NetBSD Problem Report #58212

From mdehling@gmail.com  Sun Apr 28 20:13:09 2024
Return-Path: <mdehling@gmail.com>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 661B41A9238
	for <gnats-bugs@gnats.NetBSD.org>; Sun, 28 Apr 2024 20:13:09 +0000 (UTC)
Message-Id: <CAP+FTfX-x5FWjpGxQhUeZ5Vg+ytHqYM5aX+UzbsRhEMeg623OA@mail.gmail.com>
Date: Sun, 28 Apr 2024 13:13:05 -0700
From: Malte Dehling <mdehling@gmail.com>
To: GNATS Bugs <gnats-bugs@netbsd.org>
Subject: cgdconfig(8): Add zfs verification method
X-Send-Pr-Version: 3.95

>Number:         58212
>Category:       bin
>Synopsis:       cgdconfig(8): Add zfs verification method
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 28 20:15:00 +0000 2024
>Closed-Date:    Sat Oct 12 17:05:18 +0000 2024
>Last-Modified:  Sat Oct 12 17:05:18 +0000 2024
>Originator:     Malte Dehling
>Release:        NetBSD 10.0, -current
>Organization:
>Environment:
    NetBSD 10.0 (GENERIC) #4: Wed Apr 24 12:21:26 PDT 2024
    mdehling@nb-base-dev:/scratch/obj/sys/arch/amd64/compile/GENERIC amd64

>Description:
I would like to propose the attached patch to add a zfs verification
method to the cgdconfig(8) program.  With such a method, it will be
possible to use cgd devices as vdevs in a zpool without an intermediate
gpt.

The verification method used here is the same as in fstyp(8): read the
first vdev label (256k at offset 0) and see if vdev_label->vl_vdev_phys
(112k-40b at offset 16k) describes a valid nvlist structure with existing
zpool name property.

>How-To-Repeat:

>Fix:
Make it possible to use cgd devices as vdevs in a zpool without an
intermediate gpt.
---
 .../amd64/ramdisks/ramdisk-cgdroot/Makefile   |  3 ++
 .../amd64/ramdisks/ramdisk-cgdroot/list.zfs   |  3 ++
 rescue/Makefile                               |  4 ++
 rescue/list.zfs                               |  3 ++
 sbin/cgdconfig/Makefile                       | 18 +++++++
 sbin/cgdconfig/cgdconfig.8                    |  2 +
 sbin/cgdconfig/cgdconfig.c                    | 53 +++++++++++++++++++
 sbin/cgdconfig/params.c                       |  9 ++++
 sbin/cgdconfig/params.h                       |  1 +
 9 files changed, 96 insertions(+)
 create mode 100644 distrib/amd64/ramdisks/ramdisk-cgdroot/list.zfs
 create mode 100644 rescue/list.zfs

diff --git a/distrib/amd64/ramdisks/ramdisk-cgdroot/Makefile
b/distrib/amd64/ramdisks/ramdisk-cgdroot/Makefile
index 7be7a009f28..75b07c6ebf0 100644
--- a/distrib/amd64/ramdisks/ramdisk-cgdroot/Makefile
+++ b/distrib/amd64/ramdisks/ramdisk-cgdroot/Makefile
@@ -9,6 +9,9 @@ SMALLPROG_INET6=1
 .include "${.CURDIR}/../common/Makefile.ramdisk"

 LISTS+=		${DISTRIBDIR}/common/list.cgdroot
+.if ${MKZFS} != "no"
+LISTS+=		${.CURDIR}/list.zfs
+.endif
 MTREECONF+=	${DISTRIBDIR}/common/mtree.cgdroot

 .if ${USE_INET6} != "no"
diff --git a/distrib/amd64/ramdisks/ramdisk-cgdroot/list.zfs
b/distrib/amd64/ramdisks/ramdisk-cgdroot/list.zfs
new file mode 100644
index 00000000000..8247065d020
--- /dev/null
+++ b/distrib/amd64/ramdisks/ramdisk-cgdroot/list.zfs
@@ -0,0 +1,3 @@
+#	$NetBSD$
+
+LIBS    -lnvpair
diff --git a/rescue/Makefile b/rescue/Makefile
index 459e8a7135a..6ed6c178f3f 100644
--- a/rescue/Makefile
+++ b/rescue/Makefile
@@ -42,6 +42,10 @@ LISTS+=		${.CURDIR}/list.${f}
 LISTS+=		${.CURDIR}/list.inet6
 .endif

+.if ${MKZFS} != "no"
+LISTS+=		${.CURDIR}/list.zfs
+.endif
+
 LISTS+=		${.CURDIR}/list.crypto
 CRUNCHENV+=	MKKERBEROS=no		# for ssh

diff --git a/rescue/list.zfs b/rescue/list.zfs
new file mode 100644
index 00000000000..02bf8bc362c
--- /dev/null
+++ b/rescue/list.zfs
@@ -0,0 +1,3 @@
+#	$NetBSD$
+
+LIBS	-lnvpair
diff --git a/sbin/cgdconfig/Makefile b/sbin/cgdconfig/Makefile
index fec75b4e375..bf1be8109e3 100644
--- a/sbin/cgdconfig/Makefile
+++ b/sbin/cgdconfig/Makefile
@@ -29,4 +29,22 @@ ARGON2_NO_THREADS=1
 .include "${NETBSDSRCDIR}/external/apache2/argon2/lib/libargon2/Makefile.inc"
 .endif

+.if ${MKZFS} != "no"
+DPADD+=	${LIBNVPAIR}
+LDADD+=	-lnvpair
+CPPFLAGS+=	-DHAVE_ZFS
+
+OSNET=${NETBSDSRCDIR}/external/cddl/osnet
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/include
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/sys
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/head
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/lib/libzpool/common
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common/fs/zfs
+CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/lib/libnvpair
+
+COPTS.cgdconfig.c+=	-Wno-unknown-pragmas
+COPTS.cgdconfig.c+=	-Wno-strict-prototypes
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/cgdconfig/cgdconfig.8 b/sbin/cgdconfig/cgdconfig.8
index 2b0da2cb732..e48ccde02c5 100644
--- a/sbin/cgdconfig/cgdconfig.8
+++ b/sbin/cgdconfig/cgdconfig.8
@@ -270,6 +270,8 @@ scan for a valid Master Boot Record.
 scan for a valid GUID partition table.
 .It ffs
 scan for a valid FFS file system.
+.It zfs
+scan for a valid ZFS vdev label (if compiled with MKZFS).
 .It re-enter
 prompt for passphrase twice, and ensure entered passphrases are
 identical.
diff --git a/sbin/cgdconfig/cgdconfig.c b/sbin/cgdconfig/cgdconfig.c
index 9a634ef37e2..4baccb1d68f 100644
--- a/sbin/cgdconfig/cgdconfig.c
+++ b/sbin/cgdconfig/cgdconfig.c
@@ -73,6 +73,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.61 2022/11/17
06:40:38 chs Exp $");

 #include <ufs/ffs/fs.h>

+#ifdef HAVE_ZFS
+#include <libnvpair.h>
+#include <sys/vdev_impl.h>
+#endif
+
 #include "params.h"
 #include "pkcs5_pbkdf2.h"
 #include "utils.h"
@@ -170,6 +175,9 @@ static int	 verify_ffs(int);
 static int	 verify_reenter(struct params *);
 static int	 verify_mbr(int);
 static int	 verify_gpt(int);
+#ifdef HAVE_ZFS
+static int	 verify_zfs(int);
+#endif

 __dead static void	 usage(void);

@@ -1024,6 +1032,10 @@ verify(struct params *p, int fd)
 		return verify_mbr(fd);
 	case VERIFY_GPT:
 		return verify_gpt(fd);
+#ifdef HAVE_ZFS
+	case VERIFY_ZFS:
+		return verify_zfs(fd);
+#endif
 	default:
 		warnx("unimplemented verification method");
 		return -1;
@@ -1182,6 +1194,47 @@ verify_gpt(int fd)
 	return ret;
 }

+#ifdef HAVE_ZFS
+static int
+verify_zfs(int fd)
+{
+	vdev_label_t *vdev_label;
+	vdev_phys_t *vdev_phys;
+	nvlist_t *config = NULL;
+	ssize_t ret;
+
+	/*
+	 * Read the first ZFS vdev label located at offset 0.
+	 */
+	vdev_label = emalloc(sizeof *vdev_label);
+	ret = prog_pread(fd, vdev_label, sizeof(*vdev_label), 0);
+	if (ret < 0) {
+		warn("pread");
+		ret = 1;
+		goto bail;
+	} else if ((size_t)ret < sizeof(*vdev_label)) {
+		warnx("pread: incomplete block");
+		ret = 1;
+		goto bail;
+	};
+
+	ret = 0;
+
+	vdev_phys = &(vdev_label->vl_vdev_phys);
+	if ((nvlist_unpack(vdev_phys->vp_nvlist,
+		sizeof(vdev_phys->vp_nvlist), &config, 0)) != 0 ||
+		!nvlist_exists(config, "name"))
+	{
+		ret = 1;
+	};
+
+	nvlist_free(config);
+ bail:
+	free(vdev_label);
+	return ret;
+}
+#endif
+
 static off_t sblock_try[] = SBLOCKSEARCH;

 static int
diff --git a/sbin/cgdconfig/params.c b/sbin/cgdconfig/params.c
index 91af02c21cc..5da25ec0595 100644
--- a/sbin/cgdconfig/params.c
+++ b/sbin/cgdconfig/params.c
@@ -287,6 +287,10 @@ params_verify_method(string_t *in)
 		p->verify_method = VERIFY_MBR;
 	if (!strcmp("gpt", vm))
 		p->verify_method = VERIFY_GPT;
+#ifdef HAVE_ZFS
+	if (!strcmp("zfs", vm))
+		p->verify_method = VERIFY_ZFS;
+#endif

 	string_free(in);

@@ -1065,6 +1069,11 @@ params_fput(struct params *p, FILE *f)
 	case VERIFY_GPT:
 		print_kvpair_cstr(f, ts, "verify_method", "gpt");
 		break;
+#ifdef HAVE_ZFS
+	case VERIFY_ZFS:
+		print_kvpair_cstr(f, ts, "verify_method", "zfs");
+		break;
+#endif
 	default:
 		warnx("unsupported verify_method (%d)", p->verify_method);
 		return -1;
diff --git a/sbin/cgdconfig/params.h b/sbin/cgdconfig/params.h
index fb79a0deb80..ef49dde6aba 100644
--- a/sbin/cgdconfig/params.h
+++ b/sbin/cgdconfig/params.h
@@ -81,6 +81,7 @@ struct params {
 #define VERIFY_REENTER		0x4
 #define VERIFY_MBR      	0x5
 #define VERIFY_GPT      	0x6
+#define VERIFY_ZFS      	0x7

 /* shared key derivation methods */

-- 
Malte Dehling

>Release-Note:

>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: Malte Dehling <mdehling@gmail.com>
Cc: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Sun, 28 Apr 2024 20:38:55 +0000

 Cool, thanks!  We should definitely have a zfs verification method for
 cgdconfig(8).  But I think we can do it a little more robustly -- and
 with fewer dependencies outside libc in cgdconfig(8).

 Here's what I wrote the last time someone suggested this -- identical
 to the nvlist approach you adapted from fstyp(8) -- but my round tuit
 supply ran short of taking the approach I suggested of verifying a
 fixed magic number and a SHA-256 hash over the header:


 I wonder if we can do this without pulling so much into cgdconfig and
 doing parsing there, though?

 A comment in fstyp(8) suggests there's a checksum (which it doesn't
 verify); maybe we can use that?

 Would be nice if there were a reference to the data format that we can
 put in a comment -- which should appear in fstyp(8) too.

 Would also be nice if we could quantify the false acceptance
 probability under uniform random data (i.e., wrong password, modelling
 password hash as uniform random function).  For the current
 verification methods it looks like:

 verify_ffs      =3D 1 - (1 - 4/2^32)^4 < one in 250 * 10^6
 verify_gpt      < 1 - (1 - 1/2^96)^4 < one in 10^28
 verify_mbr      =3D 1/2^16 (much too high for my comfort!)

 For zfs I would hope it can be much lower than for ffs.

 I went hunting through the zfs header files and it looks like the vdev
 label has a magic number and some kind of 256-bit checksum -- not
 specific to the vdev label (other zpool data structures have the same
 magic number and checksum), but maybe we can use it:

 /* vdev_impl.h */
 typedef struct vdev_phys {
         char            vp_nvlist[VDEV_PHYS_SIZE - sizeof (zio_eck_t)];
         zio_eck_t       vp_zbt;
 } vdev_phys_t;

 typedef struct vdev_label {
         char            vl_pad1[VDEV_PAD_SIZE];                 /*  8K */
         char            vl_pad2[VDEV_PAD_SIZE];                 /*  8K */
         vdev_phys_t     vl_vdev_phys;                           /* 112K */
         char            vl_uberblock[VDEV_UBERBLOCK_RING];      /* 128K */
 } vdev_label_t;                                                 /* 256K tot=
 al */

 /* zio.h */
 #define ZEC_MAGIC       0x210da7ab10c7a11ULL

 typedef struct zio_eck {
         uint64_t        zec_magic;      /* for validation, endianness   */
         zio_cksum_t     zec_cksum;      /* 256-bit checksum             */
 } zio_eck_t;

 Judging by zio_checksum.c, it looks like it's SHA-256.

 I grepped for some of the nvlist keys that zfs uses, and found
 libzfs_import.c, which does a couple things:

 - Tries not just offset 0, but up to four different offsets with the
   label_offset function.

 - Checks for "state" and "txg" in the nvlist.

 vdev_label_read_config also tries several different offsets, but only
 checks for "txg" -- and doesn't even require that.  So the nvlist keys
 may be a red herring here.

 But with the checksum, it looks like we could get by with:

 1. (optional) for each possible label offset:

 2. verify vl->vl_vdev_phys.vp_zbt.zec_magic =3D=3D ZEC_MAGIC or
    byte-swapped, and

 3. verify vl->vl_vdev_phys.vp_zbt.zec_cksum is the SHA-256 hash of
    whatever part of vl it's computed over.

 The SHA-256 hash appears to be calculated over vl->vl_vdev_phys, but
 with vp_zbt.zec_cksum set to

    {labeloffset + offsetof(struct vdev_label, vl_vdev_phys), 0, 0, 0},

 with the 64-bit words possibly encoded in the same byte order as
 zec_magic.  Except then the bytes of each 64-bit word in the SHA-256
 output hash are byte-swapped.

 This seems to check out on the one sample I tried, and it should have
 a false detection probability under uniform random data well below
 1/2^256 which is extremely comfortable.  (Should also have low false
 detection probability under other formats too because of the checksum
 even if you store a file with the magic number in it.)

From: Robert Elz <kre@munnari.OZ.AU>
To: Taylor R Campbell <riastradh@NetBSD.org>
Cc: Malte Dehling <mdehling@gmail.com>, gnats-bugs@NetBSD.org,
        netbsd-bugs@NetBSD.org
Subject: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Mon, 29 Apr 2024 05:19:05 +0700

     Date:        Sun, 28 Apr 2024 20:38:55 +0000
     From:        Taylor R Campbell <riastradh@NetBSD.org>
     Message-ID:  <20240428203857.A5B9C84D67@mail.netbsd.org>

   | A comment in fstyp(8) suggests there's a checksum (which it doesn't
   | verify); maybe we can use that?

 As long as the checksum is guaranteed to be there (if it is currently
 unused, someone might decide not to bother calculating it, one day)
 and it is clear over which bytes the checksum is calculated (and
 which algorithm to use), that would be fine.

   | Would also be nice if we could quantify the false acceptance probability

 It doesn't really matter, this has nothing whatever to do with the
 security of the cgd, these validity checks are used merely to allow
 detection of incorrect passwords (etc) - they (even when they appear
 to be validating some data struct) have nothing whatever to do with
 use of any of the data.

 That is, if the validation method should give a false positive, the
 only effect is that when the cgd data is later used, it will effectively
 contain rubbish (just as would, say, an uninitialised partition of
 a drive) - if the (software) user of the data cannot detect that
 the daya is invalid, then it has problems, but they aren't caused
 by cgd, it would have the same problems in other uses.

 This interpretation is reinforced by the fact that it is possible to
 simply disable the verification (command line option), not bother doing
 it at all, and everything still works, and is just as secure.

 It is nice for the (human) user to be told what the issue is, as
 soon as possible (eg: to be told the wrong password has been given)
 rather than have some later step complain, but it isn't important.

 The 1/2^16 probability that the MBR gives (assuming you're correct
 about that, which I don't doubt) is really good enough - the much
 higher probabilities against false positivies of the other methods
 are nice, I guess, but aren't there because of cgd, they're what
 happened to exist anyway.

 kre

From: Malte Dehling <mdehling@gmail.com>
To: Taylor R Campbell <riastradh@netbsd.org>
Cc: gnats-bugs@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Sun, 28 Apr 2024 16:07:27 -0700

 --00000000000069a3400617303387
 Content-Type: text/plain; charset="UTF-8"

 Hi Taylor,

 On Sun, Apr 28, 2024 at 08:38:55PM +0000, Taylor R Campbell wrote:
 > Cool, thanks!  We should definitely have a zfs verification method for
 > cgdconfig(8).  But I think we can do it a little more robustly -- and
 > with fewer dependencies outside libc in cgdconfig(8).
 >
 > Here's what I wrote the last time someone suggested this -- identical
 > to the nvlist approach you adapted from fstyp(8) -- but my round tuit
 > supply ran short of taking the approach I suggested of verifying a
 > fixed magic number and a SHA-256 hash over the header:
 >
 > I wonder if we can do this without pulling so much into cgdconfig and
 > doing parsing there, though?
 >
 > A comment in fstyp(8) suggests there's a checksum (which it doesn't
 > verify); maybe we can use that?
 >
 > Would be nice if there were a reference to the data format that we can
 > put in a comment -- which should appear in fstyp(8) too.
 >
 > Would also be nice if we could quantify the false acceptance
 > probability under uniform random data (i.e., wrong password, modelling
 > password hash as uniform random function).  For the current
 > verification methods it looks like:
 >
 > verify_ffs      = 1 - (1 - 4/2^32)^4 < one in 250 * 10^6
 > verify_gpt      < 1 - (1 - 1/2^96)^4 < one in 10^28
 > verify_mbr      = 1/2^16 (much too high for my comfort!)
 >
 > For zfs I would hope it can be much lower than for ffs.
 >
 > I went hunting through the zfs header files and it looks like the vdev
 > label has a magic number and some kind of 256-bit checksum -- not
 > specific to the vdev label (other zpool data structures have the same
 > magic number and checksum), but maybe we can use it:
 >
 > /* vdev_impl.h */
 > typedef struct vdev_phys {
 >         char            vp_nvlist[VDEV_PHYS_SIZE - sizeof (zio_eck_t)];
 >         zio_eck_t       vp_zbt;
 > } vdev_phys_t;
 >
 > typedef struct vdev_label {
 >         char            vl_pad1[VDEV_PAD_SIZE];                 /*  8K */
 >         char            vl_pad2[VDEV_PAD_SIZE];                 /*  8K */
 >         vdev_phys_t     vl_vdev_phys;                           /* 112K */
 >         char            vl_uberblock[VDEV_UBERBLOCK_RING];      /* 128K */
 > } vdev_label_t;                                                 /* 256K total */
 >
 > /* zio.h */
 > #define ZEC_MAGIC       0x210da7ab10c7a11ULL
 >
 > typedef struct zio_eck {
 >         uint64_t        zec_magic;      /* for validation, endianness   */
 >         zio_cksum_t     zec_cksum;      /* 256-bit checksum             */
 > } zio_eck_t;
 >
 > Judging by zio_checksum.c, it looks like it's SHA-256.
 >
 > I grepped for some of the nvlist keys that zfs uses, and found
 > libzfs_import.c, which does a couple things:
 >
 > - Tries not just offset 0, but up to four different offsets with the
 >   label_offset function.
 >
 > - Checks for "state" and "txg" in the nvlist.
 >
 > vdev_label_read_config also tries several different offsets, but only
 > checks for "txg" -- and doesn't even require that.  So the nvlist keys
 > may be a red herring here.
 >
 > But with the checksum, it looks like we could get by with:
 >
 > 1. (optional) for each possible label offset:
 >
 > 2. verify vl->vl_vdev_phys.vp_zbt.zec_magic == ZEC_MAGIC or
 >    byte-swapped, and
 >
 > 3. verify vl->vl_vdev_phys.vp_zbt.zec_cksum is the SHA-256 hash of
 >    whatever part of vl it's computed over.
 >
 > The SHA-256 hash appears to be calculated over vl->vl_vdev_phys, but
 > with vp_zbt.zec_cksum set to
 >
 >    {labeloffset + offsetof(struct vdev_label, vl_vdev_phys), 0, 0, 0},
 >
 > with the 64-bit words possibly encoded in the same byte order as
 > zec_magic.  Except then the bytes of each 64-bit word in the SHA-256
 > output hash are byte-swapped.
 >
 > This seems to check out on the one sample I tried, and it should have
 > a false detection probability under uniform random data well below
 > 1/2^256 which is extremely comfortable.  (Should also have low false
 > detection probability under other formats too because of the checksum
 > even if you store a file with the magic number in it.)

 Thanks for the detailed response!

 I did the same reading to try and find out if there is a simple checksum
 verification function but didn't find anything.  It seems like zpool
 import never actually verifies the checksums or magic bytes in
 vl->vl_vdev_phys->vp_zbt .  There are VDEV_LABELS (4) labels, two at the
 beginning of the disk (offset 0 and 256k) and two at the end (at -512k,
 -256k) and even with all of their vl->vl_vdev_phys->vp_zbt structures
 zeroed out, zpool import shows no complaints.  The checksums are updated
 on export.

 I did a quick test and computed sha256 for vl->vdev_phys and it works as
 you described: the magic bytes need to be set first (byte-swapped on my
 system) and the offset encoded in the first of the 64bit checksum words
 (also byte-swapped).  The computed sha256 checksum is then stored as 4
 64bit words in byte-swapped order.

 Implementing the checksum verification is easy and allows us to get rid
 of the libnvpair dependency, so I don't mind implementing it that way.
 Since I haven't looked into exactly how much checking libnvpair does, I
 don't know what the risk of false positives for the current proposal is.

 Cheers,
 -- 
 Malte Dehling

 --00000000000069a3400617303387
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Disposition: attachment; filename="signature.asc"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: 7279cfb2c4807360_0.1

 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ0FBZEZpRUVva3ZsOUFOMEFo
 T05jQXdlSzhMazZxS3dkMFFGQW1ZdTFxY0FDZ2tRSzhMazZxS3cKZDBUTi9nLy9Va3lYdGZqc2pF
 S0p2OGFRQ3VETHIrWHFYRVNnaEhkZHo2Rk9OdFQxaE9Wbnl0RVkvUWFOWWNMNgpoc2JEdDAvMmND
 S1JpTFFTL1lmVExtdmRkMm43S1E5V3VHbGtGcXBjZXFyZXR3RHJOTXFTN3RNcGI5eXE2VTR3Ck1D
 T1ZEZDlMTmdONllwdjF1cWZ5S3RyTzRXTERRLzJiMUZTN0F4N0VDb2ZLUGphajNVemtUUlJmU3FZ
 TkZxVEIKUzBVbXVsN0pnU25lRnhGZnRJVG9sZUQxUWZYSFRFSGpCTlN4YkVEak00cmpHbXVuMU5n
 QlJqNjRmaS9WZVZxcQpWYURjOCt5Ly9pOFUxcE9EUjZTVjkwMDQyblEreHN3TzB5Q1pwZzlXT3Y5
 QXNST1hKbTJoNTFHNmxIS0tNM25DCnR0K3p0L294UHFQY2hHZTl5dXhra05oZkdWZlJUWFl2aUJZ
 Q1ptVkxvUWl4OExDU2l6UzNMTHpjMm9rcHdLK2cKSFlmd0dqRENRK20wNXhOUEZGNWcvSTdwd0R4
 ZU8xVGdWL0Z3b1IzMHhCZUQzMEkxaVlLcDRPZjFWOWorZGNDSApNQjdwbm45ZmFzbzM4QllmVG1L
 OUNXOEZWWDNxQWJCZFhGNFoxcmlyU2gvME5yV0ViSDBVaGRISldPRFFCSFcxClJJajJvS3ZLRFV5
 N2pqT09oUFF4N3RhSUU0WWxSMVRmS1g4dHhKTXVydnY1TVZvNmpveEZPdmRjaGpYaytnVG4KRlFm
 QUhnZ3poQXZEdS95VmhubTgydzd1amNlRmVHbUxjdm5xcWVzMkxrWVFBbDEzYVhiY0JQWVRZUE1t
 V1B3QwpoQ28zeHJVQlNyU1FUVzdwWVZhcVBnRysybXAycXlxdzk5d1I3WHJ2N1Q3SVBPV1NDUzg9
 Cj1YZ092Ci0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo=
 --00000000000069a3400617303387--

From: Taylor R Campbell <riastradh@NetBSD.org>
To: Robert Elz <kre@munnari.OZ.AU>
Cc: Malte Dehling <mdehling@gmail.com>, gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Mon, 29 Apr 2024 01:54:21 +0000

 > Date: Mon, 29 Apr 2024 05:19:05 +0700
 > From: Robert Elz <kre@munnari.OZ.AU>
 >=20
 >   | Would also be nice if we could quantify the false acceptance probabil=
 ity
 >=20
 > It doesn't really matter, this has nothing whatever to do with the
 > security of the cgd, these validity checks are used merely to allow
 > detection of incorrect passwords (etc) - they (even when they appear
 > to be validating some data struct) have nothing whatever to do with
 > use of any of the data.

 You're right that it's not relevant to the security of cgd's
 confidentiality against an adversary, but it does matter to users.

 Seeing `verification failed, please reenter passphrase' is unalarming.

 Seeing a host of fsck failures at boot time because the block device
 is garbage when decrypted with the wrong key is extremely alarming,
 and suggests you have faulty hardware and may have lost data.

 And if you do anything to write data back to the block device -- e.g.,
 you decide to give up on data recovery and newfs it -- you'll probably
 never get your _new_ data back because you have to make the same typo
 when you next boot.

 > The 1/2^16 probability that the MBR gives (assuming you're correct
 > about that, which I don't doubt)

 For those curious, this came by modelling the plaintext under the
 wrong key as independent uniform random bits, under which the
 verify_mbr criterion of checking for a single 16-bit magic number has
 probability 1/2^16 of passing:

 https://nxr.netbsd.org/xref/src/sbin/cgdconfig/cgdconfig.c?r=3D1.62#1058

    1070 	ret =3D prog_pread(fd, buf, SCANSIZE, 0);
    1071 	if (ret < 0) {
    1072 		warn("can't read mbr area");
    1073 		return -1;
    1074 	}
    1075=20
    1076 	memcpy(&mbr, buf, sizeof(mbr));
    1077 	if (le16toh(mbr.mbr_magic) !=3D MBR_MAGIC)
    1078 		return 1;
    1079=20
    1080 	return 0;

 The verify_ffs criterion is a little more involved, and since I wrote
 the previous message (a couple years ago) it has grown a higher false
 acceptance probability now that it allows FS_UFS2EA_MAGIC or
 FS_UFS2EA_MAGIC_SWAPPED too, so it's 1 - (1 - 6/2^32)^4 or a little
 under one in 178 * 10^6.  This arises from allowing any of six
 different 32-bit magic numbers in any of four different superblock
 locations.

 https://nxr.netbsd.org/xref/src/sbin/cgdconfig/cgdconfig.c?r=3D1.62#1185
 https://nxr.netbsd.org/xref/src/sys/ufs/ffs/fs.h?r=3D1.71#103

 >                                  is really good enough - the much
 > higher probabilities against false positivies of the other methods
 > are nice, I guess, but aren't there because of cgd, they're what
 > happened to exist anyway.

 The independent uniform random bits model is substantively different
 from usual hardware errors, where typically we model each bit as
 having an independent small (not fair coin toss) probability of error,
 or a burst of errors in a nearby region.  And human-designed data
 formats tend not to be totally randomized.  So this really is related
 to cgd and not just to the reliability of the MBR magic number in
 non-randomized applications.

 For a sense of scale, suppose there are 1000 users, and over the
 course of time, each of them types a wrong password 50 times with the
 verify_mbr method.

 In this scenario, there's better than a coin toss's odds in this
 scenario that one of those wrong password entries will be accepted,
 leading to alarming consequences when the resulting disk is full of
 gibberish.

 Maybe that's an optimistic estimate of the number of cgd(4) users, or
 a pessimistic estimate of their typing ability, but it's not _that_
 optimistic or pessimistic.  (I'm sure I've typed my password wrong
 more than 50 times.)

From: Malte Dehling <mdehling@gmail.com>
To: netbsd-bugs@netbsd.org
Cc: Taylor R Campbell <riastradh@netbsd.org>, gnats-bugs@netbsd.org
Subject: Re: Re: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Mon, 29 Apr 2024 18:46:11 -0700

 Hi,

 On Sun, Apr 28, 2024 at 01:13:05PM -0700, Malte Dehling wrote:
 > >Submitter-Id:  net
 > >Originator:    Malte Dehling
 > >Organization:
 > >Confidential:  no
 > >Synopsis:      cgdconfig(8): Add zfs verification method
 > >Severity:      non-critical
 > >Priority:      medium
 > >Category:      bin
 > >Class:         change-request
 > >Release:       NetBSD 10.0, -current
 > >Environment:
 >     NetBSD 10.0 (GENERIC) #4: Wed Apr 24 12:21:26 PDT 2024
 >     mdehling@nb-base-dev:/scratch/obj/sys/arch/amd64/compile/GENERIC amd64
 >
 > >Description:
 > I would like to propose the attached patch to add a zfs verification
 > method to the cgdconfig(8) program.  With such a method, it will be
 > possible to use cgd devices as vdevs in a zpool without an intermediate
 > gpt.

 How about this version instead?

 I _think_ I got the byte order logic right:
 - deduce the byte order from the magic bytes and use it to initialize
   the checksum computation with the same byte order
 - on-disk sha256 is always stored in big-endian order, so convert
   whatever we compute to BE before comparing

 Tested only on LE since I don't have a BE netbsd system handy right now.


 ---
 Implement vdev label checksum verification.  Allows using raw cgd
 devices as vdevs in a zpool.
 ---
  sbin/cgdconfig/Makefile    |  15 +++++
  sbin/cgdconfig/cgdconfig.8 |   2 +
  sbin/cgdconfig/cgdconfig.c | 111 +++++++++++++++++++++++++++++++++++++
  sbin/cgdconfig/params.c    |   9 +++
  sbin/cgdconfig/params.h    |   1 +
  5 files changed, 138 insertions(+)

 diff --git a/sbin/cgdconfig/Makefile b/sbin/cgdconfig/Makefile
 index fec75b4e375..0ed669ab738 100644
 --- a/sbin/cgdconfig/Makefile
 +++ b/sbin/cgdconfig/Makefile
 @@ -29,4 +29,19 @@ ARGON2_NO_THREADS=1
  .include "${NETBSDSRCDIR}/external/apache2/argon2/lib/libargon2/Makefile.inc"
  .endif

 +.if ${MKZFS} != "no"
 +CPPFLAGS+=	-DHAVE_ZFS
 +
 +OSNET=${NETBSDSRCDIR}/external/cddl/osnet
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/include
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/sys
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/head
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/lib/libzpool/common
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common/fs/zfs
 +
 +COPTS.cgdconfig.c+=	-Wno-unknown-pragmas
 +COPTS.cgdconfig.c+=	-Wno-strict-prototypes
 +.endif
 +
  .include <bsd.prog.mk>
 diff --git a/sbin/cgdconfig/cgdconfig.8 b/sbin/cgdconfig/cgdconfig.8
 index 2b0da2cb732..e48ccde02c5 100644
 --- a/sbin/cgdconfig/cgdconfig.8
 +++ b/sbin/cgdconfig/cgdconfig.8
 @@ -270,6 +270,8 @@ scan for a valid Master Boot Record.
  scan for a valid GUID partition table.
  .It ffs
  scan for a valid FFS file system.
 +.It zfs
 +scan for a valid ZFS vdev label (if compiled with MKZFS).
  .It re-enter
  prompt for passphrase twice, and ensure entered passphrases are
  identical.
 diff --git a/sbin/cgdconfig/cgdconfig.c b/sbin/cgdconfig/cgdconfig.c
 index 9a634ef37e2..de4d09013bf 100644
 --- a/sbin/cgdconfig/cgdconfig.c
 +++ b/sbin/cgdconfig/cgdconfig.c
 @@ -73,6 +73,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.61 2022/11/17
 06:40:38 chs Exp $");

  #include <ufs/ffs/fs.h>

 +#ifdef HAVE_ZFS
 +#include <sys/vdev_impl.h>
 +#include <sha2.h>
 +#endif
 +
  #include "params.h"
  #include "pkcs5_pbkdf2.h"
  #include "utils.h"
 @@ -170,6 +175,9 @@ static int	 verify_ffs(int);
  static int	 verify_reenter(struct params *);
  static int	 verify_mbr(int);
  static int	 verify_gpt(int);
 +#ifdef HAVE_ZFS
 +static int	 verify_zfs(int);
 +#endif

  __dead static void	 usage(void);

 @@ -1024,6 +1032,10 @@ verify(struct params *p, int fd)
  		return verify_mbr(fd);
  	case VERIFY_GPT:
  		return verify_gpt(fd);
 +#ifdef HAVE_ZFS
 +	case VERIFY_ZFS:
 +		return verify_zfs(fd);
 +#endif
  	default:
  		warnx("unimplemented verification method");
  		return -1;
 @@ -1182,6 +1194,105 @@ verify_gpt(int fd)
  	return ret;
  }

 +#ifdef HAVE_ZFS
 +
 +#define ZIO_CHECKSUM_BE(zcp)					\
 +{								\
 +	(zcp)->zc_word[0] = BE_64((zcp)->zc_word[0]);		\
 +	(zcp)->zc_word[1] = BE_64((zcp)->zc_word[1]);		\
 +	(zcp)->zc_word[2] = BE_64((zcp)->zc_word[2]);		\
 +	(zcp)->zc_word[3] = BE_64((zcp)->zc_word[3]);		\
 +}
 +
 +static int
 +verify_zfs(int fd)
 +{
 +	struct stat sb;
 +	vdev_phys_t *vdev_phys;
 +	off_t vdev_phys_off;
 +	ssize_t ret;
 +	bool byteswap;
 +	zio_cksum_t cksum_found, cksum_real;
 +	SHA256_CTX ctx;
 +
 +	if (fstat(fd, &sb)) {
 +		warn("fstat");
 +		return 1;
 +	} else if (sb.st_size == 0) {
 +		warnx("fstat returned size zero");
 +		return 1;
 +	}
 +
 +	vdev_phys = emalloc(sizeof *vdev_phys);
 +	for (int l = 0; l < VDEV_LABELS; l++) {
 +		vdev_phys_off = ( l < VDEV_LABELS/2 ?
 +		    l * sizeof(vdev_label_t) :
 +		    sb.st_size - (VDEV_LABELS-l) * sizeof(vdev_label_t) ) \
 +		    + offsetof(vdev_label_t, vl_vdev_phys);
 +
 +		ret = prog_pread(fd, vdev_phys, sizeof *vdev_phys,
 +		    vdev_phys_off);
 +		if (ret < 0) {
 +			warn("pread");
 +			ret = 1;
 +			break;
 +		} else if ((size_t)ret < sizeof *vdev_phys) {
 +			warnx("pread: incomplete block");
 +			ret = 1;
 +			break;
 +		}
 +
 +		ret = 0;
 +
 +		if (vdev_phys->vp_zbt.zec_magic == BSWAP_64(ZEC_MAGIC))
 +			byteswap = true;
 +		else if (vdev_phys->vp_zbt.zec_magic == ZEC_MAGIC)
 +			byteswap = false;
 +		else {
 +			ret = 1;
 +			break;
 +		};
 +
 +		cksum_found = vdev_phys->vp_zbt.zec_cksum;
 +
 +		ZIO_SET_CHECKSUM(&vdev_phys->vp_zbt.zec_cksum,
 +		    vdev_phys_off, 0, 0, 0);
 +		if (byteswap)
 +			ZIO_CHECKSUM_BSWAP(&vdev_phys->vp_zbt.zec_cksum);
 +
 +		SHA256Init(&ctx);
 +		SHA256Update(&ctx, (uint8_t *)vdev_phys, sizeof *vdev_phys);
 +		SHA256Final(&cksum_real, &ctx);
 +
 +		/*
 +		 * For historical reasons the on-disk sha256 checksums are
 +		 * always in big endian format.
 +		 * (see cddl/osnet/dist/uts/common/fs/zfs/sha256.c)
 +		 */
 +		ZIO_CHECKSUM_BE(&cksum_real);
 +
 +		if (!ZIO_CHECKSUM_EQUAL(cksum_found, cksum_real)) {
 +			warnx("checksum mismatch on vdev label %d", l);
 +			warnx("found %lx, %lx, %lx, %lx",
 +			    (unsigned long)cksum_found.zc_word[0],
 +			    (unsigned long)cksum_found.zc_word[1],
 +			    (unsigned long)cksum_found.zc_word[2],
 +			    (unsigned long)cksum_found.zc_word[3]);
 +			warnx("expected %lx, %lx, %lx, %lx",
 +			    (unsigned long)cksum_real.zc_word[0],
 +			    (unsigned long)cksum_real.zc_word[1],
 +			    (unsigned long)cksum_real.zc_word[2],
 +			    (unsigned long)cksum_real.zc_word[3]);
 +			ret = 1;
 +			break;
 +		}
 +	}
 +	free(vdev_phys);
 +	return ret;
 +}
 +
 +#endif
 +
  static off_t sblock_try[] = SBLOCKSEARCH;

  static int
 diff --git a/sbin/cgdconfig/params.c b/sbin/cgdconfig/params.c
 index 91af02c21cc..5da25ec0595 100644
 --- a/sbin/cgdconfig/params.c
 +++ b/sbin/cgdconfig/params.c
 @@ -287,6 +287,10 @@ params_verify_method(string_t *in)
  		p->verify_method = VERIFY_MBR;
  	if (!strcmp("gpt", vm))
  		p->verify_method = VERIFY_GPT;
 +#ifdef HAVE_ZFS
 +	if (!strcmp("zfs", vm))
 +		p->verify_method = VERIFY_ZFS;
 +#endif

  	string_free(in);

 @@ -1065,6 +1069,11 @@ params_fput(struct params *p, FILE *f)
  	case VERIFY_GPT:
  		print_kvpair_cstr(f, ts, "verify_method", "gpt");
  		break;
 +#ifdef HAVE_ZFS
 +	case VERIFY_ZFS:
 +		print_kvpair_cstr(f, ts, "verify_method", "zfs");
 +		break;
 +#endif
  	default:
  		warnx("unsupported verify_method (%d)", p->verify_method);
  		return -1;
 diff --git a/sbin/cgdconfig/params.h b/sbin/cgdconfig/params.h
 index fb79a0deb80..ef49dde6aba 100644
 --- a/sbin/cgdconfig/params.h
 +++ b/sbin/cgdconfig/params.h
 @@ -81,6 +81,7 @@ struct params {
  #define VERIFY_REENTER		0x4
  #define VERIFY_MBR      	0x5
  #define VERIFY_GPT      	0x6
 +#define VERIFY_ZFS      	0x7

  /* shared key derivation methods */

 -- 
 2.44.0


 Cheers,
 -- 
 Malte Dehling

From: Malte Dehling <mdehling@gmail.com>
To: netbsd-bugs@netbsd.org
Cc: Taylor R Campbell <riastradh@netbsd.org>, gnats-bugs@netbsd.org
Subject: Re: Re: Re: Re: bin/58212: cgdconfig(8): Add zfs verification method
Date: Sat, 4 May 2024 18:42:57 -0400

 Hi again,

 On Mon, Apr 29, 2024 at 02:59:05PM -0700, Malte Dehling wrote:
 > On Sun, Apr 28, 2024 at 01:13:05PM -0700, Malte Dehling wrote:
 > > >Submitter-Id:  net
 > > >Originator:    Malte Dehling
 > > >Organization:
 > > >Confidential:  no
 > > >Synopsis:      cgdconfig(8): Add zfs verification method
 > > >Severity:      non-critical
 > > >Priority:      medium
 > > >Category:      bin
 > > >Class:         change-request
 > > >Release:       NetBSD 10.0, -current
 > > >Environment:
 > >     NetBSD 10.0 (GENERIC) #4: Wed Apr 24 12:21:26 PDT 2024
 > >     mdehling@nb-base-dev:/scratch/obj/sys/arch/amd64/compile/GENERIC amd64
 > >
 > > >Description:
 > > I would like to propose the attached patch to add a zfs verification
 > > method to the cgdconfig(8) program.  With such a method, it will be
 > > possible to use cgd devices as vdevs in a zpool without an intermediate
 > > gpt.
 >
 > How about this version instead?
 >
 > I _think_ I got the byte order logic right:
 > - deduce the byte order from the magic bytes and use it to initialize
 >   the checksum computation with the same byte order
 > - on-disk sha256 is always stored in big-endian order, so convert
 >   whatever we compute to BE before comparing
 >
 > Tested only on LE since I don't have a BE netbsd system handy right now.

 Here's an updated version of the patch.

 I fixed two issues:
 - my attempt to read the vdev size using fstat didn't work, so instead
   this uses ioctl(fd, DIOCGMEDIASIZE, &vdev_size)
 - the checksum is now correctly byte-swapped based on the endianness of
   the magic number

 I've tested this version on amd64 (LE) and aarch64be (BE) separately,
 and by passing zpool on cgd disk images between them.

 ---
 Implement vdev label checksum verification.  Allows using raw cgd
 devices as vdevs in a zpool.
 ---
  sbin/cgdconfig/Makefile    |  15 +++++
  sbin/cgdconfig/cgdconfig.8 |   2 +
  sbin/cgdconfig/cgdconfig.c | 109 +++++++++++++++++++++++++++++++++++++
  sbin/cgdconfig/params.c    |   9 +++
  sbin/cgdconfig/params.h    |   1 +
  5 files changed, 136 insertions(+)

 diff --git a/sbin/cgdconfig/Makefile b/sbin/cgdconfig/Makefile
 index fec75b4e375..0ed669ab738 100644
 --- a/sbin/cgdconfig/Makefile
 +++ b/sbin/cgdconfig/Makefile
 @@ -29,4 +29,19 @@ ARGON2_NO_THREADS=1
  .include "${NETBSDSRCDIR}/external/apache2/argon2/lib/libargon2/Makefile.inc"
  .endif

 +.if ${MKZFS} != "no"
 +CPPFLAGS+=	-DHAVE_ZFS
 +
 +OSNET=${NETBSDSRCDIR}/external/cddl/osnet
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/include
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/sys
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/head
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/lib/libzpool/common
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common
 +CPPFLAGS.cgdconfig.c+=	-I${OSNET}/dist/uts/common/fs/zfs
 +
 +COPTS.cgdconfig.c+=	-Wno-unknown-pragmas
 +COPTS.cgdconfig.c+=	-Wno-strict-prototypes
 +.endif
 +
  .include <bsd.prog.mk>
 diff --git a/sbin/cgdconfig/cgdconfig.8 b/sbin/cgdconfig/cgdconfig.8
 index 2b0da2cb732..e48ccde02c5 100644
 --- a/sbin/cgdconfig/cgdconfig.8
 +++ b/sbin/cgdconfig/cgdconfig.8
 @@ -270,6 +270,8 @@ scan for a valid Master Boot Record.
  scan for a valid GUID partition table.
  .It ffs
  scan for a valid FFS file system.
 +.It zfs
 +scan for a valid ZFS vdev label (if compiled with MKZFS).
  .It re-enter
  prompt for passphrase twice, and ensure entered passphrases are
  identical.
 diff --git a/sbin/cgdconfig/cgdconfig.c b/sbin/cgdconfig/cgdconfig.c
 index 9a634ef37e2..fe2c394b821 100644
 --- a/sbin/cgdconfig/cgdconfig.c
 +++ b/sbin/cgdconfig/cgdconfig.c
 @@ -73,6 +73,11 @@ __RCSID("$NetBSD: cgdconfig.c,v 1.61 2022/11/17
 06:40:38 chs Exp $");

  #include <ufs/ffs/fs.h>

 +#ifdef HAVE_ZFS
 +#include <sys/vdev_impl.h>
 +#include <sha2.h>
 +#endif
 +
  #include "params.h"
  #include "pkcs5_pbkdf2.h"
  #include "utils.h"
 @@ -170,6 +175,9 @@ static int	 verify_ffs(int);
  static int	 verify_reenter(struct params *);
  static int	 verify_mbr(int);
  static int	 verify_gpt(int);
 +#ifdef HAVE_ZFS
 +static int	 verify_zfs(int);
 +#endif

  __dead static void	 usage(void);

 @@ -1024,6 +1032,10 @@ verify(struct params *p, int fd)
  		return verify_mbr(fd);
  	case VERIFY_GPT:
  		return verify_gpt(fd);
 +#ifdef HAVE_ZFS
 +	case VERIFY_ZFS:
 +		return verify_zfs(fd);
 +#endif
  	default:
  		warnx("unimplemented verification method");
  		return -1;
 @@ -1182,6 +1194,103 @@ verify_gpt(int fd)
  	return ret;
  }

 +#ifdef HAVE_ZFS
 +
 +#define ZIO_CHECKSUM_BE(zcp)					\
 +{								\
 +	(zcp)->zc_word[0] = BE_64((zcp)->zc_word[0]);		\
 +	(zcp)->zc_word[1] = BE_64((zcp)->zc_word[1]);		\
 +	(zcp)->zc_word[2] = BE_64((zcp)->zc_word[2]);		\
 +	(zcp)->zc_word[3] = BE_64((zcp)->zc_word[3]);		\
 +}
 +
 +static int
 +verify_zfs(int fd)
 +{
 +	vdev_phys_t *vdev_phys;
 +	off_t vdev_size, vdev_phys_off;
 +	ssize_t ret;
 +	bool byteswap;
 +	zio_cksum_t cksum_found, cksum_real;
 +	SHA256_CTX ctx;
 +
 +	if (prog_ioctl(fd, DIOCGMEDIASIZE, &vdev_size) == -1) {
 +		warn("ioctl");
 +		return 1;
 +	}
 +
 +	vdev_phys = emalloc(sizeof *vdev_phys);
 +	for (int l = 0; l < VDEV_LABELS; l++) {
 +		vdev_phys_off = ( l < VDEV_LABELS/2 ?
 +		    l * sizeof(vdev_label_t) :
 +		    vdev_size - (VDEV_LABELS-l) * sizeof(vdev_label_t) ) \
 +		    + offsetof(vdev_label_t, vl_vdev_phys);
 +
 +		ret = prog_pread(fd, vdev_phys, sizeof *vdev_phys,
 +		    vdev_phys_off);
 +		if (ret < 0) {
 +			warn("pread");
 +			ret = 1;
 +			break;
 +		} else if ((size_t)ret < sizeof *vdev_phys) {
 +			warnx("pread: incomplete block");
 +			ret = 1;
 +			break;
 +		}
 +
 +		ret = 0;
 +
 +		if (vdev_phys->vp_zbt.zec_magic == BSWAP_64(ZEC_MAGIC))
 +			byteswap = true;
 +		else if (vdev_phys->vp_zbt.zec_magic == ZEC_MAGIC)
 +			byteswap = false;
 +		else {
 +			ret = 1;
 +			break;
 +		};
 +
 +		cksum_found = vdev_phys->vp_zbt.zec_cksum;
 +		if (byteswap)
 +			ZIO_CHECKSUM_BSWAP(&cksum_found);
 +
 +		ZIO_SET_CHECKSUM(&vdev_phys->vp_zbt.zec_cksum,
 +		    vdev_phys_off, 0, 0, 0);
 +		if (byteswap)
 +			ZIO_CHECKSUM_BSWAP(&vdev_phys->vp_zbt.zec_cksum);
 +
 +		SHA256Init(&ctx);
 +		SHA256Update(&ctx, (uint8_t *)vdev_phys, sizeof *vdev_phys);
 +		SHA256Final(&cksum_real, &ctx);
 +
 +		/*
 +		 * For historical reasons the on-disk sha256 checksums are
 +		 * always in big endian format.
 +		 * (see cddl/osnet/dist/uts/common/fs/zfs/sha256.c)
 +		 */
 +		ZIO_CHECKSUM_BE(&cksum_real);
 +
 +		if (!ZIO_CHECKSUM_EQUAL(cksum_found, cksum_real)) {
 +			warnx("checksum mismatch on vdev label %d", l);
 +			warnx("found %lx, %lx, %lx, %lx",
 +			    (unsigned long)cksum_found.zc_word[0],
 +			    (unsigned long)cksum_found.zc_word[1],
 +			    (unsigned long)cksum_found.zc_word[2],
 +			    (unsigned long)cksum_found.zc_word[3]);
 +			warnx("expected %lx, %lx, %lx, %lx",
 +			    (unsigned long)cksum_real.zc_word[0],
 +			    (unsigned long)cksum_real.zc_word[1],
 +			    (unsigned long)cksum_real.zc_word[2],
 +			    (unsigned long)cksum_real.zc_word[3]);
 +			ret = 1;
 +			break;
 +		}
 +	}
 +	free(vdev_phys);
 +	return ret;
 +}
 +
 +#endif
 +
  static off_t sblock_try[] = SBLOCKSEARCH;

  static int
 diff --git a/sbin/cgdconfig/params.c b/sbin/cgdconfig/params.c
 index 91af02c21cc..5da25ec0595 100644
 --- a/sbin/cgdconfig/params.c
 +++ b/sbin/cgdconfig/params.c
 @@ -287,6 +287,10 @@ params_verify_method(string_t *in)
  		p->verify_method = VERIFY_MBR;
  	if (!strcmp("gpt", vm))
  		p->verify_method = VERIFY_GPT;
 +#ifdef HAVE_ZFS
 +	if (!strcmp("zfs", vm))
 +		p->verify_method = VERIFY_ZFS;
 +#endif

  	string_free(in);

 @@ -1065,6 +1069,11 @@ params_fput(struct params *p, FILE *f)
  	case VERIFY_GPT:
  		print_kvpair_cstr(f, ts, "verify_method", "gpt");
  		break;
 +#ifdef HAVE_ZFS
 +	case VERIFY_ZFS:
 +		print_kvpair_cstr(f, ts, "verify_method", "zfs");
 +		break;
 +#endif
  	default:
  		warnx("unsupported verify_method (%d)", p->verify_method);
  		return -1;
 diff --git a/sbin/cgdconfig/params.h b/sbin/cgdconfig/params.h
 index fb79a0deb80..ef49dde6aba 100644
 --- a/sbin/cgdconfig/params.h
 +++ b/sbin/cgdconfig/params.h
 @@ -81,6 +81,7 @@ struct params {
  #define VERIFY_REENTER		0x4
  #define VERIFY_MBR      	0x5
  #define VERIFY_GPT      	0x6
 +#define VERIFY_ZFS      	0x7

  /* shared key derivation methods */

 -- 
 2.44.0

 -- 
 Malte Dehling

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58212 CVS commit: src/sbin/cgdconfig
Date: Sun, 12 May 2024 14:02:16 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Sun May 12 18:02:16 UTC 2024

 Modified Files:
 	src/sbin/cgdconfig: Makefile cgdconfig.8 cgdconfig.c params.c params.h

 Log Message:
 PR/58212: Malte Dehling: Add zfs verification method


 To generate a diff of this commit:
 cvs rdiff -u -r1.22 -r1.23 src/sbin/cgdconfig/Makefile
 cvs rdiff -u -r1.57 -r1.58 src/sbin/cgdconfig/cgdconfig.8
 cvs rdiff -u -r1.62 -r1.63 src/sbin/cgdconfig/cgdconfig.c
 cvs rdiff -u -r1.34 -r1.35 src/sbin/cgdconfig/params.c
 cvs rdiff -u -r1.14 -r1.15 src/sbin/cgdconfig/params.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->needs-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Tue, 23 Jul 2024 21:53:03 +0000
State-Changed-Why:
Thanks for the patch!  Committed to HEAD, needs pullup-10 and pullup-9.

(We should also put the false accept probabilities in the man page.)


From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58212 CVS commit: src/sbin/cgdconfig
Date: Wed, 9 Oct 2024 19:44:17 +0000

 Module Name:	src
 Committed By:	riastradh
 Date:		Wed Oct  9 19:44:17 UTC 2024

 Modified Files:
 	src/sbin/cgdconfig: cgdconfig.8

 Log Message:
 cgdconfig(8): Estimate verify methods' false accept probabilities.

 An addendum following discussion around:

 PR bin/58212: cgdconfig(8): Add zfs verification method


 To generate a diff of this commit:
 cvs rdiff -u -r1.58 -r1.59 src/sbin/cgdconfig/cgdconfig.8

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 10 Oct 2024 21:52:03 +0000
State-Changed-Why:
pullup-10 #941 https://releng.netbsd.org/cgi-bin/req-10.cgi?show=941
(not going to pull this up to 9)


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/58212 CVS commit: [netbsd-10] src/sbin/cgdconfig
Date: Fri, 11 Oct 2024 08:54:39 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Fri Oct 11 08:54:39 UTC 2024

 Modified Files:
 	src/sbin/cgdconfig [netbsd-10]: Makefile cgdconfig.8 cgdconfig.c
 	    params.c params.h

 Log Message:
 Pull up following revision(s) (requested by riastradh in ticket #941):

 	sbin/cgdconfig/params.c: revision 1.35
 	sbin/cgdconfig/params.h: revision 1.15
 	sbin/cgdconfig/cgdconfig.c: revision 1.62
 	sbin/cgdconfig/cgdconfig.c: revision 1.63
 	sbin/cgdconfig/cgdconfig.8: revision 1.58
 	sbin/cgdconfig/cgdconfig.8: revision 1.59
 	sbin/cgdconfig/Makefile: revision 1.23

 cgdconfig(8): KNF in cgdconfig.c.
 No functional change intended.

 PR/58212: Malte Dehling: Add zfs verification method

 cgdconfig(8): Estimate verify methods' false accept probabilities.
 An addendum following discussion around:
 PR bin/58212: cgdconfig(8): Add zfs verification method


 To generate a diff of this commit:
 cvs rdiff -u -r1.22 -r1.22.2.1 src/sbin/cgdconfig/Makefile
 cvs rdiff -u -r1.57 -r1.57.2.1 src/sbin/cgdconfig/cgdconfig.8
 cvs rdiff -u -r1.61 -r1.61.2.1 src/sbin/cgdconfig/cgdconfig.c
 cvs rdiff -u -r1.34 -r1.34.2.1 src/sbin/cgdconfig/params.c
 cvs rdiff -u -r1.14 -r1.14.2.1 src/sbin/cgdconfig/params.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sat, 12 Oct 2024 17:05:18 +0000
State-Changed-Why:
fixed in HEAD, pulled up to 10, not gonna happen <10


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.