From fb11ef37b96512e4d5385c57d4c79d3ac0940b68 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 11:10:51 +0000 Subject: [PATCH 01/34] crypto(4): Fix possible use-after-free in race around detach. This is extremely unlikely because I don't think we have any drivers for removable crypto decelerators^Waccelerators...but if we were to sprout one, and someone ran crypto_dispatch concurrently with crypto_unregister, cryptodev_cb/mcb would enter with crp->crp_etype = EAGAIN and with CRYPTO_F_DONE set in crp->crp_flags. In this case, cryptodev_cb/mcb would issue crypto_dispatch but -- since nothing clears CRYPTO_F_DONE -- it would _also_ consider the request done and notify the ioctl thread of that. With this change, we return early if crypto_dispatch succeeds. No need to consult CRYPTO_F_DONE: if the callback is invoked it's done, and if we try to redispatch it on EAGAIN but crypto_dispatch fails, it's done. XXX This path could really use some testing! --- sys/opencrypto/cryptodev.c | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 19df21edd871..ee42167a66ae 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -715,20 +715,18 @@ static int cryptodev_cb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; - int error = 0; + int error; - mutex_enter(&cryptodev_mtx); - cse->error = crp->crp_etype; - if (crp->crp_etype == EAGAIN) { - /* always drop mutex to call dispatch routine */ - mutex_exit(&cryptodev_mtx); + if ((error = crp->crp_etype) == EAGAIN) { error = crypto_dispatch(crp); - mutex_enter(&cryptodev_mtx); - } - if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) { - crp->crp_devflags |= CRYPTODEV_F_RET; - cv_signal(&crp->crp_cv); + if (error == 0) + return 0; } + + mutex_enter(&cryptodev_mtx); + cse->error = error; + crp->crp_devflags |= CRYPTODEV_F_RET; + cv_signal(&crp->crp_cv); mutex_exit(&cryptodev_mtx); return 0; } @@ -737,19 +735,17 @@ static int cryptodev_mcb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; - int error = 0; + int error; - mutex_enter(&cryptodev_mtx); - cse->error = crp->crp_etype; - if (crp->crp_etype == EAGAIN) { - mutex_exit(&cryptodev_mtx); + if ((error = crp->crp_etype) == EAGAIN) { error = crypto_dispatch(crp); - mutex_enter(&cryptodev_mtx); - } - if (error != 0 || (crp->crp_flags & CRYPTO_F_DONE)) { - cv_signal(&crp->crp_cv); + if (error == 0) + return 0; } + mutex_enter(&cryptodev_mtx); + cse->error = error; + cv_signal(&crp->crp_cv); TAILQ_INSERT_TAIL(&crp->fcrp->crp_ret_mq, crp, crp_next); selnotify(&crp->fcrp->sinfo, 0, 0); mutex_exit(&cryptodev_mtx); From 64ed3ed191448fc9d0ec50e8d899414e5c469e94 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 12:29:27 +0000 Subject: [PATCH 02/34] opencrypto: Nix CRYPTO_F_DONE. Nothing uses it any more. --- sys/opencrypto/crypto.c | 4 ---- sys/opencrypto/cryptodev.h | 6 +++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 62622b2e805c..d031625410f3 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1725,8 +1725,6 @@ crypto_done(struct cryptop *crp) #endif DPRINTF("lid[%u]: crp %p\n", CRYPTO_SESID2LID(crp->crp_sid), crp); - crp->crp_flags |= CRYPTO_F_DONE; - qs = crypto_get_crp_ret_qs(crp->reqcpu); crp_ret_q = &qs->crp_ret_q; wasempty = TAILQ_EMPTY(crp_ret_q); @@ -1757,8 +1755,6 @@ crypto_kdone(struct cryptkop *krp) if (krp->krp_status != 0) cryptostats.cs_kerrs++; - krp->krp_flags |= CRYPTO_F_DONE; - qs = crypto_get_crp_ret_qs(krp->reqcpu); crp_ret_kq = &qs->crp_ret_kq; diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index e918b2670900..857960791425 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -470,10 +470,10 @@ struct cryptop { #define CRYPTO_F_REL 0x0004 /* Must return data in same place */ #define CRYPTO_F_BATCH 0x0008 /* Batch op if possible possible */ #define CRYPTO_F_UNUSED0 0x0010 /* was CRYPTO_F_CBIMM */ -#define CRYPTO_F_DONE 0x0020 /* Operation completed */ -#define CRYPTO_F_UNUSED1 0x0040 /* was CRYPTO_F_CBIFSYNC */ +#define CRYPTO_F_UNUSED1 0x0020 /* was CRYPTO_F_DONE */ +#define CRYPTO_F_UNUSED2 0x0040 /* was CRYPTO_F_CBIFSYNC */ #define CRYPTO_F_ONRETQ 0x0080 /* Request is on return queue */ -#define CRYPTO_F_UNUSED2 0x0100 /* was CRYPTO_F_USER */ +#define CRYPTO_F_UNUSED3 0x0100 /* was CRYPTO_F_USER */ #define CRYPTO_F_MORE 0x0200 /* more data to follow */ int crp_devflags; /* other than cryptodev.c must not use. */ From 9b3388a94452d69265758893afdbfe74e9630038 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:23:02 +0000 Subject: [PATCH 03/34] opencrypto: Make crp_callback, krp_callback return void. Nothing uses the return values inside opencrypto, so let's stop making users return them. --- sys/netipsec/xform_ah.c | 42 +++++++++++++++++-------------------- sys/netipsec/xform_esp.c | 41 +++++++++++++++--------------------- sys/netipsec/xform_ipcomp.c | 41 +++++++++++++++--------------------- sys/opencrypto/cryptodev.c | 24 +++++++++------------ sys/opencrypto/cryptodev.h | 4 ++-- 5 files changed, 65 insertions(+), 87 deletions(-) diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index b7e1f661e775..00f8a66618a7 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -108,8 +108,8 @@ static const char ipseczeroes[256]; int ah_max_authsize; /* max authsize over all algorithms */ -static int ah_input_cb(struct cryptop *); -static int ah_output_cb(struct cryptop *); +static void ah_input_cb(struct cryptop *); +static void ah_output_cb(struct cryptop *); const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT }; @@ -713,24 +713,24 @@ bad: #ifdef INET6 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \ if (saidx->dst.sa.sa_family == AF_INET6) { \ - error = ipsec6_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec6_common_input_cb(m, sav, skip, protoff); \ } else { \ - error = ipsec4_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec4_common_input_cb(m, sav, skip, protoff); \ } \ } while (0) #else #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \ - (error = ipsec4_common_input_cb(m, sav, skip, protoff)) + ((void)ipsec4_common_input_cb(m, sav, skip, protoff)) #endif /* * AH input callback from the crypto driver. */ -static int +static void ah_input_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; - int rplen, ahsize, error, skip, protoff; + int rplen, ahsize, skip, protoff; unsigned char calc[AH_ALEN_MAX]; struct mbuf *m; struct tdb_crypto *tc; @@ -776,12 +776,12 @@ ah_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } AH_STATINC(AH_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } else { AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]); @@ -814,7 +814,6 @@ ah_input_cb(struct cryptop *crp) pppp[4], pppp[5], pppp[6], pppp[7], pppp[8], pppp[9], pppp[10], pppp[11]); AH_STATINC(AH_STAT_BADAUTH); - error = EACCES; goto bad; } @@ -845,7 +844,6 @@ ah_input_cb(struct cryptop *crp) sizeof(seq), &seq); if (ipsec_updatereplay(ntohl(seq), sav)) { AH_STATINC(AH_STAT_REPLAY); - error = EACCES; goto bad; } } @@ -853,8 +851,7 @@ ah_input_cb(struct cryptop *crp) /* * Remove the AH header and authenticator from the mbuf. */ - error = m_striphdr(m, skip, ahsize); - if (error) { + if (m_striphdr(m, skip, ahsize) != 0) { DPRINTF("mangled mbuf chain for SA %s/%08lx\n", ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); @@ -867,7 +864,7 @@ ah_input_cb(struct cryptop *crp) KEY_SA_UNREF(&sav); IPSEC_RELEASE_GLOBAL_LOCKS(); - return error; + return; bad: if (sav) @@ -883,7 +880,7 @@ bad: } if (crp != NULL) crypto_freereq(crp); - return error; + return; } /* @@ -1135,16 +1132,16 @@ bad: /* * AH output callback from the crypto driver. */ -static int +static void ah_output_cb(struct cryptop *crp) { - int skip, error; + int skip; struct tdb_crypto *tc; const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; void *ptr; - int err, flags; + int flags; size_t size; bool pool_used; IPSEC_DECLARE_LOCK_VARIABLE; @@ -1169,12 +1166,12 @@ ah_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } AH_STATINC(AH_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } @@ -1209,11 +1206,11 @@ ah_output_cb(struct cryptop *crp) #endif /* NB: m is reclaimed by ipsec_process_done. */ - err = ipsec_process_done(m, isr, sav, flags); + (void)ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); - return err; + return; bad: if (sav) KEY_SA_UNREF(&sav); @@ -1226,7 +1223,6 @@ bad: else kmem_intr_free(tc, size); crypto_freereq(crp); - return error; } static struct xformsw ah_xformsw = { diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 5278653ad2ba..03756a09a429 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -90,8 +90,8 @@ int esp_enable = 1; static int esp_max_ivlen; /* max iv length over all algorithms */ -static int esp_input_cb(struct cryptop *op); -static int esp_output_cb(struct cryptop *crp); +static void esp_input_cb(struct cryptop *op); +static void esp_output_cb(struct cryptop *crp); const uint8_t esp_stats[256] = { SADB_EALG_STATS_INIT }; @@ -488,25 +488,25 @@ out: #ifdef INET6 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \ if (saidx->dst.sa.sa_family == AF_INET6) { \ - error = ipsec6_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec6_common_input_cb(m, sav, skip, protoff); \ } else { \ - error = ipsec4_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec4_common_input_cb(m, sav, skip, protoff); \ } \ } while (0) #else #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \ - (error = ipsec4_common_input_cb(m, sav, skip, protoff)) + ((void)ipsec4_common_input_cb(m, sav, skip, protoff)) #endif /* * ESP input callback from the crypto driver. */ -static int +static void esp_input_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; uint8_t lastthree[3], aalg[AH_ALEN_MAX]; - int hlen, skip, protoff, error; + int hlen, skip, protoff; struct mbuf *m; const struct auth_hash *esph; struct tdb_crypto *tc; @@ -542,12 +542,12 @@ esp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_SA_UNREF(&sav); IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } ESP_STATINC(ESP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } @@ -574,7 +574,6 @@ esp_input_cb(struct cryptop *crp) ipsec_address(&saidx->dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); ESP_STATINC(ESP_STAT_BADAUTH); - error = EACCES; goto bad; } @@ -606,7 +605,6 @@ esp_input_cb(struct cryptop *crp) DPRINTF("packet replay check for %s\n", ipsec_logsastr(sav, logbuf, sizeof(logbuf))); ESP_STATINC(ESP_STAT_REPLAY); - error = EACCES; goto bad; } } @@ -618,8 +616,7 @@ esp_input_cb(struct cryptop *crp) hlen = sizeof(struct newesp) + sav->ivlen; /* Remove the ESP header and IV from the mbuf. */ - error = m_striphdr(m, skip, hlen); - if (error) { + if (m_striphdr(m, skip, hlen) != 0) { ESP_STATINC(ESP_STAT_HDROPS); DPRINTF("bad mbuf chain, SA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), @@ -638,7 +635,6 @@ esp_input_cb(struct cryptop *crp) lastthree[1], m->m_pkthdr.len - skip, ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); - error = EINVAL; goto bad; } @@ -652,7 +648,6 @@ esp_input_cb(struct cryptop *crp) sizeof(buf)), (u_long) ntohl(sav->spi)); DPRINTF("%x %x\n", lastthree[0], lastthree[1]); - error = EINVAL; goto bad; } } @@ -667,7 +662,7 @@ esp_input_cb(struct cryptop *crp) KEY_SA_UNREF(&sav); IPSEC_RELEASE_GLOBAL_LOCKS(); - return error; + return; bad: if (sav) KEY_SA_UNREF(&sav); @@ -678,7 +673,6 @@ bad: pool_cache_put(esp_tdb_crypto_pool_cache, tc); if (crp != NULL) crypto_freereq(crp); - return error; } /* @@ -949,14 +943,14 @@ bad: /* * ESP output callback from the crypto driver. */ -static int +static void esp_output_cb(struct cryptop *crp) { struct tdb_crypto *tc; const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; - int err, error, flags; + int flags; IPSEC_DECLARE_LOCK_VARIABLE; KASSERT(crp->crp_opaque != NULL); @@ -976,12 +970,12 @@ esp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } ESP_STATINC(ESP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } @@ -1013,11 +1007,11 @@ esp_output_cb(struct cryptop *crp) #endif /* NB: m is reclaimed by ipsec_process_done. */ - err = ipsec_process_done(m, isr, sav, flags); + (void)ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); - return err; + return; bad: if (sav) @@ -1028,7 +1022,6 @@ bad: m_freem(m); pool_cache_put(esp_tdb_crypto_pool_cache, tc); crypto_freereq(crp); - return error; } static struct xformsw esp_xformsw = { diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index e94a0b471042..0831e1cab79e 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -75,8 +75,8 @@ percpu_t *ipcompstat_percpu; int ipcomp_enable = 1; -static int ipcomp_input_cb(struct cryptop *crp); -static int ipcomp_output_cb(struct cryptop *crp); +static void ipcomp_input_cb(struct cryptop *crp); +static void ipcomp_output_cb(struct cryptop *crp); const uint8_t ipcomp_stats[256] = { SADB_CALG_STATS_INIT }; @@ -225,20 +225,20 @@ error_m: #ifdef INET6 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) do { \ if (saidx->dst.sa.sa_family == AF_INET6) { \ - error = ipsec6_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec6_common_input_cb(m, sav, skip, protoff); \ } else { \ - error = ipsec4_common_input_cb(m, sav, skip, protoff); \ + (void)ipsec4_common_input_cb(m, sav, skip, protoff); \ } \ } while (0) #else #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff) \ - (error = ipsec4_common_input_cb(m, sav, skip, protoff)) + ((void)ipsec4_common_input_cb(m, sav, skip, protoff)) #endif /* * IPComp input callback from the crypto driver. */ -static int +static void ipcomp_input_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; @@ -247,7 +247,7 @@ ipcomp_input_cb(struct cryptop *crp) struct mbuf *m; struct secasvar *sav; struct secasindex *saidx __diagused; - int hlen = IPCOMP_HLENGTH, error, clen; + int hlen = IPCOMP_HLENGTH, clen; uint8_t nproto; struct ipcomp *ipc; IPSEC_DECLARE_LOCK_VARIABLE; @@ -275,12 +275,12 @@ ipcomp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_SA_UNREF(&sav); IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } IPCOMP_STATINC(IPCOMP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } @@ -309,7 +309,6 @@ ipcomp_input_cb(struct cryptop *crp) if (m->m_len < skip + hlen && (m = m_pullup(m, skip + hlen)) == 0) { IPCOMP_STATINC(IPCOMP_STAT_HDROPS); DPRINTF("m_pullup failed\n"); - error = EINVAL; goto bad; } ipc = (struct ipcomp *)(mtod(m, uint8_t *) + skip); @@ -323,15 +322,13 @@ ipcomp_input_cb(struct cryptop *crp) DPRINTF("nested ipcomp, IPCA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); - error = EINVAL; goto bad; default: break; } /* Remove the IPCOMP header */ - error = m_striphdr(m, skip, hlen); - if (error) { + if (m_striphdr(m, skip, hlen) != 0) { IPCOMP_STATINC(IPCOMP_STAT_HDROPS); DPRINTF("bad mbuf chain, IPCA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), @@ -346,7 +343,7 @@ ipcomp_input_cb(struct cryptop *crp) KEY_SA_UNREF(&sav); IPSEC_RELEASE_GLOBAL_LOCKS(); - return error; + return; bad: if (sav) @@ -358,7 +355,6 @@ bad: pool_cache_put(ipcomp_tdb_crypto_pool_cache, tc); if (crp) crypto_freereq(crp); - return error; } /* @@ -517,7 +513,7 @@ bad: /* * IPComp output callback from the crypto driver. */ -static int +static void ipcomp_output_cb(struct cryptop *crp) { char buf[IPSEC_ADDRSTRLEN]; @@ -525,7 +521,7 @@ ipcomp_output_cb(struct cryptop *crp) const struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m, *mo; - int error, skip, rlen, roff, flags; + int skip, rlen, roff, flags; uint8_t prot; uint16_t cpi; struct ipcomp * ipcomp; @@ -550,11 +546,11 @@ ipcomp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { IPSEC_RELEASE_GLOBAL_LOCKS(); - return crypto_dispatch(crp); + (void)crypto_dispatch(crp); + return; } IPCOMP_STATINC(IPCOMP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); - error = crp->crp_etype; goto bad; } @@ -569,7 +565,6 @@ ipcomp_output_cb(struct cryptop *crp) "IPCA %s/%08lx\n", ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); - error = ENOBUFS; goto bad; } ipcomp = (struct ipcomp *)(mtod(mo, char *) + roff); @@ -620,7 +615,6 @@ ipcomp_output_cb(struct cryptop *crp) sav->sah->saidx.dst.sa.sa_family, ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), (u_long) ntohl(sav->spi)); - error = EPFNOSUPPORT; goto bad; } } else { @@ -636,11 +630,11 @@ ipcomp_output_cb(struct cryptop *crp) crypto_freereq(crp); /* NB: m is reclaimed by ipsec_process_done. */ - error = ipsec_process_done(m, isr, sav, flags); + (void)ipsec_process_done(m, isr, sav, flags); KEY_SA_UNREF(&sav); KEY_SP_UNREF(&isr->sp); IPSEC_RELEASE_GLOBAL_LOCKS(); - return error; + return; bad: if (sav) @@ -651,7 +645,6 @@ bad: m_freem(m); pool_cache_put(ipcomp_tdb_crypto_pool_cache, tc); crypto_freereq(crp); - return error; } static struct xformsw ipcomp_xformsw = { diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index ee42167a66ae..b7199ebf247b 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -188,11 +188,11 @@ static int cryptodev_key(struct crypt_kop *); static int cryptodev_mkey(struct fcrypt *, struct crypt_n_kop *, int); static int cryptodev_msessionfin(struct fcrypt *, int, u_int32_t *); -static int cryptodev_cb(struct cryptop *); -static int cryptodevkey_cb(struct cryptkop *); +static void cryptodev_cb(struct cryptop *); +static void cryptodevkey_cb(struct cryptkop *); -static int cryptodev_mcb(struct cryptop *); -static int cryptodevkey_mcb(struct cryptkop *); +static void cryptodev_mcb(struct cryptop *); +static void cryptodevkey_mcb(struct cryptkop *); static int cryptodev_getmstatus(struct fcrypt *, struct crypt_result *, int); @@ -711,7 +711,7 @@ bail: return error; } -static int +static void cryptodev_cb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; @@ -720,7 +720,7 @@ cryptodev_cb(struct cryptop *crp) if ((error = crp->crp_etype) == EAGAIN) { error = crypto_dispatch(crp); if (error == 0) - return 0; + return; } mutex_enter(&cryptodev_mtx); @@ -728,10 +728,9 @@ cryptodev_cb(struct cryptop *crp) crp->crp_devflags |= CRYPTODEV_F_RET; cv_signal(&crp->crp_cv); mutex_exit(&cryptodev_mtx); - return 0; } -static int +static void cryptodev_mcb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; @@ -740,7 +739,7 @@ cryptodev_mcb(struct cryptop *crp) if ((error = crp->crp_etype) == EAGAIN) { error = crypto_dispatch(crp); if (error == 0) - return 0; + return; } mutex_enter(&cryptodev_mtx); @@ -749,10 +748,9 @@ cryptodev_mcb(struct cryptop *crp) TAILQ_INSERT_TAIL(&crp->fcrp->crp_ret_mq, crp, crp_next); selnotify(&crp->fcrp->sinfo, 0, 0); mutex_exit(&cryptodev_mtx); - return 0; } -static int +static void cryptodevkey_cb(struct cryptkop *krp) { @@ -760,10 +758,9 @@ cryptodevkey_cb(struct cryptkop *krp) krp->krp_devflags |= CRYPTODEV_F_RET; cv_signal(&krp->krp_cv); mutex_exit(&cryptodev_mtx); - return 0; } -static int +static void cryptodevkey_mcb(struct cryptkop *krp) { @@ -772,7 +769,6 @@ cryptodevkey_mcb(struct cryptkop *krp) TAILQ_INSERT_TAIL(&krp->fcrp->crp_ret_mkq, krp, krp_next); selnotify(&krp->fcrp->sinfo, 0, 0); mutex_exit(&cryptodev_mtx); - return 0; } static int diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index 857960791425..2e7daae1e9a6 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -483,7 +483,7 @@ struct cryptop { void * crp_opaque; /* Opaque pointer, passed along */ struct cryptodesc *crp_desc; /* Linked list of processing descriptors */ - int (*crp_callback)(struct cryptop *); /* + void (*crp_callback)(struct cryptop *); /* * Callback function. * That must not sleep as it is * called in softint context. @@ -538,7 +538,7 @@ struct cryptkop { u_short krp_oparams; /* # of output parameters */ u_int32_t krp_hid; struct crparam krp_param[CRK_MAXPARAM]; /* kvm */ - int (*krp_callback)(struct cryptkop *); /* + void (*krp_callback)(struct cryptkop *); /* * Callback function. * That must not sleep as it is * called in softint context. From 287c045a486e00a643533e47ab6b814481e59454 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:32:58 +0000 Subject: [PATCH 04/34] ubsec(4): Fix error branch: call crypto_kdone, don't return error. --- sys/dev/pci/ubsec.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 4373aa883f9f..f05938a8cef2 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -2883,8 +2883,10 @@ ubsec_kprocess_rsapriv(struct ubsec_softc *sc, struct cryptkop *krp, } rp = malloc(sizeof *rp, M_DEVBUF, M_NOWAIT|M_ZERO); - if (rp == NULL) - return (ENOMEM); + if (rp == NULL) { + err = ENOMEM; + goto errout; + } rp->rpr_krp = krp; rp->rpr_q.q_type = UBS_CTXOP_RSAPRIV; From 4e086d3ee7b0410994e1610ce6529f74508b6050 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:37:19 +0000 Subject: [PATCH 05/34] ubsec(4): ubsec_kprocess always returns zero. Prune dead branches. --- sys/dev/pci/ubsec.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index f05938a8cef2..c80ead209e54 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -118,11 +118,11 @@ static void ubsec_dma_free(struct ubsec_softc *, struct ubsec_dma_alloc *); static int ubsec_dmamap_aligned(bus_dmamap_t); static int ubsec_kprocess(void*, struct cryptkop *, int); -static int ubsec_kprocess_modexp_sw(struct ubsec_softc *, +static void ubsec_kprocess_modexp_sw(struct ubsec_softc *, struct cryptkop *, int); -static int ubsec_kprocess_modexp_hw(struct ubsec_softc *, +static void ubsec_kprocess_modexp_hw(struct ubsec_softc *, struct cryptkop *, int); -static int ubsec_kprocess_rsapriv(struct ubsec_softc *, +static void ubsec_kprocess_rsapriv(struct ubsec_softc *, struct cryptkop *, int); static void ubsec_kfree(struct ubsec_softc *, struct ubsec_q2 *); static int ubsec_ksigbits(struct crparam *); @@ -2396,7 +2396,6 @@ static int ubsec_kprocess(void *arg, struct cryptkop *krp, int hint) { struct ubsec_softc *sc = arg; - int r; while (!SIMPLEQ_EMPTY(&sc->sc_q2free)) { struct ubsec_q2 *q; @@ -2409,27 +2408,26 @@ ubsec_kprocess(void *arg, struct cryptkop *krp, int hint) switch (krp->krp_op) { case CRK_MOD_EXP: if (sc->sc_flags & UBS_FLAGS_HWNORM) - r = ubsec_kprocess_modexp_hw(sc, krp, hint); + ubsec_kprocess_modexp_hw(sc, krp, hint); else - r = ubsec_kprocess_modexp_sw(sc, krp, hint); + ubsec_kprocess_modexp_sw(sc, krp, hint); break; case CRK_MOD_EXP_CRT: - r = ubsec_kprocess_rsapriv(sc, krp, hint); + ubsec_kprocess_rsapriv(sc, krp, hint); break; default: printf("%s: kprocess: invalid op 0x%x\n", device_xname(sc->sc_dev), krp->krp_op); krp->krp_status = EOPNOTSUPP; crypto_kdone(krp); - r = 0; } - return (r); + return 0; } /* * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (sw normalization) */ -static int +static void ubsec_kprocess_modexp_sw(struct ubsec_softc *sc, struct cryptkop *krp, int hint) { @@ -2600,7 +2598,7 @@ ubsec_kprocess_modexp_sw(struct ubsec_softc *sc, struct cryptkop *krp, ubsecstats.hst_modexp++; mutex_spin_exit(&sc->sc_mtx); - return (0); + return; errout: if (me != NULL) { @@ -2629,13 +2627,12 @@ errout: } krp->krp_status = err; crypto_kdone(krp); - return (0); } /* * Start computation of cr[C] = (cr[M] ^ cr[E]) mod cr[N] (hw normalization) */ -static int +static void ubsec_kprocess_modexp_hw(struct ubsec_softc *sc, struct cryptkop *krp, int hint) { @@ -2805,7 +2802,7 @@ ubsec_kprocess_modexp_hw(struct ubsec_softc *sc, struct cryptkop *krp, ubsec_feed2(sc); mutex_spin_exit(&sc->sc_mtx); - return (0); + return; errout: if (me != NULL) { @@ -2834,10 +2831,9 @@ errout: } krp->krp_status = err; crypto_kdone(krp); - return (0); } -static int +static void ubsec_kprocess_rsapriv(struct ubsec_softc *sc, struct cryptkop *krp, int hint) { @@ -3004,7 +3000,7 @@ ubsec_kprocess_rsapriv(struct ubsec_softc *sc, struct cryptkop *krp, ubsec_feed2(sc); ubsecstats.hst_modexpcrt++; mutex_spin_exit(&sc->sc_mtx); - return (0); + return; errout: if (rp != NULL) { @@ -3024,7 +3020,6 @@ errout: } krp->krp_status = err; crypto_kdone(krp); - return (0); } #ifdef UBSEC_DEBUG From fc722e68c471d501911bed169302faf510a0ef00 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:40:16 +0000 Subject: [PATCH 06/34] hifn(4): Nix dead code. crp and callback are guaranteed nonnull. --- sys/dev/pci/hifn7751.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 2e0c2dc93d58..df676b5c69bc 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -2178,11 +2178,6 @@ hifn_process(void *arg, struct cryptop *crp, int hint) int session, err = 0, ivlen; struct cryptodesc *crd1, *crd2, *maccrd, *enccrd; - if (crp == NULL || crp->crp_callback == NULL) { - hifnstats.hst_invalid++; - return (EINVAL); - } - if ((cmd = pool_cache_get(sc->sc_cmd_cache, PR_NOWAIT)) == NULL) { hifnstats.hst_nomem++; return (ENOMEM); From f71ec769d9dd173209419b8e0b454d324c964a8b Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:41:36 +0000 Subject: [PATCH 07/34] hifn(4): Fix error branches to do crypto_done, not return error. --- sys/dev/pci/hifn7751.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index df676b5c69bc..8299307b341e 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -2180,7 +2180,8 @@ hifn_process(void *arg, struct cryptop *crp, int hint) if ((cmd = pool_cache_get(sc->sc_cmd_cache, PR_NOWAIT)) == NULL) { hifnstats.hst_nomem++; - return (ENOMEM); + err = ENOMEM; + goto errout; } mutex_spin_enter(&sc->sc_mtx); @@ -2627,7 +2628,7 @@ hifn_compression(struct hifn_softc *sc, struct cryptop *crp, * XXX dynamically resize them. */ err = EINVAL; - return (ENOMEM); + goto fail; } if ((crd->crd_flags & CRD_F_COMP) == 0) From 72f4872375c95b5e4a927c8324672a237d1eff5e Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:42:40 +0000 Subject: [PATCH 08/34] hifn(4): hifn_compression always returns zero. Prune dead branches. --- sys/dev/pci/hifn7751.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 8299307b341e..8c8fe4afa8f4 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -128,7 +128,7 @@ static void hifn_alloc_slot(struct hifn_softc *, int *, int *, int *, static void hifn_write_4(struct hifn_softc *, int, bus_size_t, uint32_t); static uint32_t hifn_read_4(struct hifn_softc *, int, bus_size_t); #ifdef CRYPTO_LZS_COMP -static int hifn_compression(struct hifn_softc *, struct cryptop *, +static void hifn_compression(struct hifn_softc *, struct cryptop *, struct hifn_command *); static struct mbuf *hifn_mkmbuf_chain(int, struct mbuf *); static int hifn_compress_enter(struct hifn_softc *, struct hifn_command *); @@ -2226,9 +2226,9 @@ hifn_process(void *arg, struct cryptop *crp, int hint) enccrd = crd1; #ifdef CRYPTO_LZS_COMP } else if (crd1->crd_alg == CRYPTO_LZS_COMP) { - err = hifn_compression(sc, crp, cmd); + hifn_compression(sc, crp, cmd); mutex_spin_exit(&sc->sc_mtx); - return err; + return 0; #endif } else { err = EINVAL; @@ -2612,7 +2612,7 @@ hifn_callback(struct hifn_softc *sc, struct hifn_command *cmd, uint8_t *resbuf) #ifdef CRYPTO_LZS_COMP -static int +static void hifn_compression(struct hifn_softc *sc, struct cryptop *crp, struct hifn_command *cmd) { @@ -2702,10 +2702,10 @@ hifn_compression(struct hifn_softc *sc, struct cryptop *crp, cmd->softc = sc; err = hifn_compress_enter(sc, cmd); - - if (err != 0) + if (err) goto fail; - return (0); + + return; fail: if (cmd->dst_map != NULL) { @@ -2724,7 +2724,6 @@ fail: hifnstats.hst_nomem++; crp->crp_etype = err; crypto_done(crp); - return (0); } static int From 1383493fd956f1288d35b86c44ac149fad02b933 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:47:20 +0000 Subject: [PATCH 09/34] opencrypto: Assert crp_desc and crp_buf are nonnull. - crypto_getreq ensures crp_desc is nonnull. - Caller is responsible for setting crp_buf. --- sys/opencrypto/crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index d031625410f3..aef842158e6b 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1264,6 +1264,8 @@ crypto_dispatch(struct cryptop *crp) struct crypto_crp_q *crp_q; KASSERT(crp != NULL); + KASSERT(crp->crp_desc != NULL); + KASSERT(crp->crp_buf != NULL); KASSERT(!cpu_intr_p()); DPRINTF("crp %p, alg %d\n", crp, crp->crp_desc->crd_alg); From e9815060fc9a22f7efe1b34cdf99c5d2769ed82f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:53:20 +0000 Subject: [PATCH 10/34] crypto(4): Refuse crypto operations with nothing in them earlier. This way we avoid passing 0 to crypto_getreq -- makes it easier to reason about everything downstream. --- sys/opencrypto/cryptodev.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index b7199ebf247b..64f9b5e351ca 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -471,6 +471,9 @@ cryptodev_op(struct csession *cse, struct crypt_op *cop, struct lwp *l) return EINVAL; } + if (cse->tcomp == NULL && cse->txform == NULL && cse->thash == NULL) + return EINVAL; + DPRINTF("cryptodev_op[%u]: iov_len %d\n", CRYPTO_SESID2LID(cse->sid), iov_len); if ((cse->tcomp) && cop->dst_len) { @@ -1132,6 +1135,13 @@ cryptodev_mop(struct fcrypt *fcr, } } + if (cse->txform == NULL && + cse->thash == NULL && + cse->tcomp == NULL) { + cnop[req].status = EINVAL; + goto bail; + } + /* sanitize */ if (cnop[req].len <= 0) { cnop[req].status = ENOMEM; From d2931dda69185adf54b9e0d7b800f470da12043d Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 13:54:12 +0000 Subject: [PATCH 11/34] opencrypto: Assert num>0 in crypto_getreq, num=1 in crypto_kgetreq. - For crypto_getreq this makes downstream reasoning easier: on success, crp_desc is guaranteed to be nonnull. - For crypto_kgetreq, this was already assumed, just silently ignored and not checked by anything. --- share/man/man9/opencrypto.9 | 6 ++++-- sys/opencrypto/crypto.c | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index 1d07963471f4..bf0337e86454 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -417,7 +417,8 @@ allocates a .Fa cryptop structure with a linked list of as many .Fa cryptodesc -structures as were specified in the argument passed to it. +structures as were specified in the argument passed to it, which must +be at least 1. .Pp .Fn crypto_freereq deallocates a structure @@ -462,7 +463,8 @@ allocates a .Fa cryptkop structure. The first argument means the same as -.Fn crypto_getreq . +.Fn crypto_getreq , +except it is currently limited to be exactly 1. The second argument means flags passed to .Fn pool_get . .Pp diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index aef842158e6b..661a0add4d1f 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1620,6 +1620,8 @@ crypto_getreq(int num) struct cryptop *crp; struct crypto_crp_ret_qs *qs; + KASSERT(num > 0); + /* * When crp_ret_q is full, we restrict here to avoid crp_ret_q overflow * by error callback. @@ -1680,11 +1682,13 @@ crypto_kfreereq(struct cryptkop *krp) * Currently, support one descriptor only. */ struct cryptkop * -crypto_kgetreq(int num __unused, int prflags) +crypto_kgetreq(int num __diagused, int prflags) { struct cryptkop *krp; struct crypto_crp_ret_qs *qs; + KASSERTMSG(num == 1, "num=%d not supported", num); + /* * When crp_ret_kq is full, we restrict here to avoid crp_ret_kq * overflow by error callback. From 66cc6c3fe04248d9f0e11d61948b2f092011eb82 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:35:40 +0000 Subject: [PATCH 12/34] ubsec(4): Assert crp_sid is valid. If opencrypto passes a bad sid in, that's a bug in opencrypto that needs to be fixed, not a user-triggered invalid input that we need to fail gracefully on. --- sys/dev/pci/ubsec.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index c80ead209e54..6b17d902e91a 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1158,10 +1158,9 @@ ubsec_process(void *arg, struct cryptop *crp, int hint) u_int16_t flags = 0; int ivlen = 0, keylen = 0; - if (UBSEC_SESSION(crp->crp_sid) >= sc->sc_nsessions) { - ubsecstats.hst_badsession++; - return (EINVAL); - } + KASSERTMSG(UBSEC_SESSION(crp->crp_sid) < sc->sc_nsessions, + "invalid session id 0x%"PRIx64", nsessions=%d", + crp->crp_sid, sc->sc_nsessions); mutex_spin_enter(&sc->sc_mtx); From 455fab91c22909af26558acb97e5d2950c442bd4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:40:10 +0000 Subject: [PATCH 13/34] hifn(4): Make ERESTART return more obvious. --- sys/dev/pci/hifn7751.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 8c8fe4afa8f4..7216d922dfc4 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -2409,7 +2409,7 @@ hifn_process(void *arg, struct cryptop *crp, int hint) sc->sc_needwakeup |= CRYPTO_SYMQ; mutex_spin_exit(&sc->sc_mtx); pool_cache_put(sc->sc_cmd_cache, cmd); - return (err); + return ERESTART; } errout: @@ -2427,7 +2427,7 @@ errout: pool_cache_put(sc->sc_cmd_cache, cmd); } crypto_done(crp); - return (0); + return 0; } static void From 6b282a29bd8602cdd96844036db2bd09475b9e88 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:49:18 +0000 Subject: [PATCH 14/34] ubsec(4): Tidy up error branches of ubsec_process. Make sure to return zero, not error, when we've already done crypto_done and set crp_etype. --- sys/dev/pci/ubsec.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 6b17d902e91a..d5e9f80ed070 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -1163,14 +1163,12 @@ ubsec_process(void *arg, struct cryptop *crp, int hint) crp->crp_sid, sc->sc_nsessions); mutex_spin_enter(&sc->sc_mtx); - if (SIMPLEQ_EMPTY(&sc->sc_freequeue)) { ubsecstats.hst_queuefull++; - sc->sc_needwakeup |= CRYPTO_SYMQ; mutex_spin_exit(&sc->sc_mtx); - return(ERESTART); + err = ERESTART; + goto errout; } - q = SIMPLEQ_FIRST(&sc->sc_freequeue); SIMPLEQ_REMOVE_HEAD(&sc->sc_freequeue, /*q,*/ q_next); mutex_spin_exit(&sc->sc_mtx); @@ -1760,7 +1758,7 @@ ubsec_process(void *arg, struct cryptop *crp, int hint) if ((hint & CRYPTO_HINT_MORE) == 0 || sc->sc_nqueue >= ubsec_maxbatch) ubsec_feed(sc); mutex_spin_exit(&sc->sc_mtx); - return (0); + return 0; errout: if (q != NULL) { @@ -1778,19 +1776,15 @@ errout: SIMPLEQ_INSERT_TAIL(&sc->sc_freequeue, q, q_next); mutex_spin_exit(&sc->sc_mtx); } -#if 0 /* jonathan says: this openbsd code seems to be subsumed elsewhere */ - if (err == EINVAL) - ubsecstats.hst_invalid++; - else - ubsecstats.hst_nomem++; -#endif - if (err != ERESTART) { - crp->crp_etype = err; - crypto_done(crp); - } else { + if (err == ERESTART) { + mutex_spin_enter(&sc->sc_mtx); sc->sc_needwakeup |= CRYPTO_SYMQ; + mutex_spin_exit(&sc->sc_mtx); + return ERESTART; } - return (err); + crp->crp_etype = err; + crypto_done(crp); + return 0; } static void From 32e2f07538d7aa4c04f7b232c290acd46a438d52 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:50:05 +0000 Subject: [PATCH 15/34] glxsb(4): Return zero, not error, if we've issued crypto_done. --- sys/arch/i386/pci/glxsb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index 5370e1bea3b9..8dc98dd3afd3 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -581,7 +581,7 @@ out: crp->crp_etype = err; crypto_done(crp); splx(s); - return (err); + return 0; } int From 9153f989d83e655b45540fe3595f845df60c828f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:51:12 +0000 Subject: [PATCH 16/34] padlock(4): Return zero, not error, if we've issued crypto_done. --- sys/arch/x86/x86/via_padlock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/arch/x86/x86/via_padlock.c b/sys/arch/x86/x86/via_padlock.c index b49b4084ff43..03ae8fca59b2 100644 --- a/sys/arch/x86/x86/via_padlock.c +++ b/sys/arch/x86/x86/via_padlock.c @@ -504,7 +504,7 @@ via_padlock_crypto_process(void *arg, struct cryptop *crp, int hint) out: crp->crp_etype = err; crypto_done(crp); - return (err); + return 0; } static int From f87328a469bf74dced7469c796f2f1c4367cf7b5 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:56:01 +0000 Subject: [PATCH 17/34] glxsb(4): Prune dead branches. Assert session id validity. --- sys/arch/i386/pci/glxsb.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index 8dc98dd3afd3..8479d4c43a5b 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -314,8 +314,7 @@ glxsb_crypto_newsession(void *aux, uint32_t *sidp, struct cryptoini *cri) struct glxsb_session *ses = NULL; int sesn; - if (sc == NULL || sidp == NULL || cri == NULL || - cri->cri_next != NULL || cri->cri_alg != CRYPTO_AES_CBC || + if (cri->cri_next != NULL || cri->cri_alg != CRYPTO_AES_CBC || cri->cri_klen != 128) return (EINVAL); @@ -360,11 +359,10 @@ glxsb_crypto_freesession(void *aux, uint64_t tid) int sesn; uint32_t sid = ((uint32_t)tid) & 0xffffffff; - if (sc == NULL) - return (EINVAL); sesn = GLXSB_SESSION(sid); - if (sesn >= sc->sc_nsessions) - return (EINVAL); + KASSERTMSG(sesn < sc->sc_nsessions, "sesn=%d nsessions=%d", + sesn, sc->sc_nsessions); + memset(&sc->sc_sessions[sesn], 0, sizeof(sc->sc_sessions[sesn])); return (0); } From f419c1eb6c63826f2afc4f95daa745a838ac75c4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:56:46 +0000 Subject: [PATCH 18/34] padlock(4): Prune dead branches. Assert session id validity. --- sys/arch/x86/x86/via_padlock.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/sys/arch/x86/x86/via_padlock.c b/sys/arch/x86/x86/via_padlock.c index 03ae8fca59b2..553c7cbeb467 100644 --- a/sys/arch/x86/x86/via_padlock.c +++ b/sys/arch/x86/x86/via_padlock.c @@ -135,10 +135,6 @@ via_padlock_crypto_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri) struct swcr_data *swd; int sesn, i, cw0; - KASSERT(sc != NULL /*, ("via_padlock_crypto_freesession: null softc")*/); - if (sc == NULL || sidp == NULL || cri == NULL) - return (EINVAL); - if (sc->sc_sessions == NULL) { ses = sc->sc_sessions = malloc(sizeof(*ses), M_DEVBUF, M_NOWAIT); @@ -311,13 +307,10 @@ via_padlock_crypto_freesession(void *arg, uint64_t tid) int sesn; uint32_t sid = ((uint32_t)tid) & 0xffffffff; - KASSERT(sc != NULL /*, ("via_padlock_crypto_freesession: null softc")*/); - if (sc == NULL) - return (EINVAL); - sesn = VIAC3_SESSION(sid); - if (sesn >= sc->sc_nsessions) - return (EINVAL); + KASSERTMSG(sesn >= 0, "sesn=%d", sesn); + KASSERTMSG(sesn < sc->sc_nsessions, "sesn=%d nsessions=%d", + sesn, sc->sc_nsessions); if (sc->sc_sessions[sesn].swd) { swd = sc->sc_sessions[sesn].swd; From 4f58bb7ba6372af0f1af997b0d72117c2366b4c4 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:57:06 +0000 Subject: [PATCH 19/34] mvcesa(4): Prune dead branches. Assert session id validity. --- sys/dev/marvell/mvcesa.c | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/sys/dev/marvell/mvcesa.c b/sys/dev/marvell/mvcesa.c index 973dcb39f575..af86258d10f4 100644 --- a/sys/dev/marvell/mvcesa.c +++ b/sys/dev/marvell/mvcesa.c @@ -332,11 +332,10 @@ mvcesa_freesession(void *arg, u_int64_t tid) int session; uint32_t sid = ((uint32_t)tid) & 0xffffffff; - KASSERT(sc != NULL /*, ("mvcesa_freesession: null softc")*/); - session = MVCESA_SESSION(sid); - if (session >= sc->sc_nsessions) - return EINVAL; + KASSERTMSG(session >= 0, "session=%d", session); + KASSERTMSG(session < sc->sc_nsessions, "session=%d nsessions=%d", + session, sc->sc_nsessions); memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session])); return (0); @@ -345,7 +344,7 @@ mvcesa_freesession(void *arg, u_int64_t tid) static int mvcesa_process(void *arg, struct cryptop *crp, int hint) { - struct mvcesa_softc *sc = (struct mvcesa_softc *)arg; + struct mvcesa_softc *sc = arg; struct mvcesa_session *ses; struct cryptodesc *crd; struct mbuf *m = NULL; @@ -353,20 +352,9 @@ mvcesa_process(void *arg, struct cryptop *crp, int hint) int session; char *buf = NULL; - KASSERT(sc != NULL /*, ("mvcesa_process: null softc")*/); - - if (crp == NULL) - return EINVAL; - if (crp->crp_callback == NULL || sc == NULL) { - crp->crp_etype = EINVAL; - goto done; - } - session = MVCESA_SESSION(crp->crp_sid); - if (session >= sc->sc_nsessions) { - crp->crp_etype = ENOENT; - goto done; - } + KASSERTMSG(session < sc->sc_nsessions, "session=%d nsessions=%d", + session, sc->sc_nsessions); ses = &sc->sc_sessions[session]; if (crp->crp_flags & CRYPTO_F_IMBUF) From eb781cd224efda593b1980b2e042ad6eb3b8c4fd Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:57:24 +0000 Subject: [PATCH 20/34] hifn(4): Prune dead branches. Assert session id validity. --- sys/dev/pci/hifn7751.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index 7216d922dfc4..aaa7cc0c730b 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -2077,10 +2077,6 @@ hifn_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri) struct hifn_softc *sc = arg; int i, mac = 0, cry = 0, comp = 0, retval = EINVAL; - KASSERT(sc != NULL /*, ("hifn_newsession: null softc")*/); - if (sidp == NULL || cri == NULL || sc == NULL) - return retval; - mutex_spin_enter(&sc->sc_mtx); for (i = 0; i < sc->sc_maxses; i++) if (isclr(sc->sc_sessions, i)) @@ -2155,16 +2151,12 @@ hifn_freesession(void *arg, uint64_t tid) int session; uint32_t sid = ((uint32_t) tid) & 0xffffffff; - KASSERT(sc != NULL /*, ("hifn_freesession: null softc")*/); - if (sc == NULL) - return (EINVAL); - mutex_spin_enter(&sc->sc_mtx); session = HIFN_SESSION(sid); - if (session >= sc->sc_maxses) { - mutex_spin_exit(&sc->sc_mtx); - return (EINVAL); - } + KASSERTMSG(session >= 0, "session=%d", session); + KASSERTMSG(session < sc->sc_maxses, "session=%d maxses=%d", + session, sc->sc_maxses); + KASSERT(isset(sc->sc_sessions, session)); clrbit(sc->sc_sessions, session); mutex_spin_exit(&sc->sc_mtx); return (0); @@ -2186,10 +2178,8 @@ hifn_process(void *arg, struct cryptop *crp, int hint) mutex_spin_enter(&sc->sc_mtx); session = HIFN_SESSION(crp->crp_sid); - if (session >= sc->sc_maxses) { - err = EINVAL; - goto errout; - } + KASSERTMSG(session < sc->sc_maxses, "session=%d maxses=%d", + session, sc->sc_maxses); if (crp->crp_flags & CRYPTO_F_IMBUF) { cmd->srcu.src_m = (struct mbuf *)crp->crp_buf; From 786558adfde1011b847a0a1129f5706f9a61f3d1 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 14:57:39 +0000 Subject: [PATCH 21/34] ubsec(4): Prune dead branches. Assert session id validity. --- sys/dev/pci/ubsec.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index d5e9f80ed070..7b5b54de8ae9 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -955,18 +955,12 @@ static int ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) { struct cryptoini *c, *encini = NULL, *macini = NULL; - struct ubsec_softc *sc; + struct ubsec_softc *sc = arg; struct ubsec_session *ses = NULL; MD5_CTX md5ctx; SHA1_CTX sha1ctx; int i, sesn; - sc = arg; - KASSERT(sc != NULL /*, ("ubsec_newsession: null softc")*/); - - if (sidp == NULL || cri == NULL || sc == NULL) - return (EINVAL); - for (c = cri; c != NULL; c = c->cri_next) { if (c->cri_alg == CRYPTO_MD5_HMAC_96 || c->cri_alg == CRYPTO_SHA1_HMAC_96) { @@ -1108,16 +1102,14 @@ ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) static int ubsec_freesession(void *arg, u_int64_t tid) { - struct ubsec_softc *sc; + struct ubsec_softc *sc = arg; int session; u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; - sc = arg; - KASSERT(sc != NULL /*, ("ubsec_freesession: null softc")*/); - session = UBSEC_SESSION(sid); - if (session >= sc->sc_nsessions) - return (EINVAL); + KASSERTMSG(session >= 0, "session=%d", session); + KASSERTMSG(session < sc->sc_nsessions, "session=%d nsessions=%d", + session, sc->sc_nsessions); memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session])); return (0); From fb27bccdd050adb4a472292bf7d35bd48ed5743b Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:01:40 +0000 Subject: [PATCH 22/34] mvxpsec(4): Prune dead branches. Assert session id validity. --- sys/dev/marvell/mvxpsec.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/sys/dev/marvell/mvxpsec.c b/sys/dev/marvell/mvxpsec.c index 1c7535897068..1646f791db0d 100644 --- a/sys/dev/marvell/mvxpsec.c +++ b/sys/dev/marvell/mvxpsec.c @@ -2029,21 +2029,13 @@ mvxpsec_freesession(void *arg, uint64_t tid) uint32_t sid = ((uint32_t)tid) & 0xffffffff; session = MVXPSEC_SESSION(sid); - if (session < 0 || session >= MVXPSEC_MAX_SESSIONS) { - log(LOG_ERR, "%s: invalid session (id:%u)\n", - __func__, session); - return EINVAL; - } + KASSERTMSG(session >= 0, "session=%d", session); + KASSERTMSG(session < MVXPSEC_MAX_SESSIONS, "session=%d max=%d", + session, MVXPSEC_MAX_SESSIONS); mutex_enter(&sc->sc_session_mtx); - if ( (mv_s = sc->sc_sessions[session]) == NULL) { - mutex_exit(&sc->sc_session_mtx); -#ifdef DEBUG - log(LOG_DEBUG, "%s: session %d already inactivated\n", - __func__, session); -#endif - return ENOENT; - } + mv_s = sc->sc_sessions[session]; + KASSERT(mv_s != NULL); MVXPSEC_PRINTF(MVXPSEC_DEBUG_OPENCRYPTO, "%s: inactivate session %d\n", __func__, session); From 5946ae7ab30665bed438fe8463a5d44bb645ef0f Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:07:34 +0000 Subject: [PATCH 23/34] cryptosoft(4): Prune dead branches. Assert session id validity. --- sys/opencrypto/cryptosoft.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index 3fa1362da9a7..387d30517cc3 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -766,9 +766,6 @@ swcr_newsession(void *arg, u_int32_t *sid, struct cryptoini *cri) u_int32_t i; int k, error; - if (sid == NULL || cri == NULL) - return EINVAL; - if (swcr_sessions) { for (i = 1; i < swcr_sesnum; i++) if (swcr_sessions[i] == NULL) @@ -1128,9 +1125,9 @@ swcr_freesession(void *arg, u_int64_t tid) struct swcr_data *swd; u_int32_t sid = ((u_int32_t) tid) & 0xffffffff; - if (sid > swcr_sesnum || swcr_sessions == NULL || - swcr_sessions[sid] == NULL) - return EINVAL; + KASSERTMSG(sid < swcr_sesnum, "sid=%"PRIu32" swcr_sesnum=%"PRIu32, + sid, swcr_sesnum); + KASSERT(swcr_sessions[sid]); /* Silently accept and return */ if (sid == 0) From 0368ef4de3710da940d32a7ea22787962d4d7388 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:21:58 +0000 Subject: [PATCH 24/34] netipsec: Nothing uses xf_zeroize return value. Nix it. --- sys/netipsec/xform.h | 4 ++-- sys/netipsec/xform_ah.c | 6 ++---- sys/netipsec/xform_esp.c | 5 ++--- sys/netipsec/xform_ipcomp.c | 6 ++---- sys/netipsec/xform_ipip.c | 3 +-- sys/netipsec/xform_tcp.c | 4 +--- 6 files changed, 10 insertions(+), 18 deletions(-) diff --git a/sys/netipsec/xform.h b/sys/netipsec/xform.h index 6bae045bf07a..84c9debd72d6 100644 --- a/sys/netipsec/xform.h +++ b/sys/netipsec/xform.h @@ -77,7 +77,7 @@ struct xformsw { #define XFT_COMP 0x1000 const char *xf_name; int (*xf_init)(struct secasvar *, const struct xformsw *); - int (*xf_zeroize)(struct secasvar *); + void (*xf_zeroize)(struct secasvar *); int (*xf_input)(struct mbuf *, struct secasvar *, int, int); int (*xf_output)(struct mbuf *, const struct ipsecrequest *, struct secasvar *, int, int, int); @@ -95,7 +95,7 @@ int ipip_output(struct mbuf *, struct secasvar *, struct mbuf **); /* XF_AH */ int ah_init0(struct secasvar *, const struct xformsw *, struct cryptoini *); -int ah_zeroize(struct secasvar *); +void ah_zeroize(struct secasvar *); const struct auth_hash *ah_algorithm_lookup(int); size_t ah_authsiz(const struct secasvar *); size_t ah_hdrsiz(const struct secasvar *); diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 00f8a66618a7..4e12e544693c 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -264,21 +264,19 @@ ah_init(struct secasvar *sav, const struct xformsw *xsp) * * NB: public for use by esp_zeroize (XXX). */ -int +void ah_zeroize(struct secasvar *sav) { - int err; if (sav->key_auth) { explicit_memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth)); } - err = crypto_freesession(sav->tdb_cryptoid); + (void)crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = 0; sav->tdb_authalgxform = NULL; sav->tdb_xform = NULL; - return err; } /* diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 03756a09a429..3e0ee5bbaa7a 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -280,11 +280,11 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp) /* * Paranoia. */ -static int +static void esp_zeroize(struct secasvar *sav) { /* NB: ah_zerorize free's the crypto session state */ - int error = ah_zeroize(sav); + ah_zeroize(sav); if (sav->key_enc) { explicit_memset(_KEYBUF(sav->key_enc), 0, @@ -292,7 +292,6 @@ esp_zeroize(struct secasvar *sav) } sav->tdb_encalgxform = NULL; sav->tdb_xform = NULL; - return error; } /* diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 0831e1cab79e..6e76abbeb462 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -124,14 +124,12 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp) /* * ipcomp_zeroize() used when IPCA is deleted */ -static int +static void ipcomp_zeroize(struct secasvar *sav) { - int err; - err = crypto_freesession(sav->tdb_cryptoid); + (void)crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = 0; - return err; } /* diff --git a/sys/netipsec/xform_ipip.c b/sys/netipsec/xform_ipip.c index b6b21808ec0d..a188db7bed52 100644 --- a/sys/netipsec/xform_ipip.c +++ b/sys/netipsec/xform_ipip.c @@ -556,11 +556,10 @@ ipe4_init(struct secasvar *sav, const struct xformsw *xsp) return 0; } -static int +static void ipe4_zeroize(struct secasvar *sav) { sav->tdb_xform = NULL; - return 0; } static int diff --git a/sys/netipsec/xform_tcp.c b/sys/netipsec/xform_tcp.c index bc61c2781972..8aec6c7fb0cd 100644 --- a/sys/netipsec/xform_tcp.c +++ b/sys/netipsec/xform_tcp.c @@ -108,7 +108,7 @@ tcpsignature_init(struct secasvar *sav, const struct xformsw *xsp) return 0; } -static int +static void tcpsignature_zeroize(struct secasvar *sav) { if (sav->key_auth) { @@ -119,8 +119,6 @@ tcpsignature_zeroize(struct secasvar *sav) sav->tdb_cryptoid = 0; sav->tdb_authalgxform = NULL; sav->tdb_xform = NULL; - - return 0; } static int From 2ceba381bd7895626e0cfcacba5ca80f793a6157 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:26:55 +0000 Subject: [PATCH 25/34] crypto(4): crypto_freesession should never fail here. It can only fail if we pass it an invalid sid, which the logic to maintain the user sessions should not do. So kassert error=0 here. --- sys/opencrypto/cryptodev.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 64f9b5e351ca..2d4a7634daad 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -1021,6 +1021,7 @@ csefree(struct csession *cse) int error; error = crypto_freesession(cse->sid); + KASSERTMSG(error == 0, "error=%d", error); if (cse->key) free(cse->key, M_XDATA); if (cse->mackey) From e8c87878f721bc4827ef77eb843b42f656085c75 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:35:44 +0000 Subject: [PATCH 26/34] opencrypto: Make freesession callback return void. No functional change intended: all drivers already return zero unconditionally. --- share/man/man9/opencrypto.9 | 6 ++++-- sys/arch/arm/sunxi/sun8i_crypto.c | 7 ++----- sys/arch/i386/pci/glxsb.c | 5 ++--- sys/arch/x86/x86/via_padlock.c | 5 ++--- sys/dev/marvell/mvcesa.c | 5 ++--- sys/dev/marvell/mvxpsec.c | 4 +--- sys/dev/marvell/mvxpsecvar.h | 2 +- sys/dev/pci/hifn7751.c | 5 ++--- sys/dev/pci/qat/qat.c | 17 ++++++----------- sys/dev/pci/ubsec.c | 5 ++--- sys/opencrypto/crypto.c | 6 ++---- sys/opencrypto/cryptodev.h | 4 ++-- sys/opencrypto/cryptosoft.c | 8 +++----- 13 files changed, 31 insertions(+), 48 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index bf0337e86454..b364ed57b601 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -579,7 +579,7 @@ and migrate existing sessions to other drivers. The calling convention for the three driver-supplied routines is: .Bd -literal int (*newsession) (void *, u_int32_t *, struct cryptoini *); -int (*freesession) (void *, u_int64_t); +void (*freesession) (void *, u_int64_t); int (*process) (void *, struct cryptop *, int); .Ed .Pp @@ -595,7 +595,9 @@ The second argument is identical to that of The .Fn freesession routine takes as argument the SID (which is the concatenation of the -driver identifier and the driver-specific session identifier). +driver identifier and the driver-specific session identifier returned +by +.Fn newsession ). It should clear any context associated with the session (clear hardware registers, memory, etc.). .Pp diff --git a/sys/arch/arm/sunxi/sun8i_crypto.c b/sys/arch/arm/sunxi/sun8i_crypto.c index 375941e68add..a38388fb3f44 100644 --- a/sys/arch/arm/sunxi/sun8i_crypto.c +++ b/sys/arch/arm/sunxi/sun8i_crypto.c @@ -249,7 +249,7 @@ static void sun8i_crypto_register(struct sun8i_crypto_softc *); static void sun8i_crypto_register1(struct sun8i_crypto_softc *, uint32_t); static int sun8i_crypto_newsession(void *, uint32_t *, struct cryptoini *); -static int sun8i_crypto_freesession(void *, uint64_t); +static void sun8i_crypto_freesession(void *, uint64_t); static u_int sun8i_crypto_ivlen(const struct cryptodesc *); static int sun8i_crypto_process(void *, struct cryptop *, int); static void sun8i_crypto_callback(struct sun8i_crypto_softc *, @@ -2050,14 +2050,11 @@ sun8i_crypto_newsession(void *cookie, uint32_t *sidp, struct cryptoini *cri) * Note: dsid is actually a 64-bit quantity containing both the * driver id in the high half and the session id in the low half. */ -static int +static void sun8i_crypto_freesession(void *cookie, uint64_t dsid) { KASSERT((dsid & 0xffffffff) == 1); - - /* Success! */ - return 0; } /* diff --git a/sys/arch/i386/pci/glxsb.c b/sys/arch/i386/pci/glxsb.c index 8479d4c43a5b..d18b3c645001 100644 --- a/sys/arch/i386/pci/glxsb.c +++ b/sys/arch/i386/pci/glxsb.c @@ -180,7 +180,7 @@ CFATTACH_DECL_NEW(glxsb, sizeof(struct glxsb_softc), int glxsb_crypto_setup(struct glxsb_softc *); int glxsb_crypto_newsession(void *, uint32_t *, struct cryptoini *); int glxsb_crypto_process(void *, struct cryptop *, int); -int glxsb_crypto_freesession(void *, uint64_t); +void glxsb_crypto_freesession(void *, uint64_t); static __inline void glxsb_aes(struct glxsb_softc *, uint32_t, uint32_t, uint32_t, void *, int, void *); @@ -352,7 +352,7 @@ glxsb_crypto_newsession(void *aux, uint32_t *sidp, struct cryptoini *cri) return (0); } -int +void glxsb_crypto_freesession(void *aux, uint64_t tid) { struct glxsb_softc *sc = aux; @@ -364,7 +364,6 @@ glxsb_crypto_freesession(void *aux, uint64_t tid) sesn, sc->sc_nsessions); memset(&sc->sc_sessions[sesn], 0, sizeof(sc->sc_sessions[sesn])); - return (0); } /* diff --git a/sys/arch/x86/x86/via_padlock.c b/sys/arch/x86/x86/via_padlock.c index 553c7cbeb467..01c3571ad557 100644 --- a/sys/arch/x86/x86/via_padlock.c +++ b/sys/arch/x86/x86/via_padlock.c @@ -67,7 +67,7 @@ int via_padlock_crypto_swauth(struct cryptop *, struct cryptodesc *, struct swcr_data *, void *); int via_padlock_crypto_encdec(struct cryptop *, struct cryptodesc *, struct via_padlock_session *, struct via_padlock_softc *, void *); -int via_padlock_crypto_freesession(void *, uint64_t); +void via_padlock_crypto_freesession(void *, uint64_t); static __inline void via_padlock_cbc(void *, void *, void *, void *, int, void *); @@ -298,7 +298,7 @@ via_padlock_crypto_newsession(void *arg, uint32_t *sidp, struct cryptoini *cri) return (0); } -int +void via_padlock_crypto_freesession(void *arg, uint64_t tid) { struct via_padlock_softc *sc = arg; @@ -328,7 +328,6 @@ via_padlock_crypto_freesession(void *arg, uint64_t tid) } memset(&sc->sc_sessions[sesn], 0, sizeof(sc->sc_sessions[sesn])); - return (0); } static __inline void diff --git a/sys/dev/marvell/mvcesa.c b/sys/dev/marvell/mvcesa.c index af86258d10f4..08f8692daa56 100644 --- a/sys/dev/marvell/mvcesa.c +++ b/sys/dev/marvell/mvcesa.c @@ -80,7 +80,7 @@ static void mvcesa_attach(device_t, device_t, void *); static int mvcesa_intr(void *); static int mvcesa_newsession(void *, u_int32_t *, struct cryptoini *); -static int mvcesa_freesession(void *, u_int64_t); +static void mvcesa_freesession(void *, u_int64_t); static int mvcesa_process(void *, struct cryptop *, int); static int mvcesa_authentication(struct mvcesa_softc *, struct mvcesa_session *, @@ -325,7 +325,7 @@ mvcesa_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) /* * Deallocate a session. */ -static int +static void mvcesa_freesession(void *arg, u_int64_t tid) { struct mvcesa_softc *sc = (struct mvcesa_softc *)arg; @@ -338,7 +338,6 @@ mvcesa_freesession(void *arg, u_int64_t tid) session, sc->sc_nsessions); memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session])); - return (0); } static int diff --git a/sys/dev/marvell/mvxpsec.c b/sys/dev/marvell/mvxpsec.c index 1646f791db0d..306173a5932b 100644 --- a/sys/dev/marvell/mvxpsec.c +++ b/sys/dev/marvell/mvxpsec.c @@ -2020,7 +2020,7 @@ fail: /* * remove opencrypto session */ -int +void mvxpsec_freesession(void *arg, uint64_t tid) { struct mvxpsec_softc *sc = arg; @@ -2056,8 +2056,6 @@ mvxpsec_freesession(void *arg, uint64_t tid) crypto_unblock(sc->sc_cid, CRYPTO_SYMQ|CRYPTO_ASYMQ); MVXPSEC_EVCNT_INCR(sc, session_free); - - return 0; } /* diff --git a/sys/dev/marvell/mvxpsecvar.h b/sys/dev/marvell/mvxpsecvar.h index a4a29526d4b7..fda217a6efc6 100644 --- a/sys/dev/marvell/mvxpsecvar.h +++ b/sys/dev/marvell/mvxpsecvar.h @@ -475,7 +475,7 @@ struct mvxpsec_softc { */ extern int mvxpsec_register(struct mvxpsec_softc *); extern int mvxpsec_newsession(void *, uint32_t *, struct cryptoini *); -extern int mvxpsec_freesession(void *, uint64_t); +extern void mvxpsec_freesession(void *, uint64_t); extern int mvxpsec_dispatch(void *, struct cryptop *, int); extern void mvxpsec_done(void *); diff --git a/sys/dev/pci/hifn7751.c b/sys/dev/pci/hifn7751.c index aaa7cc0c730b..41e7d315ea42 100644 --- a/sys/dev/pci/hifn7751.c +++ b/sys/dev/pci/hifn7751.c @@ -105,7 +105,7 @@ static int hifn_intr(void *); static u_int hifn_write_command(struct hifn_command *, uint8_t *); static uint32_t hifn_next_signature(uint32_t a, u_int cnt); static int hifn_newsession(void*, uint32_t *, struct cryptoini *); -static int hifn_freesession(void*, uint64_t); +static void hifn_freesession(void*, uint64_t); static int hifn_process(void*, struct cryptop *, int); static void hifn_callback(struct hifn_softc *, struct hifn_command *, uint8_t *); @@ -2144,7 +2144,7 @@ out: * XXX this routine should run a zero'd mac/encrypt key into context ram. * XXX to blow away any keys already stored there. */ -static int +static void hifn_freesession(void *arg, uint64_t tid) { struct hifn_softc *sc = arg; @@ -2159,7 +2159,6 @@ hifn_freesession(void *arg, uint64_t tid) KASSERT(isset(sc->sc_sessions, session)); clrbit(sc->sc_sessions, session); mutex_spin_exit(&sc->sc_mtx); - return (0); } static int diff --git a/sys/dev/pci/qat/qat.c b/sys/dev/pci/qat/qat.c index a33b6255c561..22c3b05ada8a 100644 --- a/sys/dev/pci/qat/qat.c +++ b/sys/dev/pci/qat/qat.c @@ -346,11 +346,11 @@ int qat_crypto_process(void *, struct cryptop *, int); int qat_crypto_setup_ring(struct qat_softc *, struct qat_crypto_bank *); int qat_crypto_new_session(void *, uint32_t *, struct cryptoini *); -int qat_crypto_free_session0(struct qat_crypto *, +void qat_crypto_free_session0(struct qat_crypto *, struct qat_session *); void qat_crypto_check_free_session(struct qat_crypto *, struct qat_session *); -int qat_crypto_free_session(void *, uint64_t); +void qat_crypto_free_session(void *, uint64_t); int qat_crypto_bank_init(struct qat_softc *, struct qat_crypto_bank *); int qat_crypto_init(struct qat_softc *); @@ -1978,7 +1978,7 @@ qat_crypto_clean_desc(struct qat_crypto_desc *desc) sizeof(desc->qcd_req_cache)); } -int +void qat_crypto_free_session0(struct qat_crypto *qcy, struct qat_session *qs) { @@ -1994,8 +1994,6 @@ qat_crypto_free_session0(struct qat_crypto *qcy, struct qat_session *qs) QAT_EVCNT_INCR(&qcy->qcy_ev_free_sess); mutex_spin_exit(&qcy->qcy_crypto_mtx); - - return 0; } void @@ -2010,12 +2008,11 @@ qat_crypto_check_free_session(struct qat_crypto *qcy, struct qat_session *qs) } } -int +void qat_crypto_free_session(void *arg, uint64_t sid) { struct qat_crypto *qcy = arg; struct qat_session *qs; - int error; qs = qcy->qcy_sessions[CRYPTO_SESID2LID(sid)]; @@ -2024,12 +2021,10 @@ qat_crypto_free_session(void *arg, uint64_t sid) if (qs->qs_inflight > 0) { qs->qs_status |= QAT_SESSION_STATUS_FREEING; mutex_spin_exit(&qs->qs_session_mtx); - return 0; + return; } - error = qat_crypto_free_session0(qcy, qs); - - return error; + qat_crypto_free_session0(qcy, qs); } int diff --git a/sys/dev/pci/ubsec.c b/sys/dev/pci/ubsec.c index 7b5b54de8ae9..002d39341d96 100644 --- a/sys/dev/pci/ubsec.c +++ b/sys/dev/pci/ubsec.c @@ -99,7 +99,7 @@ int ubsec_debug=1; static int ubsec_intr(void *); static int ubsec_newsession(void*, u_int32_t *, struct cryptoini *); -static int ubsec_freesession(void*, u_int64_t); +static void ubsec_freesession(void*, u_int64_t); static int ubsec_process(void*, struct cryptop *, int hint); static void ubsec_callback(struct ubsec_softc *, struct ubsec_q *); static void ubsec_feed(struct ubsec_softc *); @@ -1099,7 +1099,7 @@ ubsec_newsession(void *arg, u_int32_t *sidp, struct cryptoini *cri) /* * Deallocate a session. */ -static int +static void ubsec_freesession(void *arg, u_int64_t tid) { struct ubsec_softc *sc = arg; @@ -1112,7 +1112,6 @@ ubsec_freesession(void *arg, u_int64_t tid) session, sc->sc_nsessions); memset(&sc->sc_sessions[session], 0, sizeof(sc->sc_sessions[session])); - return (0); } #ifdef __FreeBSD__ /* Ugly gratuitous changes to bus_dma */ diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 661a0add4d1f..bd3e353d480c 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -856,9 +856,7 @@ crypto_freesession(u_int64_t sid) /* Call the driver cleanup routine, if available. */ if (cap->cc_freesession) - err = cap->cc_freesession(cap->cc_arg, sid); - else - err = 0; + cap->cc_freesession(cap->cc_arg, sid); /* * If this was the last session of a driver marked as invalid, @@ -1084,7 +1082,7 @@ int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, u_int32_t flags, int (*newses)(void *, u_int32_t*, struct cryptoini*), - int (*freeses)(void *, u_int64_t), + void (*freeses)(void *, u_int64_t), int (*process)(void *, struct cryptop *, int), void *arg) { diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index 2e7daae1e9a6..fb8b1b98a4d6 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -575,7 +575,7 @@ struct cryptocap { void *cc_arg; /* callback argument */ int (*cc_newsession)(void*, u_int32_t*, struct cryptoini*); int (*cc_process) (void*, struct cryptop *, int); - int (*cc_freesession) (void*, u_int64_t); + void (*cc_freesession) (void *, u_int64_t); void *cc_karg; /* callback argument */ int (*cc_kprocess) (void*, struct cryptkop *, int); @@ -601,7 +601,7 @@ extern int32_t crypto_get_driverid(u_int32_t flags); extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, u_int32_t flags, int (*newses)(void*, u_int32_t*, struct cryptoini*), - int (*freeses)(void*, u_int64_t), + void (*freeses)(void *, u_int64_t), int (*process)(void*, struct cryptop *, int), void *arg); extern int crypto_kregister(u_int32_t, int, u_int32_t, diff --git a/sys/opencrypto/cryptosoft.c b/sys/opencrypto/cryptosoft.c index 387d30517cc3..058b0230c5ff 100644 --- a/sys/opencrypto/cryptosoft.c +++ b/sys/opencrypto/cryptosoft.c @@ -75,7 +75,7 @@ static int swcr_compdec(struct cryptodesc *, const struct swcr_data *, void *, i static int swcr_combined(struct cryptop *, int); static int swcr_process(void *, struct cryptop *, int); static int swcr_newsession(void *, u_int32_t *, struct cryptoini *); -static int swcr_freesession(void *, u_int64_t); +static void swcr_freesession(void *, u_int64_t); static void swcr_freesession_internal(struct swcr_data *); static int swcryptoattach_internal(void); @@ -1119,7 +1119,7 @@ swcr_freesession_internal(struct swcr_data *arg) /* * Free a session. */ -static int +static void swcr_freesession(void *arg, u_int64_t tid) { struct swcr_data *swd; @@ -1131,13 +1131,11 @@ swcr_freesession(void *arg, u_int64_t tid) /* Silently accept and return */ if (sid == 0) - return 0; + return; swd = swcr_sessions[sid]; swcr_sessions[sid] = NULL; swcr_freesession_internal(swd); - - return 0; } /* From 151d5bf8ce93f95c6ec7319519d7f5a5876e60cd Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:37:27 +0000 Subject: [PATCH 27/34] opencrypto: Make crypto_freesession return void. No callers use the return value. It is not sensible to allow this to fail. --- share/man/man9/opencrypto.9 | 5 ++--- sys/netipsec/xform_ah.c | 2 +- sys/netipsec/xform_ipcomp.c | 2 +- sys/opencrypto/crypto.c | 8 +++----- sys/opencrypto/cryptodev.c | 4 ++-- sys/opencrypto/cryptodev.h | 2 +- 6 files changed, 10 insertions(+), 13 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index b364ed57b601..3749da3c07f4 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -55,7 +55,7 @@ .Fn crypto_kdone "struct cryptkop *" .Ft int .Fn crypto_newsession "u_int64_t *" "struct cryptoini *" "int" -.Ft int +.Ft void .Fn crypto_freesession "u_int64_t" .Ft int .Fn crypto_dispatch "struct cryptop *" @@ -642,9 +642,8 @@ routine should invoke .Fn crypto_register , .Fn crypto_kregister , .Fn crypto_unregister , -.Fn crypto_newsession , and -.Fn crypto_freesession +.Fn crypto_newsession return 0 on success, or an error code on failure. .Fn crypto_get_driverid returns a non-negative value on error, and \-1 on failure. diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 4e12e544693c..a906f17da779 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -273,7 +273,7 @@ ah_zeroize(struct secasvar *sav) _KEYLEN(sav->key_auth)); } - (void)crypto_freesession(sav->tdb_cryptoid); + crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = 0; sav->tdb_authalgxform = NULL; sav->tdb_xform = NULL; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 6e76abbeb462..a79e10357995 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -128,7 +128,7 @@ static void ipcomp_zeroize(struct secasvar *sav) { - (void)crypto_freesession(sav->tdb_cryptoid); + crypto_freesession(sav->tdb_cryptoid); sav->tdb_cryptoid = 0; } diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index bd3e353d480c..79bf30e2ae65 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -840,16 +840,15 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard) * Delete an existing session (or a reserved session on an unregistered * driver). */ -int +void crypto_freesession(u_int64_t sid) { struct cryptocap *cap; - int err = 0; /* Determine two IDs. */ cap = crypto_checkdriver_lock(CRYPTO_SESID2HID(sid)); - if (cap == NULL) - return ENOENT; + if (cap == NULL) /* XXX should assert; need to audit callers */ + return; if (cap->cc_sessions) (cap->cc_sessions)--; @@ -866,7 +865,6 @@ crypto_freesession(u_int64_t sid) crypto_driver_clear(cap); crypto_driver_unlock(cap); - return err; } static bool diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 2d4a7634daad..fe9e38ffe43c 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -1020,8 +1020,8 @@ csefree(struct csession *cse) { int error; - error = crypto_freesession(cse->sid); - KASSERTMSG(error == 0, "error=%d", error); + crypto_freesession(cse->sid); + error = 0; if (cse->key) free(cse->key, M_XDATA); if (cse->mackey) diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index fb8b1b98a4d6..bcf3b7491a5e 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -596,7 +596,7 @@ struct cryptocap { MALLOC_DECLARE(M_CRYPTO_DATA); extern int crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard); -extern int crypto_freesession(u_int64_t sid); +extern void crypto_freesession(u_int64_t sid); extern int32_t crypto_get_driverid(u_int32_t flags); extern int crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, u_int32_t flags, From 4cbe089356a8bdae6750594a618455de7aa0f6f9 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 15:38:19 +0000 Subject: [PATCH 28/34] crypto(4): Nix dead code now that crypto_freesession never fails. --- sys/opencrypto/cryptodev.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index fe9e38ffe43c..df806d55e000 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -182,11 +182,11 @@ static struct csession *csecreate(struct fcrypt *, u_int64_t, void *, u_int64_t, void *, u_int64_t, u_int32_t, u_int32_t, u_int32_t, const struct enc_xform *, const struct auth_hash *, const struct comp_algo *); -static int csefree(struct csession *); +static void csefree(struct csession *); static int cryptodev_key(struct crypt_kop *); static int cryptodev_mkey(struct fcrypt *, struct crypt_n_kop *, int); -static int cryptodev_msessionfin(struct fcrypt *, int, u_int32_t *); +static void cryptodev_msessionfin(struct fcrypt *, int, u_int32_t *); static void cryptodev_cb(struct cryptop *); static void cryptodevkey_cb(struct cryptkop *); @@ -317,7 +317,7 @@ mbail: } csedelete(fcr, cse); mutex_exit(&cryptodev_mtx); - error = csefree(cse); + csefree(cse); break; case CIOCNFSESSION: mutex_enter(&cryptodev_mtx); @@ -334,7 +334,7 @@ mbail: error = copyin(sfop->sesid, sesid, (sfop->count * sizeof(u_int32_t))); if (!error) { - error = cryptodev_msessionfin(fcr, sfop->count, sesid); + cryptodev_msessionfin(fcr, sfop->count, sesid); } kmem_free(sesid, (sfop->count * sizeof(u_int32_t))); break; @@ -923,7 +923,7 @@ cryptof_close(struct file *fp) while ((cse = TAILQ_FIRST(&fcr->csessions))) { TAILQ_REMOVE(&fcr->csessions, cse, next); mutex_exit(&cryptodev_mtx); - (void)csefree(cse); + csefree(cse); mutex_enter(&cryptodev_mtx); } seldestroy(&fcr->sinfo); @@ -951,7 +951,7 @@ csefind(struct fcrypt *fcr, u_int ses) TAILQ_FOREACH_SAFE(cse, &fcr->csessions, next, cnext) if (cse->ses == ses) ret = cse; - + return ret; } @@ -1015,19 +1015,16 @@ csecreate(struct fcrypt *fcr, u_int64_t sid, void *key, u_int64_t keylen, } } -static int +static void csefree(struct csession *cse) { - int error; crypto_freesession(cse->sid); - error = 0; if (cse->key) free(cse->key, M_XDATA); if (cse->mackey) free(cse->mackey, M_XDATA); pool_put(&csepl, cse); - return error; } static int @@ -1758,11 +1755,11 @@ cryptodev_msession(struct fcrypt *fcr, struct session_n_op *sn_ops, return 0; } -static int +static void cryptodev_msessionfin(struct fcrypt *fcr, int count, u_int32_t *sesid) { struct csession *cse; - int req, error = 0; + int req; mutex_enter(&cryptodev_mtx); for(req = 0; req < count; req++) { @@ -1771,11 +1768,10 @@ cryptodev_msessionfin(struct fcrypt *fcr, int count, u_int32_t *sesid) continue; csedelete(fcr, cse); mutex_exit(&cryptodev_mtx); - error = csefree(cse); + csefree(cse); mutex_enter(&cryptodev_mtx); } mutex_exit(&cryptodev_mtx); - return error; } /* From bb47b3634827a5b17d30b1dafce2452b2bf52f88 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 19:15:39 +0000 Subject: [PATCH 29/34] opencrypto: Assert nonnull callback up front in crypto_dispatch. Same with crypto_kdispatch. Convert some dead branches downstream to assertions too. --- sys/opencrypto/crypto.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 79bf30e2ae65..9f4e7821e375 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1260,6 +1260,7 @@ crypto_dispatch(struct cryptop *crp) struct crypto_crp_q *crp_q; KASSERT(crp != NULL); + KASSERT(crp->crp_callback != NULL); KASSERT(crp->crp_desc != NULL); KASSERT(crp->crp_buf != NULL); KASSERT(!cpu_intr_p()); @@ -1372,6 +1373,7 @@ crypto_kdispatch(struct cryptkop *krp) struct crypto_crp_kq *crp_kq; KASSERT(krp != NULL); + KASSERT(krp->krp_callback != NULL); KASSERT(!cpu_intr_p()); cryptostats.cs_kops++; @@ -1439,15 +1441,9 @@ crypto_kinvoke(struct cryptkop *krp, int hint) int error; KASSERT(krp != NULL); + KASSERT(krp->krp_callback != NULL); KASSERT(!cpu_intr_p()); - /* Sanity checks. */ - if (krp->krp_callback == NULL) { - cv_destroy(&krp->krp_cv); - crypto_kfreereq(krp); - return EINVAL; - } - mutex_enter(&crypto_drv_mtx); for (hid = 0; hid < crypto_drivers_num; hid++) { cap = crypto_checkdriver(hid); @@ -1525,21 +1521,14 @@ crypto_invoke(struct cryptop *crp, int hint) struct cryptocap *cap; KASSERT(crp != NULL); + KASSERT(crp->crp_callback != NULL); + KASSERT(crp->crp_desc != NULL); KASSERT(!cpu_intr_p()); #ifdef CRYPTO_TIMING if (crypto_timing) crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp); #endif - /* Sanity checks. */ - if (crp->crp_callback == NULL) { - return EINVAL; - } - if (crp->crp_desc == NULL) { - crp->crp_etype = EINVAL; - crypto_done(crp); - return 0; - } cap = crypto_checkdriver_lock(CRYPTO_SESID2HID(crp->crp_sid)); if (cap != NULL && (cap->cc_flags & CRYPTOCAP_F_CLEANUP) == 0) { From 7115de120d90f7060386f977c1b51e212d76c372 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 19:31:19 +0000 Subject: [PATCH 30/34] opencrypto: Rip out EAGAIN logic when unregistering crypto drivers. I'm pretty sure this never worked reliably based on code inspection, and it's unlikely to have ever been tested because it only applies when unregistering a driver -- but we have no crypto drivers for removable devices, so it would only apply if we went out of our way to trigger detach with drvctl. Instead, just make the operation fail with ENODEV, and remove all the callback logic to resubmit the request on EAGAIN. (Maybe this should be ENXIO, but crypto_kdispatch already does ENODEV.) --- share/man/man9/opencrypto.9 | 10 ---------- sys/netipsec/xform_ah.c | 12 ------------ sys/netipsec/xform_esp.c | 13 ------------- sys/netipsec/xform_ipcomp.c | 12 ------------ sys/opencrypto/crypto.c | 23 ++++------------------- sys/opencrypto/cryptodev.c | 18 ++---------------- 6 files changed, 6 insertions(+), 82 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index 3749da3c07f4..277ee1b22538 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -288,16 +288,6 @@ level. .It Fa crp_etype Contains the error type, if any errors were encountered, or zero if the request was successfully processed. -If the -.Er EAGAIN -error code is returned, the SID has changed (and has been recorded in the -.Fa crp_sid -field). -The consumer should record the new SID and use it in all subsequent requests. -In this case, the request may be re-submitted immediately. -This mechanism is used by the framework to perform -session migration (move a session from one driver to another, because -of availability, performance, or other considerations). .Pp Note that this field only makes sense when examined by the callback routine specified in diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index a906f17da779..f3c04582a768 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -772,12 +772,6 @@ ah_input_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } - AH_STATINC(AH_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; @@ -1162,12 +1156,6 @@ ah_output_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } - AH_STATINC(AH_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 3e0ee5bbaa7a..4bb3f8d54061 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -538,13 +538,6 @@ esp_input_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - KEY_SA_UNREF(&sav); - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } - ESP_STATINC(ESP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; @@ -967,12 +960,6 @@ esp_output_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } - ESP_STATINC(ESP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index a79e10357995..6c0025cbafa4 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -270,13 +270,6 @@ ipcomp_input_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - KEY_SA_UNREF(&sav); - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } - IPCOMP_STATINC(IPCOMP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; @@ -542,11 +535,6 @@ ipcomp_output_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) { - IPSEC_RELEASE_GLOBAL_LOCKS(); - (void)crypto_dispatch(crp); - return; - } IPCOMP_STATINC(IPCOMP_STAT_NOXFORM); DPRINTF("crypto error %d\n", crp->crp_etype); goto bad; diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 9f4e7821e375..5180a9b1c42f 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1546,26 +1546,11 @@ crypto_invoke(struct cryptop *crp, int hint) crypto_driver_unlock(cap); return (*process)(arg, crp, hint); } else { - struct cryptodesc *crd; - u_int64_t nid = 0; - - if (cap != NULL) + if (cap != NULL) { crypto_driver_unlock(cap); - - /* - * Driver has unregistered; migrate the session and return - * an error to the caller so they'll resubmit the op. - */ - crypto_freesession(crp->crp_sid); - - for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) - crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); - - if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) - crp->crp_sid = nid; - - crp->crp_etype = EAGAIN; - + crypto_freesession(crp->crp_sid); + } + crp->crp_etype = ENODEV; crypto_done(crp); return 0; } diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index df806d55e000..e811456d19ca 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -718,16 +718,9 @@ static void cryptodev_cb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; - int error; - - if ((error = crp->crp_etype) == EAGAIN) { - error = crypto_dispatch(crp); - if (error == 0) - return; - } mutex_enter(&cryptodev_mtx); - cse->error = error; + cse->error = crp->crp_etype; crp->crp_devflags |= CRYPTODEV_F_RET; cv_signal(&crp->crp_cv); mutex_exit(&cryptodev_mtx); @@ -737,16 +730,9 @@ static void cryptodev_mcb(struct cryptop *crp) { struct csession *cse = crp->crp_opaque; - int error; - - if ((error = crp->crp_etype) == EAGAIN) { - error = crypto_dispatch(crp); - if (error == 0) - return; - } mutex_enter(&cryptodev_mtx); - cse->error = error; + cse->error = crp->crp_etype; cv_signal(&crp->crp_cv); TAILQ_INSERT_TAIL(&crp->fcrp->crp_ret_mq, crp, crp_next); selnotify(&crp->fcrp->sinfo, 0, 0); From 8b5688846da36e079b1747221c69958d32071767 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 19:38:46 +0000 Subject: [PATCH 31/34] opencrypto: Assert driver process routine returns 0 or ERESTART. No other errors are allowed -- other errors must be transmitted by crypto_done. All drivers in tree (sun8i_crypto, glxsb, via_padlock, mvcesa, mvxpsec, hifn, qat, ubsec, cryptosoft) have been audited for this. --- sys/opencrypto/crypto.c | 46 ++++++++++++++++------------------------- 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 5180a9b1c42f..80e57a78f5af 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1295,7 +1295,6 @@ crypto_dispatch(struct cryptop *crp) softint_schedule(crypto_q_si); kpreempt_enable(); } - return 0; } @@ -1313,7 +1312,6 @@ crypto_dispatch(struct cryptop *crp) * to other drivers in cryptointr() later. */ TAILQ_INSERT_TAIL(crp_q, crp, crp_next); - result = 0; goto out; } @@ -1324,7 +1322,6 @@ crypto_dispatch(struct cryptop *crp) * it unblocks and the swi thread gets kicked. */ TAILQ_INSERT_TAIL(crp_q, crp, crp_next); - result = 0; goto out; } @@ -1335,6 +1332,7 @@ crypto_dispatch(struct cryptop *crp) */ crypto_driver_unlock(cap); result = crypto_invoke(crp, 0); + KASSERTMSG(result == 0 || result == ERESTART, "result=%d", result); if (result == ERESTART) { /* * The driver ran out of resources, mark the @@ -1346,18 +1344,11 @@ crypto_dispatch(struct cryptop *crp) crypto_driver_unlock(cap); TAILQ_INSERT_HEAD(crp_q, crp, crp_next); cryptostats.cs_blocks++; - - /* - * The crp is enqueued to crp_q, that is, - * no error occurs. So, this function should - * not return error. - */ - result = 0; } out: crypto_put_crp_qs(&s); - return result; + return 0; } /* @@ -1388,7 +1379,6 @@ crypto_kdispatch(struct cryptkop *krp) */ if (cap == NULL) { TAILQ_INSERT_TAIL(crp_kq, krp, krp_next); - result = 0; goto out; } @@ -1399,12 +1389,12 @@ crypto_kdispatch(struct cryptkop *krp) * it unblocks and the swi thread gets kicked. */ TAILQ_INSERT_TAIL(crp_kq, krp, krp_next); - result = 0; goto out; } crypto_driver_unlock(cap); result = crypto_kinvoke(krp, 0); + KASSERTMSG(result == 0 || result == ERESTART, "result=%d", result); if (result == ERESTART) { /* * The driver ran out of resources, mark the @@ -1416,18 +1406,11 @@ crypto_kdispatch(struct cryptkop *krp) crypto_driver_unlock(cap); TAILQ_INSERT_HEAD(crp_kq, krp, krp_next); cryptostats.cs_kblocks++; - - /* - * The krp is enqueued to crp_kq, that is, - * no error occurs. So, this function should - * not return error. - */ - result = 0; } out: crypto_put_crp_qs(&s); - return result; + return 0; } /* @@ -1477,15 +1460,14 @@ crypto_kinvoke(struct cryptkop *krp, int hint) krp->reqcpu = curcpu(); crypto_driver_unlock(cap); error = (*process)(arg, krp, hint); + KASSERTMSG(error == 0 || error == ERESTART, "error=%d", + error); + return error; } else { - error = ENODEV; - } - - if (error) { - krp->krp_status = error; + krp->krp_status = ENODEV; crypto_kdone(krp); + return 0; } - return 0; } #ifdef CRYPTO_TIMING @@ -1519,6 +1501,7 @@ static int crypto_invoke(struct cryptop *crp, int hint) { struct cryptocap *cap; + int error; KASSERT(crp != NULL); KASSERT(crp->crp_callback != NULL); @@ -1544,7 +1527,10 @@ crypto_invoke(struct cryptop *crp, int hint) */ DPRINTF("calling process for %p\n", crp); crypto_driver_unlock(cap); - return (*process)(arg, crp, hint); + error = (*process)(arg, crp, hint); + KASSERTMSG(error == 0 || error == ERESTART, "error=%d", + error); + return error; } else { if (cap != NULL) { crypto_driver_unlock(cap); @@ -1857,6 +1843,8 @@ cryptointr(void *arg __unused) if (submit != NULL) { TAILQ_REMOVE(crp_q, submit, crp_next); result = crypto_invoke(submit, hint); + KASSERTMSG(result == 0 || result == ERESTART, + "result=%d", result); /* we must take here as the TAILQ op or kinvoke may need this mutex below. sigh. */ if (result == ERESTART) { @@ -1901,6 +1889,8 @@ cryptointr(void *arg __unused) if (krp != NULL) { TAILQ_REMOVE(crp_kq, krp, krp_next); result = crypto_kinvoke(krp, 0); + KASSERTMSG(result == 0 || result == ERESTART, + "result=%d", result); /* the next iteration will want the mutex. :-/ */ if (result == ERESTART) { /* From 518c92aa5af156d559a723ef248d1f5c2619d75b Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 20:01:38 +0000 Subject: [PATCH 32/34] opencrypto: crypto_dispatch never fails now. Make it return void. Same with crypto_kdispatch. --- share/man/man9/opencrypto.9 | 14 +++++--------- sys/netipsec/xform_ah.c | 6 ++++-- sys/netipsec/xform_esp.c | 6 ++++-- sys/netipsec/xform_ipcomp.c | 6 ++++-- sys/opencrypto/crypto.c | 8 +++----- sys/opencrypto/cryptodev.c | 25 +++++++------------------ sys/opencrypto/cryptodev.h | 4 ++-- 7 files changed, 29 insertions(+), 40 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index 277ee1b22538..da8b40851926 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -57,9 +57,9 @@ .Fn crypto_newsession "u_int64_t *" "struct cryptoini *" "int" .Ft void .Fn crypto_freesession "u_int64_t" -.Ft int +.Ft void .Fn crypto_dispatch "struct cryptop *" -.Ft int +.Ft void .Fn crypto_kdispatch "struct cryptkop *" .Ft struct cryptop * .Fn crypto_getreq "int" @@ -650,14 +650,10 @@ structure and .Dv NULL on failure. .Fn crypto_dispatch -returns -.Er EINVAL -if its argument or the callback function was -.Dv NULL , -and 0 otherwise. -The callback is provided with an error code in case of failure, in the +arranges to invoke the callback with an error code +in the .Fa crp_etype -field. +field, or zero on success. .Sh FILES .Bl -tag -width sys/opencrypto/crypto.c .It Pa sys/opencrypto/crypto.c diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index f3c04582a768..f349d7dd2ec1 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -691,7 +691,8 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) crp->crp_ilen, tc->tc_skip, crda->crd_len, crda->crd_skip, crda->crd_inject); - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; bad: if (tc != NULL) { @@ -1106,7 +1107,8 @@ ah_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav, tc->tc_flags = flags; tc->tc_sav = sav; - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; bad_tc: if (__predict_true(pool_used)) diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 4bb3f8d54061..908b6973806c 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -472,7 +472,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) crde->crd_klen = _KEYBITS(sav->key_enc); /* XXX Rounds ? */ - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; out2: pool_cache_put(esp_tdb_crypto_pool_cache, tc); @@ -924,7 +925,8 @@ esp_output(struct mbuf *m, const struct ipsecrequest *isr, struct secasvar *sav, } } - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; bad: if (m) diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 6c0025cbafa4..fdca4a3fb934 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -208,7 +208,8 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) tc->tc_skip = skip; tc->tc_sav = sav; - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; error_tc: pool_cache_put(ipcomp_tdb_crypto_pool_cache, tc); @@ -493,7 +494,8 @@ ipcomp_output(struct mbuf *m, const struct ipsecrequest *isr, crp->crp_opaque = tc; crp->crp_sid = sav->tdb_cryptoid; - return crypto_dispatch(crp); + crypto_dispatch(crp); + return 0; bad: if (m) diff --git a/sys/opencrypto/crypto.c b/sys/opencrypto/crypto.c index 80e57a78f5af..a3aecb748d8a 100644 --- a/sys/opencrypto/crypto.c +++ b/sys/opencrypto/crypto.c @@ -1251,7 +1251,7 @@ crypto_unblock(u_int32_t driverid, int what) * Dispatch a crypto request to a driver or queue * it, to be processed by the kernel thread. */ -int +void crypto_dispatch(struct cryptop *crp) { int result, s; @@ -1295,7 +1295,7 @@ crypto_dispatch(struct cryptop *crp) softint_schedule(crypto_q_si); kpreempt_enable(); } - return 0; + return; } crp_qs = crypto_get_crp_qs(&s); @@ -1348,14 +1348,13 @@ crypto_dispatch(struct cryptop *crp) out: crypto_put_crp_qs(&s); - return 0; } /* * Add an asymmetric crypto request to a queue, * to be processed by the kernel thread. */ -int +void crypto_kdispatch(struct cryptkop *krp) { int result, s; @@ -1410,7 +1409,6 @@ crypto_kdispatch(struct cryptkop *krp) out: crypto_put_crp_qs(&s); - return 0; } /* diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index e811456d19ca..4b3c5c142cf8 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -648,13 +648,7 @@ cryptodev_op(struct csession *cse, struct crypt_op *cop, struct lwp *l) } cv_init(&crp->crp_cv, "crydev"); - error = crypto_dispatch(crp); - if (error) { - DPRINTF("not waiting, error.\n"); - cv_destroy(&crp->crp_cv); - goto bail; - } - + crypto_dispatch(crp); mutex_enter(&cryptodev_mtx); while (!(crp->crp_devflags & CRYPTODEV_F_RET)) { DPRINTF("cse->sid[%d]: sleeping on cv %p for crp %p\n", @@ -850,10 +844,7 @@ cryptodev_key(struct crypt_kop *kop) goto fail; } - error = crypto_kdispatch(krp); - if (error != 0) { - goto fail; - } + crypto_kdispatch(krp); mutex_enter(&cryptodev_mtx); while (!(krp->krp_devflags & CRYPTODEV_F_RET)) { @@ -1305,7 +1296,8 @@ cryptodev_mop(struct fcrypt *fcr, #ifdef notyet eagain: #endif - cnop[req].status = crypto_dispatch(crp); + crypto_dispatch(crp); + cnop[req].status = 0; mutex_enter(&cryptodev_mtx); /* XXX why mutex? */ switch (cnop[req].status) { @@ -1456,13 +1448,10 @@ cryptodev_mkey(struct fcrypt *fcr, struct crypt_n_kop *kop, int count) krp->krp_reqid = kop[req].crk_reqid; krp->krp_usropaque = kop[req].crk_opaque; - kop[req].crk_status = crypto_kdispatch(krp); - if (kop[req].crk_status != 0) { - goto fail; - } - + crypto_kdispatch(krp); + kop[req].crk_status = 0; fail: - if(kop[req].crk_status) { + if (kop[req].crk_status) { if (krp) { kop[req].crk_status = krp->krp_status; for (i = 0; i < CRK_MAXPARAM; i++) { diff --git a/sys/opencrypto/cryptodev.h b/sys/opencrypto/cryptodev.h index bcf3b7491a5e..054fd967e747 100644 --- a/sys/opencrypto/cryptodev.h +++ b/sys/opencrypto/cryptodev.h @@ -609,8 +609,8 @@ extern int crypto_kregister(u_int32_t, int, u_int32_t, void *arg); extern int crypto_unregister(u_int32_t driverid, int alg); extern int crypto_unregister_all(u_int32_t driverid); -extern int crypto_dispatch(struct cryptop *crp); -extern int crypto_kdispatch(struct cryptkop *); +extern void crypto_dispatch(struct cryptop *crp); +extern void crypto_kdispatch(struct cryptkop *); #define CRYPTO_SYMQ 0x1 #define CRYPTO_ASYMQ 0x2 extern int crypto_unblock(u_int32_t, int); From 3fcb63f651a6a6a998a2c92ed84a7a5cb02dbed8 Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 20:36:07 +0000 Subject: [PATCH 33/34] opencrypto: Prune dead code now that crypto_dispatch never fails. --- sys/opencrypto/cryptodev.c | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c index 4b3c5c142cf8..25cd6aeb56f4 100644 --- a/sys/opencrypto/cryptodev.c +++ b/sys/opencrypto/cryptodev.c @@ -1293,30 +1293,8 @@ cryptodev_mop(struct fcrypt *fcr, crp->crp_reqid = cnop[req].reqid; crp->crp_usropaque = cnop[req].opaque; cv_init(&crp->crp_cv, "crydev"); -#ifdef notyet -eagain: -#endif crypto_dispatch(crp); cnop[req].status = 0; - mutex_enter(&cryptodev_mtx); /* XXX why mutex? */ - - switch (cnop[req].status) { -#ifdef notyet /* don't loop forever -- but EAGAIN not possible here yet */ - case EAGAIN: - mutex_exit(&cryptodev_mtx); - goto eagain; - break; -#endif - case 0: - break; - default: - DPRINTF("not waiting, error.\n"); - mutex_exit(&cryptodev_mtx); - cv_destroy(&crp->crp_cv); - goto bail; - } - - mutex_exit(&cryptodev_mtx); cv_destroy(&crp->crp_cv); bail: if (cnop[req].status) { From dc63d319467b809fc24b6183fc0116168b7e2dcb Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Thu, 19 May 2022 20:56:30 +0000 Subject: [PATCH 34/34] opencrypto: Touch up man page a little. --- share/man/man9/opencrypto.9 | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/share/man/man9/opencrypto.9 b/share/man/man9/opencrypto.9 index da8b40851926..24fca142319e 100644 --- a/share/man/man9/opencrypto.9 +++ b/share/man/man9/opencrypto.9 @@ -276,15 +276,12 @@ buffer for the result (or for re-formatting the input). .It Fa crp_callback This routine is invoked upon completion of the request, whether successful or not. -It is invoked through the +It is invoked by the driver through the .Fn crypto_done routine. If the request was not successful, an error code is set in the .Fa crp_etype field. -It is the responsibility of the callback routine to set the appropriate -.Xr spl 9 -level. .It Fa crp_etype Contains the error type, if any errors were encountered, or zero if the request was successfully processed. @@ -710,13 +707,3 @@ supported. Note that 3DES is considered one algorithm (and not three instances of DES). Thus, 3DES and DES could be mixed in the same request. -.Pp -A queue for completed operations should be implemented and processed -at some software -.Xr spl 9 -level, to avoid overall system latency issues, and potential kernel -stack exhaustion while processing a callback. -.Pp -When SMP time comes, we will support use of a second processor (or -more) as a crypto device (this is actually AMP, but we need the same -basic support).