From owner-svn-src-all@freebsd.org Wed Jun 1 03:36:32 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B753DB5809E; Wed, 1 Jun 2016 03:36:32 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 79AC119DB; Wed, 1 Jun 2016 03:36:32 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u513aVs8040956; Wed, 1 Jun 2016 03:36:31 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u513aV7s040954; Wed, 1 Jun 2016 03:36:31 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201606010336.u513aV7s040954@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Wed, 1 Jun 2016 03:36:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r301096 - in head/cddl/contrib/opensolaris/cmd: zfs zpool X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jun 2016 03:36:32 -0000 Author: allanjude Date: Wed Jun 1 03:36:31 2016 New Revision: 301096 URL: https://svnweb.freebsd.org/changeset/base/301096 Log: Update zfs(8) and zpool-features(7) man pages with new hashing algorithms Sponsored by: ScaleEngine Inc. Modified: head/cddl/contrib/opensolaris/cmd/zfs/zfs.8 head/cddl/contrib/opensolaris/cmd/zpool/zpool-features.7 Modified: head/cddl/contrib/opensolaris/cmd/zfs/zfs.8 ============================================================================== --- head/cddl/contrib/opensolaris/cmd/zfs/zfs.8 Wed Jun 1 03:27:33 2016 (r301095) +++ head/cddl/contrib/opensolaris/cmd/zfs/zfs.8 Wed Jun 1 03:36:31 2016 (r301096) @@ -31,7 +31,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 24, 2015 +.Dd May 31, 2016 .Dt ZFS 8 .Os .Sh NAME @@ -940,7 +940,7 @@ command or unmounted by the command. .Pp This property is not inherited. -.It Sy checksum Ns = Ns Cm on | off | fletcher2 | fletcher4 | sha256 | noparity +.It Sy checksum Ns = Ns Cm on | off | fletcher2 | fletcher4 | sha256 | noparity | sha512 | skein Controls the checksum used to verify data integrity. The default value is .Cm on , which automatically selects an appropriate algorithm (currently, @@ -957,6 +957,16 @@ not be used by any other dataset. Disabling checksums is .Em NOT a recommended practice. +The +.Sy sha512 , +and +.Sy skein +checksum algorithms require enabling the appropriate features on the pool. +Please see +.Xr zpool-features 7 +for more information on these algorithms. +.Pp +Changing this property affects only newly-written data. .It Sy compression Ns = Ns Cm on | off | lzjb | gzip | gzip- Ns Ar N | Cm zle | Cm lz4 Controls the compression algorithm used for this dataset. Setting compression to @@ -1036,7 +1046,7 @@ Changing this property only affects newl property at file system creation time by using the .Fl o Cm copies= Ns Ar N option. -.It Sy dedup Ns = Ns Cm on | off | verify | sha256 Ns Op Cm ,verify +.It Sy dedup Ns = Ns Cm on | off | verify | sha256 Ns Oo Cm ,verify Oc | Sy sha512 Ns Oo Cm ,verify Oc | Sy skein Ns Oo Cm ,verify Oc Configures deduplication for a dataset. The default value is .Cm off . The default deduplication checksum is Modified: head/cddl/contrib/opensolaris/cmd/zpool/zpool-features.7 ============================================================================== --- head/cddl/contrib/opensolaris/cmd/zpool/zpool-features.7 Wed Jun 1 03:27:33 2016 (r301095) +++ head/cddl/contrib/opensolaris/cmd/zpool/zpool-features.7 Wed Jun 1 03:36:31 2016 (r301096) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 10, 2014 +.Dd May 31, 2016 .Dt ZPOOL-FEATURES 7 .Os .Sh NAME @@ -454,6 +454,97 @@ Please note that booting from datasets t supported by the .Fx boot loader. +.It Sy sha512 +.Bl -column "READ\-ONLY COMPATIBLE" "org.illumos:sha512" +.It GUID Ta org.illumos:sha512 +.It READ\-ONLY COMPATIBLE Ta no +.It DEPENDENCIES Ta none +.El +.Pp +The +.Sy sha512 +feature enables the use of the SHA-512/256 truncated hash algorithm +.Pq FIPS 180-4 +for checksum and dedup. +The native 64-bit arithmetic of SHA-512 provides an approximate 50% +performance boost over SHA-256 on 64-bit hardware and is thus a good +minimum-change replacement candidate for systems where hash performance is +important, but these systems cannot for whatever reason utilize the faster +.Sy skein +algorithms. +.Pp +When the +.Sy sha512 +feature is set to +.Sy enabled , +the administrator can turn on the +.Sysha512 +checksum on any dataset using the +.Dl # zfs set checksum=sha512 Ar dataset +command. +This feature becomes +.Sy active +once a +.Sy checksum +property has been set to +.Sy sha512 , +and will return to being +.Sy enabled +once all filesystems that have ever had their checksum set to +.Sy sha512 +are destroyed. +.Pp +Booting off of a pools utilizing SHA-512/256 is +.Em NOT +yet supported. +.It Sy skein +.Bl -column "READ\-ONLY COMPATIBLE" "org.illumos:skein" +.It GUID Ta org.illumos:skein +.It READ\-ONLY COMPATIBLE Ta no +.It DEPENDENCIES Ta none +.El +.Pp +The +.Sy skein +feature enables the use of the Skein hash algorithm for checksum and dedup. +Skein is a high-performance secure hash algorithm that was a finalist in the +NIST SHA-3 competition. +It provides a very high security margin and high performance on 64-bit hardware +.Pq 80% faster than SHA-256 . +This implementation also utilizes the new salted checksumming functionality in +ZFS, which means that the checksum is pre-seeded with a secret 256-bit random +key +.Pq stored on the pool +before being fed the data block to be checksummed. +Thus the produced checksums are unique to a given pool, preventing hash +collision attacks on systems with dedup. +.Pp +When the +.Sy skein +feature is set to +.Sy enabled , +the administrator can turn on the +.Sy skein +checksum on any dataset using the +.Dl # zfs set checksum=skein Ar dataset +command. +This feature becomes +.Sy active +once a +.Sy checksum +property has been set to +.Sy skein , +and will return to being +.Sy enabled +once all filesystems that have ever had their checksum set to +.Sy skein +are destroyed. +.Pp +Booting off of pools using +.Sy skein +is +.Em NOT +supported. .El .Sh SEE ALSO .Xr zpool 8