svn commit: r336439 - in head: share/man/man9 sys/crypto/aesni sys/crypto/armv8 sys/crypto/blake2 sys/crypto/ccp sys/crypto/via sys/dev/cesa sys/dev/cxgbe/crypto sys/dev/hifn sys/dev/safe sys/dev/s...
Conrad Meyer
cem at FreeBSD.org
Wed Jul 18 00:56:27 UTC 2018
Author: cem
Date: Wed Jul 18 00:56:25 2018
New Revision: 336439
URL: https://svnweb.freebsd.org/changeset/base/336439
Log:
OpenCrypto: Convert sessions to opaque handles instead of integers
Track session objects in the framework, and pass handles between the
framework (OCF), consumers, and drivers. Avoid redundancy and complexity in
individual drivers by allocating session memory in the framework and
providing it to drivers in ::newsession().
Session handles are no longer integers with information encoded in various
high bits. Use of the CRYPTO_SESID2FOO() macros should be replaced with the
appropriate crypto_ses2foo() function on the opaque session handle.
Convert OCF drivers (in particular, cryptosoft, as well as myriad others) to
the opaque handle interface. Discard existing session tracking as much as
possible (quick pass). There may be additional code ripe for deletion.
Convert OCF consumers (ipsec, geom_eli, krb5, cryptodev) to handle-style
interface. The conversion is largely mechnical.
The change is documented in crypto.9.
Inspired by
https://lists.freebsd.org/pipermail/freebsd-arch/2018-January/018835.html .
No objection from: ae (ipsec portion)
Reported by: jhb
Modified:
head/share/man/man9/crypto.9
head/sys/crypto/aesni/aesni.c
head/sys/crypto/aesni/aesni.h
head/sys/crypto/armv8/armv8_crypto.c
head/sys/crypto/armv8/armv8_crypto.h
head/sys/crypto/blake2/blake2_cryptodev.c
head/sys/crypto/ccp/ccp.c
head/sys/crypto/ccp/ccp.h
head/sys/crypto/via/padlock.c
head/sys/crypto/via/padlock.h
head/sys/dev/cesa/cesa.c
head/sys/dev/cesa/cesa.h
head/sys/dev/cxgbe/crypto/t4_crypto.c
head/sys/dev/hifn/hifn7751.c
head/sys/dev/hifn/hifn7751var.h
head/sys/dev/safe/safe.c
head/sys/dev/safe/safevar.h
head/sys/dev/sec/sec.c
head/sys/dev/sec/sec.h
head/sys/dev/ubsec/ubsec.c
head/sys/dev/ubsec/ubsecvar.h
head/sys/geom/eli/g_eli.c
head/sys/geom/eli/g_eli_crypto.c
head/sys/geom/eli/g_eli_integrity.c
head/sys/geom/eli/g_eli_privacy.c
head/sys/kgssapi/krb5/kcrypto_aes.c
head/sys/kgssapi/krb5/kcrypto_des.c
head/sys/kgssapi/krb5/kcrypto_des3.c
head/sys/mips/cavium/cryptocteon/cryptocteon.c
head/sys/mips/nlm/dev/sec/nlmrsa.c
head/sys/mips/nlm/dev/sec/nlmrsalib.h
head/sys/mips/nlm/dev/sec/nlmsec.c
head/sys/mips/nlm/dev/sec/nlmseclib.h
head/sys/netipsec/ipsec.c
head/sys/netipsec/xform_ah.c
head/sys/netipsec/xform_esp.c
head/sys/netipsec/xform_ipcomp.c
head/sys/opencrypto/_cryptodev.h
head/sys/opencrypto/crypto.c
head/sys/opencrypto/cryptodev.c
head/sys/opencrypto/cryptodev.h
head/sys/opencrypto/cryptodev_if.m
head/sys/opencrypto/cryptosoft.c
Modified: head/share/man/man9/crypto.9
==============================================================================
--- head/share/man/man9/crypto.9 Tue Jul 17 23:56:13 2018 (r336438)
+++ head/share/man/man9/crypto.9 Wed Jul 18 00:56:25 2018 (r336439)
@@ -17,7 +17,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd November 6, 2017
+.Dd July 17, 2018
.Dt CRYPTO 9
.Os
.Sh NAME
@@ -26,7 +26,7 @@
.Sh SYNOPSIS
.In opencrypto/cryptodev.h
.Ft int32_t
-.Fn crypto_get_driverid device_t int
+.Fn crypto_get_driverid device_t size_t int
.Ft int
.Fn crypto_register uint32_t int uint16_t uint32_t "int \*[lp]*\*[rp]\*[lp]void *, uint32_t *, struct cryptoini *\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, uint64_t\*[rp]" "int \*[lp]*\*[rp]\*[lp]void *, struct cryptop *\*[rp]" "void *"
.Ft int
@@ -42,9 +42,9 @@
.Ft int
.Fn crypto_find_driver "const char *"
.Ft int
-.Fn crypto_newsession "uint64_t *" "struct cryptoini *" int
+.Fn crypto_newsession "crypto_session_t *" "struct cryptoini *" int
.Ft int
-.Fn crypto_freesession uint64_t
+.Fn crypto_freesession crypto_session_t
.Ft int
.Fn crypto_dispatch "struct cryptop *"
.Ft int
@@ -85,7 +85,7 @@ struct cryptodesc {
struct cryptop {
TAILQ_ENTRY(cryptop) crp_next;
- uint64_t crp_sid;
+ crypto_session_t crp_session;
int crp_ilen;
int crp_olen;
int crp_etype;
@@ -151,12 +151,12 @@ successfully completed or not.
An error indication is provided in the latter case.
A specific error code,
.Er EAGAIN ,
-is used to indicate that a session number has changed and that the
-request may be re-submitted immediately with the new session number.
+is used to indicate that a session handle has changed and that the
+request may be re-submitted immediately with the new session.
Errors are only returned to the invoking function if not
enough information to call the callback is available (meaning, there
was a fatal error in verifying the arguments).
-For session initialization and teardown there is no callback mechanism used.
+For session initialization and teardown no callback mechanism is used.
.Pp
The
.Fn crypto_find_driver
@@ -179,8 +179,8 @@ or
to select software devices.
If both are specified, a hardware device will be returned
before a software device will be.
-On success, the value pointed to by the first argument will be the
-Session IDentifier (SID).
+On success, the value pointed to by the first argument will be the opaque
+session handle.
The various fields in the
.Vt cryptoini
structure are:
@@ -247,14 +247,11 @@ The
.Vt cryptoini
structure and its contents will not be modified by the framework (or
the drivers used).
-Subsequent requests for processing that use the
-SID returned will avoid the cost of re-initializing the hardware (in
-essence, SID acts as an index in the session cache of the driver).
.Pp
.Fn crypto_freesession
-is called with the SID returned by
+is called with the session handle returned by
.Fn crypto_newsession
-to disestablish the session.
+to free the session.
.Pp
.Fn crypto_dispatch
is called to process a request.
@@ -262,8 +259,8 @@ The various fields in the
.Vt cryptop
structure are:
.Bl -tag -width ".Va crp_callback"
-.It Va crp_sid
-Contains the SID.
+.It Va crp_session
+Contains the session handle.
.It Va crp_ilen
Indicates the total length in bytes of the buffer to be processed.
.It Va crp_olen
@@ -288,10 +285,12 @@ Contains the error type, if any errors were encountere
the request was successfully processed.
If the
.Er EAGAIN
-error code is returned, the SID has changed (and has been recorded in the
-.Va crp_sid
+error code is returned, the session handle has changed (and has been recorded
+in the
+.Va crp_session
field).
-The consumer should record the new SID and use it in all subsequent requests.
+The consumer should record the new session handle and use it in all subsequent
+requests.
In this case, the request may be re-submitted immediately.
This mechanism is used by the framework to perform
session migration (move a session from one driver to another, because
@@ -516,6 +515,7 @@ Callback called on completion of a keying operation.
.Sh DRIVER-SIDE API
The
.Fn crypto_get_driverid ,
+.Fn crypto_get_driver_session ,
.Fn crypto_register ,
.Fn crypto_kregister ,
.Fn crypto_unregister ,
@@ -540,6 +540,11 @@ The
.Dv CRYPTOCAP_F_SYNC
may also be specified, and should be specified if the driver does all of
it's operations synchronously.
+Drivers must pass the size of their session struct as the second argument.
+An appropriately sized memory will be allocated by the framework, zeroed, and
+passed to the driver's
+.Fn newsession
+method.
.Pp
For each algorithm the driver supports, it must then call
.Fn crypto_register .
@@ -574,15 +579,15 @@ After a call to
there will be no threads in either the newsession or freesession function
of the driver.
.Pp
-The calling convention for the three driver-supplied routines are:
+The calling convention for the driver-supplied routines are:
.Pp
.Bl -item -compact
.It
.Ft int
-.Fn \*[lp]*newsession\*[rp] "device_t" "uint32_t *" "struct cryptoini *" ;
+.Fn \*[lp]*newsession\*[rp] "device_t" "crypto_session_t" "struct cryptoini *" ;
.It
-.Ft int
-.Fn \*[lp]*freesession\*[rp] "device_t" "uint64_t" ;
+.Ft void
+.Fn \*[lp]*freesession\*[rp] "device_t" "crypto_session_t" ;
.It
.Ft int
.Fn \*[lp]*process\*[rp] "device_t" "struct cryptop *" "int" ;
@@ -598,20 +603,28 @@ that was provided to
.Fn crypto_get_driverid .
The second argument to
.Fn newsession
-contains the driver identifier obtained via
-.Fn crypto_get_driverid .
-On successful return, it should contain a driver-specific session
-identifier.
+is the opaque session handle for the new session.
The third argument is identical to that of
.Fn crypto_newsession .
.Pp
+Drivers obtain a pointer to their session memory by invoking
+.Fn crypto_get_driver_session
+on the opaque
+.Vt crypto_session_t
+handle.
+.Pp
The
.Fn freesession
-routine takes as arguments the opaque data value and the SID
-(which is the concatenation of the
-driver identifier and the driver-specific session identifier).
+routine takes as arguments the opaque data value and the session handle.
It should clear any context associated with the session (clear hardware
registers, memory, etc.).
+If no resources need to be released other than the contents of session memory,
+the method is optional.
+The
+.Nm
+framework will zero and release the allocated session memory (after running the
+.Fn freesession
+method, if one exists).
.Pp
The
.Fn process
@@ -717,6 +730,3 @@ Some type of benchmarking is in order here.
.Pp
Multiple instances of the same algorithm in the same session are not
supported.
-Note that 3DES is considered one algorithm (and not three
-instances of DES).
-Thus, 3DES and DES could be mixed in the same request.
Modified: head/sys/crypto/aesni/aesni.c
==============================================================================
--- head/sys/crypto/aesni/aesni.c Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/aesni/aesni.c Wed Jul 18 00:56:25 2018 (r336439)
@@ -42,7 +42,6 @@ __FBSDID("$FreeBSD$");
#include <sys/lock.h>
#include <sys/module.h>
#include <sys/malloc.h>
-#include <sys/rwlock.h>
#include <sys/bus.h>
#include <sys/uio.h>
#include <sys/mbuf.h>
@@ -69,13 +68,9 @@ static struct mtx_padalign *ctx_mtx;
static struct fpu_kern_ctx **ctx_fpu;
struct aesni_softc {
- int dieing;
int32_t cid;
- uint32_t sid;
bool has_aes;
bool has_sha;
- TAILQ_HEAD(aesni_sessions_head, aesni_session) sessions;
- struct rwlock lock;
};
#define ACQUIRE_CTX(i, ctx) \
@@ -91,10 +86,8 @@ struct aesni_softc {
(ctx) = NULL; \
} while (0)
-static int aesni_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
-static int aesni_freesession(device_t, uint64_t tid);
-static void aesni_freesession_locked(struct aesni_softc *sc,
- struct aesni_session *ses);
+static int aesni_newsession(device_t, crypto_session_t cses,
+ struct cryptoini *cri);
static int aesni_cipher_setup(struct aesni_session *ses,
struct cryptoini *encini, struct cryptoini *authini);
static int aesni_cipher_process(struct aesni_session *ses,
@@ -172,12 +165,9 @@ aesni_attach(device_t dev)
int i;
sc = device_get_softc(dev);
- sc->dieing = 0;
- TAILQ_INIT(&sc->sessions);
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct aesni_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -193,8 +183,6 @@ aesni_attach(device_t dev)
mtx_init(&ctx_mtx[i], "anifpumtx", NULL, MTX_DEF|MTX_NEW);
}
- rw_init(&sc->lock, "aesni_lock");
-
detect_cpu_features(&sc->has_aes, &sc->has_sha);
if (sc->has_aes) {
crypto_register(sc->cid, CRYPTO_AES_CBC, 0, 0);
@@ -217,36 +205,18 @@ static int
aesni_detach(device_t dev)
{
struct aesni_softc *sc;
- struct aesni_session *ses;
sc = device_get_softc(dev);
- rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
- sc->dieing = 1;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_AESNI);
- }
- rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
- rw_destroy(&sc->lock);
-
aesni_cleanctx();
return (0);
}
static int
-aesni_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+aesni_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct aesni_softc *sc;
struct aesni_session *ses;
@@ -254,16 +224,16 @@ aesni_newsession(device_t dev, uint32_t *sidp, struct
bool gcm_hash, gcm;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ KASSERT(cses != NULL, ("EDOOFUS"));
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
sc = device_get_softc(dev);
- if (sc->dieing)
- return (EINVAL);
- ses = NULL;
+ ses = crypto_get_driver_session(cses);
+
authini = NULL;
encini = NULL;
gcm = false;
@@ -321,30 +291,6 @@ unhandled:
if (gcm_hash != gcm)
return (EINVAL);
- rw_wlock(&sc->lock);
- if (sc->dieing) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- /*
- * Free sessions are inserted at the head of the list. So if the first
- * session is used, none are free and we must allocate a new one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_AESNI, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = 1;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
- rw_wunlock(&sc->lock);
-
if (encini != NULL)
ses->algo = encini->cri_alg;
if (authini != NULL)
@@ -353,54 +299,13 @@ unhandled:
error = aesni_cipher_setup(ses, encini, authini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- aesni_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
return (0);
}
-static void
-aesni_freesession_locked(struct aesni_softc *sc, struct aesni_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- explicit_bzero(ses, sizeof(*ses));
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
static int
-aesni_freesession(device_t dev, uint64_t tid)
-{
- struct aesni_softc *sc;
- struct aesni_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, aesni_sessions_head, next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- aesni_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
- return (0);
-}
-
-static int
aesni_process(device_t dev, struct cryptop *crp, int hint __unused)
{
struct aesni_softc *sc;
@@ -419,7 +324,8 @@ aesni_process(device_t dev, struct cryptop *crp, int h
if (crp == NULL)
return (EINVAL);
- if (crp->crp_callback == NULL || crp->crp_desc == NULL) {
+ if (crp->crp_callback == NULL || crp->crp_desc == NULL ||
+ crp->crp_session == NULL) {
error = EINVAL;
goto out;
}
@@ -472,16 +378,8 @@ aesni_process(device_t dev, struct cryptop *crp, int h
goto out;
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, aesni_sessions_head, next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
+ ses = crypto_get_driver_session(crp->crp_session);
+ KASSERT(ses != NULL, ("EDOOFUS"));
error = aesni_cipher_process(ses, enccrd, authcrd, crp);
if (error != 0)
@@ -537,7 +435,6 @@ static device_method_t aesni_methods[] = {
DEVMETHOD(device_detach, aesni_detach),
DEVMETHOD(cryptodev_newsession, aesni_newsession),
- DEVMETHOD(cryptodev_freesession, aesni_freesession),
DEVMETHOD(cryptodev_process, aesni_process),
DEVMETHOD_END
Modified: head/sys/crypto/aesni/aesni.h
==============================================================================
--- head/sys/crypto/aesni/aesni.h Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/aesni/aesni.h Wed Jul 18 00:56:25 2018 (r336439)
@@ -66,8 +66,6 @@ struct aesni_session {
int used;
int auth_algo;
int mlen;
- uint32_t id;
- TAILQ_ENTRY(aesni_session) next;
};
/*
Modified: head/sys/crypto/armv8/armv8_crypto.c
==============================================================================
--- head/sys/crypto/armv8/armv8_crypto.c Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/armv8/armv8_crypto.c Wed Jul 18 00:56:25 2018 (r336439)
@@ -63,8 +63,6 @@ __FBSDID("$FreeBSD$");
struct armv8_crypto_softc {
int dieing;
int32_t cid;
- uint32_t sid;
- TAILQ_HEAD(armv8_crypto_sessions_head, armv8_crypto_session) sessions;
struct rwlock lock;
};
@@ -84,8 +82,6 @@ static struct fpu_kern_ctx **ctx_vfp;
(ctx) = NULL; \
} while (0)
-static void armv8_crypto_freesession_locked(struct armv8_crypto_softc *,
- struct armv8_crypto_session *);
static int armv8_crypto_cipher_process(struct armv8_crypto_session *,
struct cryptodesc *, struct cryptop *);
@@ -130,12 +126,10 @@ armv8_crypto_attach(device_t dev)
int i;
sc = device_get_softc(dev);
- TAILQ_INIT(&sc->sessions);
sc->dieing = 0;
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct armv8_crypto_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -162,25 +156,12 @@ static int
armv8_crypto_detach(device_t dev)
{
struct armv8_crypto_softc *sc;
- struct armv8_crypto_session *ses;
int i;
sc = device_get_softc(dev);
rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
sc->dieing = 1;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_ARMV8_CRYPTO);
- }
rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
@@ -241,15 +222,16 @@ armv8_crypto_cipher_setup(struct armv8_crypto_session
}
static int
-armv8_crypto_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+armv8_crypto_newsession(device_t dev, crypto_session_t cses,
+ struct cryptoini *cri)
{
struct armv8_crypto_softc *sc;
struct armv8_crypto_session *ses;
struct cryptoini *encini;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
@@ -284,83 +266,21 @@ armv8_crypto_newsession(device_t dev, uint32_t *sidp,
return (EINVAL);
}
- /*
- * Free sessions goes first, so if first session is used, we need to
- * allocate one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_ARMV8_CRYPTO, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = 1;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
- rw_wunlock(&sc->lock);
+ ses = crypto_get_driver_session(cses);
ses->algo = encini->cri_alg;
error = armv8_crypto_cipher_setup(ses, encini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- armv8_crypto_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
return (0);
}
-static void
-armv8_crypto_freesession_locked(struct armv8_crypto_softc *sc,
- struct armv8_crypto_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- *ses = (struct armv8_crypto_session){};
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
static int
-armv8_crypto_freesession(device_t dev, uint64_t tid)
-{
- struct armv8_crypto_softc *sc;
- struct armv8_crypto_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, armv8_crypto_sessions_head,
- next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- armv8_crypto_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
-
- return (0);
-}
-
-static int
armv8_crypto_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct armv8_crypto_softc *sc = device_get_softc(dev);
struct cryptodesc *crd, *enccrd;
struct armv8_crypto_session *ses;
int error;
@@ -403,18 +323,7 @@ armv8_crypto_process(device_t dev, struct cryptop *crp
goto out;
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, armv8_crypto_sessions_head,
- next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
-
+ ses = crypto_get_driver_session(crp->crp_session);
error = armv8_crypto_cipher_process(ses, enccrd, crp);
out:
@@ -546,7 +455,6 @@ static device_method_t armv8_crypto_methods[] = {
DEVMETHOD(device_detach, armv8_crypto_detach),
DEVMETHOD(cryptodev_newsession, armv8_crypto_newsession),
- DEVMETHOD(cryptodev_freesession, armv8_crypto_freesession),
DEVMETHOD(cryptodev_process, armv8_crypto_process),
DEVMETHOD_END,
Modified: head/sys/crypto/armv8/armv8_crypto.h
==============================================================================
--- head/sys/crypto/armv8/armv8_crypto.h Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/armv8/armv8_crypto.h Wed Jul 18 00:56:25 2018 (r336439)
@@ -42,9 +42,6 @@ struct armv8_crypto_session {
uint32_t dec_schedule[AES_SCHED_LEN/4];
int algo;
int rounds;
- int used;
- uint32_t id;
- TAILQ_ENTRY(armv8_crypto_session) next;
};
void armv8_aes_encrypt_cbc(int, const void *, size_t, const uint8_t *,
Modified: head/sys/crypto/blake2/blake2_cryptodev.c
==============================================================================
--- head/sys/crypto/blake2/blake2_cryptodev.c Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/blake2/blake2_cryptodev.c Wed Jul 18 00:56:25 2018 (r336439)
@@ -53,17 +53,12 @@ struct blake2_session {
size_t klen;
size_t mlen;
uint8_t key[BLAKE2B_KEYBYTES];
- bool used;
- uint32_t id;
- TAILQ_ENTRY(blake2_session) next;
};
CTASSERT((size_t)BLAKE2B_KEYBYTES > (size_t)BLAKE2S_KEYBYTES);
struct blake2_softc {
bool dying;
int32_t cid;
- uint32_t sid;
- TAILQ_HEAD(blake2_sessions_head, blake2_session) sessions;
struct rwlock lock;
};
@@ -83,10 +78,8 @@ static struct fpu_kern_ctx **ctx_fpu;
(ctx) = NULL; \
} while (0)
-static int blake2_newsession(device_t, uint32_t *sidp, struct cryptoini *cri);
-static int blake2_freesession(device_t, uint64_t tid);
-static void blake2_freesession_locked(struct blake2_softc *sc,
- struct blake2_session *ses);
+static int blake2_newsession(device_t, crypto_session_t cses,
+ struct cryptoini *cri);
static int blake2_cipher_setup(struct blake2_session *ses,
struct cryptoini *authini);
static int blake2_cipher_process(struct blake2_session *ses,
@@ -138,11 +131,9 @@ blake2_attach(device_t dev)
sc = device_get_softc(dev);
sc->dying = false;
- TAILQ_INIT(&sc->sessions);
- sc->sid = 1;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE |
- CRYPTOCAP_F_SYNC);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct blake2_session),
+ CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SYNC);
if (sc->cid < 0) {
device_printf(dev, "Could not get crypto driver id.\n");
return (ENOMEM);
@@ -169,24 +160,11 @@ static int
blake2_detach(device_t dev)
{
struct blake2_softc *sc;
- struct blake2_session *ses;
sc = device_get_softc(dev);
rw_wlock(&sc->lock);
- TAILQ_FOREACH(ses, &sc->sessions, next) {
- if (ses->used) {
- rw_wunlock(&sc->lock);
- device_printf(dev,
- "Cannot detach, sessions still active.\n");
- return (EBUSY);
- }
- }
sc->dying = true;
- while ((ses = TAILQ_FIRST(&sc->sessions)) != NULL) {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- free(ses, M_BLAKE2);
- }
rw_wunlock(&sc->lock);
crypto_unregister_all(sc->cid);
@@ -198,21 +176,20 @@ blake2_detach(device_t dev)
}
static int
-blake2_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+blake2_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct blake2_softc *sc;
struct blake2_session *ses;
struct cryptoini *authini;
int error;
- if (sidp == NULL || cri == NULL) {
- CRYPTDEB("no sidp or cri");
+ if (cri == NULL) {
+ CRYPTDEB("no cri");
return (EINVAL);
}
sc = device_get_softc(dev);
- ses = NULL;
authini = NULL;
for (; cri != NULL; cri = cri->cri_next) {
switch (cri->cri_alg) {
@@ -239,85 +216,27 @@ blake2_newsession(device_t dev, uint32_t *sidp, struct
rw_wunlock(&sc->lock);
return (EINVAL);
}
- /*
- * Free sessions are inserted at the head of the list. So if the first
- * session is used, none are free and we must allocate a new one.
- */
- ses = TAILQ_FIRST(&sc->sessions);
- if (ses == NULL || ses->used) {
- ses = malloc(sizeof(*ses), M_BLAKE2, M_NOWAIT | M_ZERO);
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (ENOMEM);
- }
- ses->id = sc->sid++;
- } else {
- TAILQ_REMOVE(&sc->sessions, ses, next);
- }
- ses->used = true;
- TAILQ_INSERT_TAIL(&sc->sessions, ses, next);
rw_wunlock(&sc->lock);
+ ses = crypto_get_driver_session(cses);
+
ses->algo = authini->cri_alg;
error = blake2_cipher_setup(ses, authini);
if (error != 0) {
CRYPTDEB("setup failed");
- rw_wlock(&sc->lock);
- blake2_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
return (error);
}
- *sidp = ses->id;
return (0);
}
-static void
-blake2_freesession_locked(struct blake2_softc *sc, struct blake2_session *ses)
-{
- uint32_t sid;
-
- rw_assert(&sc->lock, RA_WLOCKED);
-
- sid = ses->id;
- TAILQ_REMOVE(&sc->sessions, ses, next);
- explicit_bzero(ses, sizeof(*ses));
- ses->id = sid;
- TAILQ_INSERT_HEAD(&sc->sessions, ses, next);
-}
-
static int
-blake2_freesession(device_t dev, uint64_t tid)
-{
- struct blake2_softc *sc;
- struct blake2_session *ses;
- uint32_t sid;
-
- sc = device_get_softc(dev);
- sid = ((uint32_t)tid) & 0xffffffff;
- rw_wlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, blake2_sessions_head, next) {
- if (ses->id == sid)
- break;
- }
- if (ses == NULL) {
- rw_wunlock(&sc->lock);
- return (EINVAL);
- }
- blake2_freesession_locked(sc, ses);
- rw_wunlock(&sc->lock);
- return (0);
-}
-
-static int
blake2_process(device_t dev, struct cryptop *crp, int hint __unused)
{
- struct blake2_softc *sc;
struct blake2_session *ses;
struct cryptodesc *crd, *authcrd;
int error;
- sc = device_get_softc(dev);
ses = NULL;
error = 0;
authcrd = NULL;
@@ -348,17 +267,7 @@ blake2_process(device_t dev, struct cryptop *crp, int
}
}
- rw_rlock(&sc->lock);
- TAILQ_FOREACH_REVERSE(ses, &sc->sessions, blake2_sessions_head, next) {
- if (ses->id == (crp->crp_sid & 0xffffffff))
- break;
- }
- rw_runlock(&sc->lock);
- if (ses == NULL) {
- error = EINVAL;
- goto out;
- }
-
+ ses = crypto_get_driver_session(crp->crp_session);
error = blake2_cipher_process(ses, crp);
if (error != 0)
goto out;
@@ -376,7 +285,6 @@ static device_method_t blake2_methods[] = {
DEVMETHOD(device_detach, blake2_detach),
DEVMETHOD(cryptodev_newsession, blake2_newsession),
- DEVMETHOD(cryptodev_freesession, blake2_freesession),
DEVMETHOD(cryptodev_process, blake2_process),
DEVMETHOD_END
Modified: head/sys/crypto/ccp/ccp.c
==============================================================================
--- head/sys/crypto/ccp/ccp.c Tue Jul 17 23:56:13 2018 (r336438)
+++ head/sys/crypto/ccp/ccp.c Wed Jul 18 00:56:25 2018 (r336439)
@@ -238,7 +238,8 @@ ccp_attach(device_t dev)
sc = device_get_softc(dev);
sc->dev = dev;
- sc->cid = crypto_get_driverid(dev, CRYPTOCAP_F_HARDWARE);
+ sc->cid = crypto_get_driverid(dev, sizeof(struct ccp_session),
+ CRYPTOCAP_F_HARDWARE);
if (sc->cid < 0) {
device_printf(dev, "could not get crypto driver id\n");
return (ENXIO);
@@ -281,17 +282,10 @@ static int
ccp_detach(device_t dev)
{
struct ccp_softc *sc;
- int i;
sc = device_get_softc(dev);
mtx_lock(&sc->lock);
- for (i = 0; i < sc->nsessions; i++) {
- if (sc->sessions[i].active || sc->sessions[i].pending != 0) {
- mtx_unlock(&sc->lock);
- return (EBUSY);
- }
- }
sc->detaching = true;
mtx_unlock(&sc->lock);
@@ -305,7 +299,6 @@ ccp_detach(device_t dev)
if (g_ccp_softc == sc)
g_ccp_softc = NULL;
- free(sc->sessions, M_CCP);
mtx_destroy(&sc->lock);
return (0);
}
@@ -393,7 +386,7 @@ ccp_aes_setkey(struct ccp_session *s, int alg, const v
}
static int
-ccp_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
+ccp_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
{
struct ccp_softc *sc;
struct ccp_session *s;
@@ -403,12 +396,14 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cr
unsigned auth_mode, iv_len;
unsigned partial_digest_len;
unsigned q;
- int error, i, sess;
+ int error;
bool gcm_hash;
- if (sidp == NULL || cri == NULL)
+ if (cri == NULL)
return (EINVAL);
+ s = crypto_get_driver_session(cses);
+
gcm_hash = false;
cipher = NULL;
hash = NULL;
@@ -510,30 +505,7 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cr
mtx_unlock(&sc->lock);
return (ENXIO);
}
- sess = -1;
- for (i = 0; i < sc->nsessions; i++) {
- if (!sc->sessions[i].active && sc->sessions[i].pending == 0) {
- sess = i;
- break;
- }
- }
- if (sess == -1) {
- s = malloc(sizeof(*s) * (sc->nsessions + 1), M_CCP,
- M_NOWAIT | M_ZERO);
- if (s == NULL) {
- mtx_unlock(&sc->lock);
- return (ENOMEM);
- }
- if (sc->sessions != NULL)
- memcpy(s, sc->sessions, sizeof(*s) * sc->nsessions);
- sess = sc->nsessions;
- free(sc->sessions, M_CCP);
- sc->sessions = s;
- sc->nsessions++;
- }
- s = &sc->sessions[sess];
-
/* Just grab the first usable queue for now. */
for (q = 0; q < nitems(sc->queues); q++)
if ((sc->valid_queues & (1 << q)) != 0)
@@ -581,32 +553,21 @@ ccp_newsession(device_t dev, uint32_t *sidp, struct cr
s->active = true;
mtx_unlock(&sc->lock);
- *sidp = sess;
return (0);
}
-static int
-ccp_freesession(device_t dev, uint64_t tid)
+static void
+ccp_freesession(device_t dev, crypto_session_t cses)
{
- struct ccp_softc *sc;
- uint32_t sid;
- int error;
+ struct ccp_session *s;
- sc = device_get_softc(dev);
- sid = CRYPTO_SESID2LID(tid);
- mtx_lock(&sc->lock);
- if (sid >= sc->nsessions || !sc->sessions[sid].active)
- error = EINVAL;
- else {
- if (sc->sessions[sid].pending != 0)
- device_printf(dev,
- "session %d freed with %d pending requests\n", sid,
- sc->sessions[sid].pending);
- sc->sessions[sid].active = false;
- error = 0;
- }
- mtx_unlock(&sc->lock);
- return (error);
+ s = crypto_get_driver_session(cses);
+
+ if (s->pending != 0)
+ device_printf(dev,
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-head
mailing list