256). However, this would not leverage > >the same ZFS checksum code so it''s probably not an issue. > > I''m not quite sure I understand that last sentence, do you mean that the > checksum verification on import would happen in kernel rather than in > userland ? >No, it would happen in userland. But your original question was whether the "ZFS checksum code" would be run in userland. In this case, we''re not leveraging libzpool or any of the zio checksum code. Rather, we would be creating a one-off checksum validation for the purposes of label verification. So we do need the ability to validate SHA256 in userland, but it doesn''t have to be in the context of the normal ZFS checksum code, nor does it have to support the full suite of checksum algorithms. Assuming the vdev labels aren''t going to be encrypted, of course. - Eric -- Eric Schrock, Solaris Kernel Development http://blogs.sun.com/eschrock
Darren J Moffat
2007-Jul-26 10:57 UTC
[zfs-code] checksum code in userland, when is it called ?
Eric Schrock wrote:> On Wed, Jul 25, 2007 at 06:08:41PM +0100, Darren J Moffat wrote: >>> There is an open bug where userland code that reads labels (namely >>> import) should also checksum the values. These are always written using >>> ZIO_CHECKSUM_LABEL (currently SHA256). However, this would not leverage >>> the same ZFS checksum code so it''s probably not an issue. >> I''m not quite sure I understand that last sentence, do you mean that the >> checksum verification on import would happen in kernel rather than in >> userland ? >> > > No, it would happen in userland. But your original question was whether > the "ZFS checksum code" would be run in userland. In this case, we''re > not leveraging libzpool or any of the zio checksum code. Rather, we > would be creating a one-off checksum validation for the purposes of > label verification. So we do need the ability to validate SHA256 in > userland, but it doesn''t have to be in the context of the normal ZFS > checksum code, nor does it have to support the full suite of checksum > algorithms.Got it! libmd as it is just now will be sufficient for that. > Assuming the vdev labels aren''t going to be encrypted, of> course.No they aren''t. -- Darren J Moffat