squid: rgw: implement S3 additional checksum support by adamemerson · Pull Request #62312 · ceph/ceph

adamemerson · 2025-03-14T22:12:45Z

Adds new Blake3 digest format (native), a concrete type to
represent digests, and static_visitor machinery to unify varying
checksum computations.

This framework, together with new trailing checksum header support,
is used to implement S3 additional checksum verification. Parts of
the AWS content checksum API work build on a prior contribution from
imtzw [email protected].
Thank you!

Fixes: https://tracker.ceph.com/issues/42080
Fixes: https://tracker.ceph.com/issues/63951

squashed commits:

rgw_cksum: add trival test vectors for sha-format digests
Computed digests match those produced by sha1sum, sha256sum,
and sha512sum utilities.
rgw_cksum: add test vectors for blake3
Tests the same input strings with digests validated by
b3sum (https://crates.io/crates/b3sum).
rgw_ckum: switch to accel crc32c
The internal Ceph convention appears to be to omit a final
xor where ceph_crc32c is used, but it's required for compatibility
with AWS implementations.
rgw_cksum: add XXH3 digest
rgw_cksum: write class encoder for rgw::digest::Cksum
rgw_cksum: also reverse crc32c (REBASEME)
Mark noticed that the crc32c output was being tested against a
byteswapped value (crc32c also needs byteswap on LE).
rgw_cksum: add digest::Cksum serde tests
rgw_cksum: fix main(...) linkage
(so we run our main unit and not the one in gmock
rgw_cksum: convenience extensions for integration with RGW/S3
introduce rgw_cksum unique_ptr factory
rgw_cksum: mark string transform accessors const
rgw_cksum: fixup unittest_rgw_chksum compilation--all existing tests pass
rgw_cksum: hook up put-object checksum workflow
tweaks to report on content checksum mismatch
rgw_cksum: match SDK as well as general checksum header
make it more efficient
initialize RGWPutObj_Cksum::digest
rgw_cksum: write parse_cksum_type w/const char* arg
initialize _type correctly; doing armored wrong
fix expected checksum header name, clean up verify
fix output on checksum verify fail, cleanup
introduce Cksum::to_armor(); all AWS cases pass
oops, extra 0-byte at end of to_armor() result

Fixes: https://tracker.ceph.com/issues/66837

Contribution Guidelines

To sign and title your commits, please refer to Submitting Patches to Ceph.
If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.
When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

Tracker (select at least one)
- References tracker ticket
- Very recent bug; references commit where it was introduced
- New feature (ticket optional)
- Doc update (no ticket needed)
- Code cleanup (no ticket needed)
Component impact
- Affects Dashboard, opened tracker ticket
- Affects Orchestrator, opened tracker ticket
- No impact that needs to be tracked
Documentation (select at least one)
- Updates relevant documentation
- No doc update is appropriate
Tests (select at least one)
- Includes unit test(s)
- Includes integration test(s)
- Includes bug reproducer
- No tests

Show available Jenkins commands

jenkins test classic perf Jenkins Job | Jenkins Job Definition
jenkins test crimson perf Jenkins Job | Jenkins Job Definition
jenkins test signed Jenkins Job | Jenkins Job Definition
jenkins test make check Jenkins Job | Jenkins Job Definition
jenkins test make check arm64 Jenkins Job | Jenkins Job Definition
jenkins test submodules Jenkins Job | Jenkins Job Definition
jenkins test dashboard Jenkins Job | Jenkins Job Definition
jenkins test dashboard cephadm Jenkins Job | Jenkins Job Definition
jenkins test api Jenkins Job | Jenkins Job Definition
jenkins test docs ReadTheDocs | Github Workflow Definition
jenkins test ceph-volume all Jenkins Jobs | Jenkins Jobs Definition
jenkins test windows Jenkins Job | Jenkins Job Definition
jenkins test rook e2e Jenkins Job | Jenkins Job Definition

adamemerson · 2025-03-14T22:16:57Z

Need to backport dependencies…

.gitmodules

cbodley

per @mattbenjamin, we shouldn't merge to squid without followup changes in #61878

Support uses conditionally compiled implementations from spdk and ISA-L. Validated against SPDK test vectors and one example generated and passed via awscliv2 (AWS SDK) version 2.24.5. Restored the ability of unittest_rgw_cksum to create a binary input file for external checksum testing, but only when requested via cmdline option. Fixes: https://tracker.ceph.com/issues/70040 Signed-off-by: Matt Benjamin <[email protected]>

These constructions provide conforming implemenations of Amazon S3 CRC32 (ISO hdlc), CRC32C (iscsi), and CRC64/NVME checksums, in particular, linear combining of adjacent checksums, by Mark Adler. Source: https://github.com/madler/crcany License: approximate BSD with "optional" advertising clause Signed-off-by: Matt Benjamin <[email protected]>

* internally compensate for at-rest byteswapped crc64 representation (e.g., before combine step) * generalize Cksum crc api for 32bit and 64bit crcs, other cleanup * prototype abstract cksum::Combiner workflow * add support for forward and backward handling of composite vs full object checksums by marking the composites and the update flag day * clean up checksum formatting and checksum type reporting * add unit tests for Combiner interface * validate and track requested checksum type (i.e., composite or full), plus unit test fixture for combinations of full matrix of cksum types * doh. GET/HEAD checksums are in headers * add crcany license to COPYING * return ChecksumType as header in GET/HEAD Found by Casey in review * avoid fmt of char* null when no checksum header supplied A cksum_hdr_t(nullptr, nullptr) results in this case, and is intended, but its components obviously can't be presented to std::format unless cast to a safe pointer type. * fail checksum mismatch with BadDigest When uploading an S3 object with an invalid checksum, the return code should be BadDigest to mirror more closely the AWS S3 implementation. See: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html Fixes: https://tracker.ceph.com/issues/70614 Reported by Alex Wojno <[email protected]> * fix comparison and display of composite checksums A string comparision bounds error and a bitmask comparison error are fixed. * fix build on centos9 On gcc(?13?) we can't declare rgw::cksum::FLAG_NONE and also rgw::cksum::Cksum::FlAG_NONE. SAD!! * include <variant> invariantly * fix checksum type return from complete-multipart This one is in the XML response * aieee, don't leak Combiners Use unique_ptr to polymorphic type...correctly. Signed-off-by: Matt Benjamin <[email protected]> Signed-off-by: matt benjamin <[email protected]>

mattbenjamin · 2025-07-18T13:50:24Z

with today's update (also pullup), this backport contains the complete S3 additional checksum feature

adamemerson · 2025-07-18T13:55:48Z

@anrao19 Could you please pull this into a run on squid when you do one?

cbodley · 2025-07-18T14:18:38Z

@anrao19 Could you please pull this into a run on squid when you do one?

@adamemerson this needs to be validated against the appropriate checksum s3-tests. someone will need to do that manually

adamemerson · 2025-07-18T14:31:35Z

@anrao19 Could you please pull this into a run on squid when you do one?

@adamemerson this needs to be validated against the appropriate checksum s3-tests. someone will need to do that manually

@mattbenjamin Can you backport the Checksum tests to a branch based on squid s3tests? I can run the tests against that.

mattbenjamin · 2025-08-28T15:00:45Z

@adamemerson I've created ceph/s3-tests#685

cbodley · 2025-09-09T16:32:42Z

@adamemerson I've created ceph/s3-tests#685

@adamemerson did qa include these test cases?

adamemerson · 2025-09-09T16:41:20Z

@adamemerson I've created ceph/s3-tests#685

@adamemerson did qa include these test cases?

No. I'll run an RGW suite against it with the s3tests branch specified.

cbodley · 2025-09-09T16:42:13Z

No. I'll run an RGW suite against it with the s3tests branch specified.

thanks. and sorry, i know it's a huge pain :(

adamemerson · 2025-09-09T16:42:35Z

@mattbenjamin Do you have a branch of backported s3-tests? I think I remember you mentioning making one, but I don't recall the name.

adamemerson · 2025-09-09T16:44:04Z

@mattbenjamin Do you have a branch of backported s3-tests? I think I remember you mentioning making one, but I don't recall the name.

Never mind, I see it there. Sorry

adamemerson · 2025-09-11T01:12:22Z

https://pulpito.ceph.com/aemerson-2025-09-11_01:04:29-rgw-wip-63951-squid-s3tests-branch-distro-default-smithi/

adamemerson · 2025-09-13T17:59:02Z

https://pulpito.ceph.com/aemerson-2025-09-11_01:04:29-rgw-wip-63951-squid-s3tests-branch-distro-default-smithi/

@mattbenjamin Take a look at this test run here, are we missing any further backports?

adamemerson · 2025-09-26T19:30:15Z

@yuriw We'll QA this one ourselves since it has s3-tests requirements

yuriw · 2025-10-02T14:33:21Z

tested ref: https://tracker.ceph.com/issues/73245

adamemerson added bug-fix needs-qa backport labels Mar 14, 2025

adamemerson added this to the v19.2.2 milestone Mar 14, 2025

adamemerson requested review from cbodley and mattbenjamin March 14, 2025 22:12

adamemerson requested a review from a team as a code owner March 14, 2025 22:12

github-actions bot added build/ops common rgw tests labels Mar 14, 2025

adamemerson marked this pull request as draft March 14, 2025 22:16

adamemerson removed the needs-qa label Mar 14, 2025

adamemerson modified the milestones: v19.2.2, squid Mar 14, 2025

adamemerson force-pushed the wip-63951-squid branch from 2662c3b to a8e6397 Compare March 14, 2025 22:59

adamemerson marked this pull request as ready for review March 14, 2025 23:00

adamemerson modified the milestones: squid, v19.2.2 Mar 14, 2025

adamemerson added the needs-qa label Mar 14, 2025

dang reviewed Mar 17, 2025

View reviewed changes

.gitmodules Outdated Show resolved Hide resolved

cbodley changed the title ~~rgw: implement S3 additional checksum suppor~~ squid: rgw: implement S3 additional checksum support Mar 17, 2025

adamemerson force-pushed the wip-63951-squid branch from a8e6397 to 75f13c1 Compare March 19, 2025 15:43

yuriw added the wip-yuri11-testing label Mar 28, 2025

cbodley previously requested changes Mar 31, 2025

View reviewed changes

adamemerson marked this pull request as draft April 2, 2025 19:03

adamemerson removed the needs-qa label Apr 9, 2025

yuriw removed the wip-yuri11-testing label Apr 9, 2025

github-actions bot added the needs-rebase label Apr 28, 2025

mattbenjamin added 3 commits July 18, 2025 09:33

mattbenjamin force-pushed the wip-63951-squid branch from e8ebf03 to 43525f8 Compare July 18, 2025 13:47

adamemerson added the needs-qa label Jul 18, 2025

anrao19 added wip-anrao1-testing and removed wip-anrao1-testing labels Jul 23, 2025

adamemerson assigned adamemerson and unassigned adamemerson Aug 28, 2025

yuriw added wip-yuri6-testing wip-yuri7-testing and removed wip-yuri6-testing labels Sep 2, 2025

yuriw added wip-yuri3-testing and removed wip-yuri7-testing labels Sep 22, 2025

adamemerson removed the needs-qa label Sep 26, 2025

yuriw removed the wip-yuri3-testing label Oct 1, 2025

Comments

Conversation

adamemerson commented Mar 14, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Contribution Guidelines

Checklist

Uh oh!

adamemerson commented Mar 14, 2025

Uh oh!

Uh oh!

cbodley left a comment

Choose a reason for hiding this comment

Uh oh!

mattbenjamin commented Jul 18, 2025

Uh oh!

adamemerson commented Jul 18, 2025

Uh oh!

cbodley commented Jul 18, 2025

Uh oh!

adamemerson commented Jul 18, 2025

Uh oh!

mattbenjamin commented Aug 28, 2025

Uh oh!

cbodley commented Sep 9, 2025

Uh oh!

adamemerson commented Sep 9, 2025

Uh oh!

cbodley commented Sep 9, 2025

Uh oh!

adamemerson commented Sep 9, 2025

Uh oh!

adamemerson commented Sep 9, 2025

Uh oh!

adamemerson commented Sep 11, 2025

Uh oh!

adamemerson commented Sep 13, 2025

Uh oh!

adamemerson commented Sep 26, 2025

Uh oh!

yuriw commented Oct 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

adamemerson commented Mar 14, 2025 •

edited

Loading