crypto.c revision 1.53
1 /* $NetBSD: crypto.c,v 1.53 2017/04/06 09:39:12 knakahara Exp $ */ 2 /* $FreeBSD: src/sys/opencrypto/crypto.c,v 1.4.2.5 2003/02/26 00:14:05 sam Exp $ */ 3 /* $OpenBSD: crypto.c,v 1.41 2002/07/17 23:52:38 art Exp $ */ 4 5 /*- 6 * Copyright (c) 2008 The NetBSD Foundation, Inc. 7 * All rights reserved. 8 * 9 * This code is derived from software contributed to The NetBSD Foundation 10 * by Coyote Point Systems, Inc. 11 * 12 * Redistribution and use in source and binary forms, with or without 13 * modification, are permitted provided that the following conditions 14 * are met: 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in the 19 * documentation and/or other materials provided with the distribution. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 23 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 25 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 29 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 31 * POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 /* 35 * The author of this code is Angelos D. Keromytis (angelos (at) cis.upenn.edu) 36 * 37 * This code was written by Angelos D. Keromytis in Athens, Greece, in 38 * February 2000. Network Security Technologies Inc. (NSTI) kindly 39 * supported the development of this code. 40 * 41 * Copyright (c) 2000, 2001 Angelos D. Keromytis 42 * 43 * Permission to use, copy, and modify this software with or without fee 44 * is hereby granted, provided that this entire notice is included in 45 * all source code copies of any software which is or includes a copy or 46 * modification of this software. 47 * 48 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 49 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 50 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 51 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 52 * PURPOSE. 53 */ 54 55 #include <sys/cdefs.h> 56 __KERNEL_RCSID(0, "$NetBSD: crypto.c,v 1.53 2017/04/06 09:39:12 knakahara Exp $"); 57 58 #include <sys/param.h> 59 #include <sys/reboot.h> 60 #include <sys/systm.h> 61 #include <sys/malloc.h> 62 #include <sys/proc.h> 63 #include <sys/pool.h> 64 #include <sys/kthread.h> 65 #include <sys/once.h> 66 #include <sys/sysctl.h> 67 #include <sys/intr.h> 68 #include <sys/errno.h> 69 #include <sys/module.h> 70 71 #if defined(_KERNEL_OPT) 72 #include "opt_ocf.h" 73 #endif 74 75 #include <opencrypto/cryptodev.h> 76 #include <opencrypto/xform.h> /* XXX for M_XDATA */ 77 78 static kmutex_t crypto_q_mtx; 79 static kmutex_t crypto_ret_q_mtx; 80 static kcondvar_t cryptoret_cv; 81 kmutex_t crypto_mtx; 82 83 /* below are kludges for residual code wrtitten to FreeBSD interfaces */ 84 #define SWI_CRYPTO 17 85 #define register_swi(lvl, fn) \ 86 softint_establish(SOFTINT_NET|SOFTINT_MPSAFE, (void (*)(void *))fn, NULL) 87 #define unregister_swi(lvl, fn) softint_disestablish(softintr_cookie) 88 #define setsoftcrypto(x) softint_schedule(x) 89 90 int crypto_ret_q_check(struct cryptop *); 91 92 /* 93 * Crypto drivers register themselves by allocating a slot in the 94 * crypto_drivers table with crypto_get_driverid() and then registering 95 * each algorithm they support with crypto_register() and crypto_kregister(). 96 */ 97 static struct cryptocap *crypto_drivers; 98 static int crypto_drivers_num; 99 static void *softintr_cookie; 100 static int crypto_exit_flag; 101 102 /* 103 * There are two queues for crypto requests; one for symmetric (e.g. 104 * cipher) operations and one for asymmetric (e.g. MOD) operations. 105 * See below for how synchronization is handled. 106 */ 107 static TAILQ_HEAD(,cryptop) crp_q = /* request queues */ 108 TAILQ_HEAD_INITIALIZER(crp_q); 109 static TAILQ_HEAD(,cryptkop) crp_kq = 110 TAILQ_HEAD_INITIALIZER(crp_kq); 111 112 /* 113 * There are two queues for processing completed crypto requests; one 114 * for the symmetric and one for the asymmetric ops. We only need one 115 * but have two to avoid type futzing (cryptop vs. cryptkop). See below 116 * for how synchronization is handled. 117 */ 118 static TAILQ_HEAD(crprethead, cryptop) crp_ret_q = /* callback queues */ 119 TAILQ_HEAD_INITIALIZER(crp_ret_q); 120 static TAILQ_HEAD(krprethead, cryptkop) crp_ret_kq = 121 TAILQ_HEAD_INITIALIZER(crp_ret_kq); 122 123 /* 124 * XXX these functions are ghastly hacks for when the submission 125 * XXX routines discover a request that was not CBIMM is already 126 * XXX done, and must be yanked from the retq (where _done) put it 127 * XXX as cryptoret won't get the chance. The queue is walked backwards 128 * XXX as the request is generally the last one queued. 129 * 130 * call with the lock held, or else. 131 */ 132 int 133 crypto_ret_q_remove(struct cryptop *crp) 134 { 135 struct cryptop * acrp, *next; 136 137 TAILQ_FOREACH_REVERSE_SAFE(acrp, &crp_ret_q, crprethead, crp_next, next) { 138 if (acrp == crp) { 139 TAILQ_REMOVE(&crp_ret_q, crp, crp_next); 140 crp->crp_flags &= (~CRYPTO_F_ONRETQ); 141 return 1; 142 } 143 } 144 return 0; 145 } 146 147 int 148 crypto_ret_kq_remove(struct cryptkop *krp) 149 { 150 struct cryptkop * akrp, *next; 151 152 TAILQ_FOREACH_REVERSE_SAFE(akrp, &crp_ret_kq, krprethead, krp_next, next) { 153 if (akrp == krp) { 154 TAILQ_REMOVE(&crp_ret_kq, krp, krp_next); 155 krp->krp_flags &= (~CRYPTO_F_ONRETQ); 156 return 1; 157 } 158 } 159 return 0; 160 } 161 162 /* 163 * Crypto op and desciptor data structures are allocated 164 * from separate private zones(FreeBSD)/pools(netBSD/OpenBSD) . 165 */ 166 struct pool cryptop_pool; 167 struct pool cryptodesc_pool; 168 struct pool cryptkop_pool; 169 170 int crypto_usercrypto = 1; /* userland may open /dev/crypto */ 171 int crypto_userasymcrypto = 1; /* userland may do asym crypto reqs */ 172 /* 173 * cryptodevallowsoft is (intended to be) sysctl'able, controlling 174 * access to hardware versus software transforms as below: 175 * 176 * crypto_devallowsoft < 0: Force userlevel requests to use software 177 * transforms, always 178 * crypto_devallowsoft = 0: Use hardware if present, grant userlevel 179 * requests for non-accelerated transforms 180 * (handling the latter in software) 181 * crypto_devallowsoft > 0: Allow user requests only for transforms which 182 * are hardware-accelerated. 183 */ 184 int crypto_devallowsoft = 1; /* only use hardware crypto */ 185 186 SYSCTL_SETUP(sysctl_opencrypto_setup, "sysctl opencrypto subtree setup") 187 { 188 189 sysctl_createv(clog, 0, NULL, NULL, 190 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 191 CTLTYPE_INT, "usercrypto", 192 SYSCTL_DESCR("Enable/disable user-mode access to " 193 "crypto support"), 194 NULL, 0, &crypto_usercrypto, 0, 195 CTL_KERN, CTL_CREATE, CTL_EOL); 196 sysctl_createv(clog, 0, NULL, NULL, 197 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 198 CTLTYPE_INT, "userasymcrypto", 199 SYSCTL_DESCR("Enable/disable user-mode access to " 200 "asymmetric crypto support"), 201 NULL, 0, &crypto_userasymcrypto, 0, 202 CTL_KERN, CTL_CREATE, CTL_EOL); 203 sysctl_createv(clog, 0, NULL, NULL, 204 CTLFLAG_PERMANENT|CTLFLAG_READWRITE, 205 CTLTYPE_INT, "cryptodevallowsoft", 206 SYSCTL_DESCR("Enable/disable use of software " 207 "asymmetric crypto support"), 208 NULL, 0, &crypto_devallowsoft, 0, 209 CTL_KERN, CTL_CREATE, CTL_EOL); 210 } 211 212 MALLOC_DEFINE(M_CRYPTO_DATA, "crypto", "crypto session records"); 213 214 /* 215 * Synchronization: read carefully, this is non-trivial. 216 * 217 * Crypto requests are submitted via crypto_dispatch. Typically 218 * these come in from network protocols at spl0 (output path) or 219 * spl[,soft]net (input path). 220 * 221 * Requests are typically passed on the driver directly, but they 222 * may also be queued for processing by a software interrupt thread, 223 * cryptointr, that runs at splsoftcrypto. This thread dispatches 224 * the requests to crypto drivers (h/w or s/w) who call crypto_done 225 * when a request is complete. Hardware crypto drivers are assumed 226 * to register their IRQ's as network devices so their interrupt handlers 227 * and subsequent "done callbacks" happen at spl[imp,net]. 228 * 229 * Completed crypto ops are queued for a separate kernel thread that 230 * handles the callbacks at spl0. This decoupling insures the crypto 231 * driver interrupt service routine is not delayed while the callback 232 * takes place and that callbacks are delivered after a context switch 233 * (as opposed to a software interrupt that clients must block). 234 * 235 * This scheme is not intended for SMP machines. 236 */ 237 static void cryptointr(void); /* swi thread to dispatch ops */ 238 static void cryptoret(void); /* kernel thread for callbacks*/ 239 static struct lwp *cryptothread; 240 static int crypto_destroy(bool); 241 static int crypto_invoke(struct cryptop *crp, int hint); 242 static int crypto_kinvoke(struct cryptkop *krp, int hint); 243 244 static struct cryptostats cryptostats; 245 #ifdef CRYPTO_TIMING 246 static int crypto_timing = 0; 247 #endif 248 249 #ifdef _MODULE 250 static struct sysctllog *sysctl_opencrypto_clog; 251 #endif 252 253 static int 254 crypto_init0(void) 255 { 256 int error; 257 258 mutex_init(&crypto_mtx, MUTEX_DEFAULT, IPL_NONE); 259 mutex_init(&crypto_q_mtx, MUTEX_DEFAULT, IPL_NET); 260 mutex_init(&crypto_ret_q_mtx, MUTEX_DEFAULT, IPL_NET); 261 cv_init(&cryptoret_cv, "crypto_w"); 262 pool_init(&cryptop_pool, sizeof(struct cryptop), 0, 0, 263 0, "cryptop", NULL, IPL_NET); 264 pool_init(&cryptodesc_pool, sizeof(struct cryptodesc), 0, 0, 265 0, "cryptodesc", NULL, IPL_NET); 266 pool_init(&cryptkop_pool, sizeof(struct cryptkop), 0, 0, 267 0, "cryptkop", NULL, IPL_NET); 268 269 crypto_drivers = malloc(CRYPTO_DRIVERS_INITIAL * 270 sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT | M_ZERO); 271 if (crypto_drivers == NULL) { 272 printf("crypto_init: cannot malloc driver table\n"); 273 return ENOMEM; 274 } 275 crypto_drivers_num = CRYPTO_DRIVERS_INITIAL; 276 277 softintr_cookie = register_swi(SWI_CRYPTO, cryptointr); 278 error = kthread_create(PRI_NONE, KTHREAD_MPSAFE, NULL, 279 (void (*)(void *))cryptoret, NULL, &cryptothread, "cryptoret"); 280 if (error) { 281 printf("crypto_init: cannot start cryptoret thread; error %d", 282 error); 283 return crypto_destroy(false); 284 } 285 286 #ifdef _MODULE 287 sysctl_opencrypto_setup(&sysctl_opencrypto_clog); 288 #endif 289 return 0; 290 } 291 292 int 293 crypto_init(void) 294 { 295 static ONCE_DECL(crypto_init_once); 296 297 return RUN_ONCE(&crypto_init_once, crypto_init0); 298 } 299 300 static int 301 crypto_destroy(bool exit_kthread) 302 { 303 int i; 304 305 if (exit_kthread) { 306 mutex_spin_enter(&crypto_ret_q_mtx); 307 308 /* if we have any in-progress requests, don't unload */ 309 if (!TAILQ_EMPTY(&crp_q) || !TAILQ_EMPTY(&crp_kq)) { 310 mutex_spin_exit(&crypto_ret_q_mtx); 311 return EBUSY; 312 } 313 314 for (i = 0; i < crypto_drivers_num; i++) 315 if (crypto_drivers[i].cc_sessions != 0) 316 break; 317 if (i < crypto_drivers_num) { 318 mutex_spin_exit(&crypto_ret_q_mtx); 319 return EBUSY; 320 } 321 322 /* kick the cryptoret thread and wait for it to exit */ 323 crypto_exit_flag = 1; 324 cv_signal(&cryptoret_cv); 325 326 while (crypto_exit_flag != 0) 327 cv_wait(&cryptoret_cv, &crypto_ret_q_mtx); 328 mutex_spin_exit(&crypto_ret_q_mtx); 329 } 330 331 #ifdef _MODULE 332 if (sysctl_opencrypto_clog != NULL) 333 sysctl_teardown(&sysctl_opencrypto_clog); 334 #endif 335 336 unregister_swi(SWI_CRYPTO, cryptointr); 337 338 if (crypto_drivers != NULL) 339 free(crypto_drivers, M_CRYPTO_DATA); 340 341 pool_destroy(&cryptop_pool); 342 pool_destroy(&cryptodesc_pool); 343 pool_destroy(&cryptkop_pool); 344 345 cv_destroy(&cryptoret_cv); 346 347 mutex_destroy(&crypto_ret_q_mtx); 348 mutex_destroy(&crypto_q_mtx); 349 mutex_destroy(&crypto_mtx); 350 351 return 0; 352 } 353 354 /* 355 * Create a new session. Must be called with crypto_mtx held. 356 */ 357 int 358 crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard) 359 { 360 struct cryptoini *cr; 361 u_int32_t hid, lid; 362 int err = EINVAL; 363 364 mutex_enter(&crypto_mtx); 365 366 if (crypto_drivers == NULL) 367 goto done; 368 369 /* 370 * The algorithm we use here is pretty stupid; just use the 371 * first driver that supports all the algorithms we need. 372 * 373 * XXX We need more smarts here (in real life too, but that's 374 * XXX another story altogether). 375 */ 376 377 for (hid = 0; hid < crypto_drivers_num; hid++) { 378 /* 379 * If it's not initialized or has remaining sessions 380 * referencing it, skip. 381 */ 382 if (crypto_drivers[hid].cc_newsession == NULL || 383 (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP)) 384 continue; 385 386 /* Hardware required -- ignore software drivers. */ 387 if (hard > 0 && 388 (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE)) 389 continue; 390 /* Software required -- ignore hardware drivers. */ 391 if (hard < 0 && 392 (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) == 0) 393 continue; 394 395 /* See if all the algorithms are supported. */ 396 for (cr = cri; cr; cr = cr->cri_next) 397 if (crypto_drivers[hid].cc_alg[cr->cri_alg] == 0) { 398 DPRINTF(("crypto_newsession: alg %d not supported\n", cr->cri_alg)); 399 break; 400 } 401 402 if (cr == NULL) { 403 /* Ok, all algorithms are supported. */ 404 405 /* 406 * Can't do everything in one session. 407 * 408 * XXX Fix this. We need to inject a "virtual" session layer right 409 * XXX about here. 410 */ 411 412 /* Call the driver initialization routine. */ 413 lid = hid; /* Pass the driver ID. */ 414 err = crypto_drivers[hid].cc_newsession( 415 crypto_drivers[hid].cc_arg, &lid, cri); 416 if (err == 0) { 417 (*sid) = hid; 418 (*sid) <<= 32; 419 (*sid) |= (lid & 0xffffffff); 420 crypto_drivers[hid].cc_sessions++; 421 } else { 422 DPRINTF(("%s: crypto_drivers[%d].cc_newsession() failed. error=%d\n", 423 __func__, hid, err)); 424 } 425 goto done; 426 /*break;*/ 427 } 428 } 429 done: 430 mutex_exit(&crypto_mtx); 431 return err; 432 } 433 434 /* 435 * Delete an existing session (or a reserved session on an unregistered 436 * driver). Must be called with crypto_mtx mutex held. 437 */ 438 int 439 crypto_freesession(u_int64_t sid) 440 { 441 u_int32_t hid; 442 int err = 0; 443 444 mutex_enter(&crypto_mtx); 445 446 if (crypto_drivers == NULL) { 447 err = EINVAL; 448 goto done; 449 } 450 451 /* Determine two IDs. */ 452 hid = CRYPTO_SESID2HID(sid); 453 454 if (hid >= crypto_drivers_num) { 455 err = ENOENT; 456 goto done; 457 } 458 459 if (crypto_drivers[hid].cc_sessions) 460 crypto_drivers[hid].cc_sessions--; 461 462 /* Call the driver cleanup routine, if available. */ 463 if (crypto_drivers[hid].cc_freesession) { 464 err = crypto_drivers[hid].cc_freesession( 465 crypto_drivers[hid].cc_arg, sid); 466 } 467 else 468 err = 0; 469 470 /* 471 * If this was the last session of a driver marked as invalid, 472 * make the entry available for reuse. 473 */ 474 if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) && 475 crypto_drivers[hid].cc_sessions == 0) 476 memset(&crypto_drivers[hid], 0, sizeof(struct cryptocap)); 477 478 done: 479 mutex_exit(&crypto_mtx); 480 return err; 481 } 482 483 /* 484 * Return an unused driver id. Used by drivers prior to registering 485 * support for the algorithms they handle. 486 */ 487 int32_t 488 crypto_get_driverid(u_int32_t flags) 489 { 490 struct cryptocap *newdrv; 491 int i; 492 493 (void)crypto_init(); /* XXX oh, this is foul! */ 494 495 mutex_enter(&crypto_mtx); 496 for (i = 0; i < crypto_drivers_num; i++) 497 if (crypto_drivers[i].cc_process == NULL && 498 (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0 && 499 crypto_drivers[i].cc_sessions == 0) 500 break; 501 502 /* Out of entries, allocate some more. */ 503 if (i == crypto_drivers_num) { 504 /* Be careful about wrap-around. */ 505 if (2 * crypto_drivers_num <= crypto_drivers_num) { 506 mutex_exit(&crypto_mtx); 507 printf("crypto: driver count wraparound!\n"); 508 return -1; 509 } 510 511 newdrv = malloc(2 * crypto_drivers_num * 512 sizeof(struct cryptocap), M_CRYPTO_DATA, M_NOWAIT|M_ZERO); 513 if (newdrv == NULL) { 514 mutex_exit(&crypto_mtx); 515 printf("crypto: no space to expand driver table!\n"); 516 return -1; 517 } 518 519 memcpy(newdrv, crypto_drivers, 520 crypto_drivers_num * sizeof(struct cryptocap)); 521 522 crypto_drivers_num *= 2; 523 524 free(crypto_drivers, M_CRYPTO_DATA); 525 crypto_drivers = newdrv; 526 } 527 528 /* NB: state is zero'd on free */ 529 crypto_drivers[i].cc_sessions = 1; /* Mark */ 530 crypto_drivers[i].cc_flags = flags; 531 532 if (bootverbose) 533 printf("crypto: assign driver %u, flags %u\n", i, flags); 534 535 mutex_exit(&crypto_mtx); 536 537 return i; 538 } 539 540 static struct cryptocap * 541 crypto_checkdriver(u_int32_t hid) 542 { 543 if (crypto_drivers == NULL) 544 return NULL; 545 return (hid >= crypto_drivers_num ? NULL : &crypto_drivers[hid]); 546 } 547 548 /* 549 * Register support for a key-related algorithm. This routine 550 * is called once for each algorithm supported a driver. 551 */ 552 int 553 crypto_kregister(u_int32_t driverid, int kalg, u_int32_t flags, 554 int (*kprocess)(void *, struct cryptkop *, int), 555 void *karg) 556 { 557 struct cryptocap *cap; 558 int err; 559 560 mutex_enter(&crypto_mtx); 561 562 cap = crypto_checkdriver(driverid); 563 if (cap != NULL && 564 (CRK_ALGORITM_MIN <= kalg && kalg <= CRK_ALGORITHM_MAX)) { 565 /* 566 * XXX Do some performance testing to determine placing. 567 * XXX We probably need an auxiliary data structure that 568 * XXX describes relative performances. 569 */ 570 571 cap->cc_kalg[kalg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; 572 if (bootverbose) { 573 printf("crypto: driver %u registers key alg %u " 574 " flags %u\n", 575 driverid, 576 kalg, 577 flags 578 ); 579 } 580 581 if (cap->cc_kprocess == NULL) { 582 cap->cc_karg = karg; 583 cap->cc_kprocess = kprocess; 584 } 585 err = 0; 586 } else 587 err = EINVAL; 588 589 mutex_exit(&crypto_mtx); 590 return err; 591 } 592 593 /* 594 * Register support for a non-key-related algorithm. This routine 595 * is called once for each such algorithm supported by a driver. 596 */ 597 int 598 crypto_register(u_int32_t driverid, int alg, u_int16_t maxoplen, 599 u_int32_t flags, 600 int (*newses)(void *, u_int32_t*, struct cryptoini*), 601 int (*freeses)(void *, u_int64_t), 602 int (*process)(void *, struct cryptop *, int), 603 void *arg) 604 { 605 struct cryptocap *cap; 606 int err; 607 608 mutex_enter(&crypto_mtx); 609 610 cap = crypto_checkdriver(driverid); 611 /* NB: algorithms are in the range [1..max] */ 612 if (cap != NULL && 613 (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX)) { 614 /* 615 * XXX Do some performance testing to determine placing. 616 * XXX We probably need an auxiliary data structure that 617 * XXX describes relative performances. 618 */ 619 620 cap->cc_alg[alg] = flags | CRYPTO_ALG_FLAG_SUPPORTED; 621 cap->cc_max_op_len[alg] = maxoplen; 622 if (bootverbose) { 623 printf("crypto: driver %u registers alg %u " 624 "flags %u maxoplen %u\n", 625 driverid, 626 alg, 627 flags, 628 maxoplen 629 ); 630 } 631 632 if (cap->cc_process == NULL) { 633 cap->cc_arg = arg; 634 cap->cc_newsession = newses; 635 cap->cc_process = process; 636 cap->cc_freesession = freeses; 637 cap->cc_sessions = 0; /* Unmark */ 638 } 639 err = 0; 640 } else 641 err = EINVAL; 642 643 mutex_exit(&crypto_mtx); 644 return err; 645 } 646 647 /* 648 * Unregister a crypto driver. If there are pending sessions using it, 649 * leave enough information around so that subsequent calls using those 650 * sessions will correctly detect the driver has been unregistered and 651 * reroute requests. 652 */ 653 int 654 crypto_unregister(u_int32_t driverid, int alg) 655 { 656 int i, err; 657 u_int32_t ses; 658 struct cryptocap *cap; 659 660 mutex_enter(&crypto_mtx); 661 662 cap = crypto_checkdriver(driverid); 663 if (cap != NULL && 664 (CRYPTO_ALGORITHM_MIN <= alg && alg <= CRYPTO_ALGORITHM_MAX) && 665 cap->cc_alg[alg] != 0) { 666 cap->cc_alg[alg] = 0; 667 cap->cc_max_op_len[alg] = 0; 668 669 /* Was this the last algorithm ? */ 670 for (i = 1; i <= CRYPTO_ALGORITHM_MAX; i++) 671 if (cap->cc_alg[i] != 0) 672 break; 673 674 if (i == CRYPTO_ALGORITHM_MAX + 1) { 675 ses = cap->cc_sessions; 676 memset(cap, 0, sizeof(struct cryptocap)); 677 if (ses != 0) { 678 /* 679 * If there are pending sessions, just mark as invalid. 680 */ 681 cap->cc_flags |= CRYPTOCAP_F_CLEANUP; 682 cap->cc_sessions = ses; 683 } 684 } 685 err = 0; 686 } else 687 err = EINVAL; 688 689 mutex_exit(&crypto_mtx); 690 return err; 691 } 692 693 /* 694 * Unregister all algorithms associated with a crypto driver. 695 * If there are pending sessions using it, leave enough information 696 * around so that subsequent calls using those sessions will 697 * correctly detect the driver has been unregistered and reroute 698 * requests. 699 * 700 * XXX careful. Don't change this to call crypto_unregister() for each 701 * XXX registered algorithm unless you drop the mutex across the calls; 702 * XXX you can't take it recursively. 703 */ 704 int 705 crypto_unregister_all(u_int32_t driverid) 706 { 707 int i, err; 708 u_int32_t ses; 709 struct cryptocap *cap; 710 711 mutex_enter(&crypto_mtx); 712 cap = crypto_checkdriver(driverid); 713 if (cap != NULL) { 714 for (i = CRYPTO_ALGORITHM_MIN; i <= CRYPTO_ALGORITHM_MAX; i++) { 715 cap->cc_alg[i] = 0; 716 cap->cc_max_op_len[i] = 0; 717 } 718 ses = cap->cc_sessions; 719 memset(cap, 0, sizeof(struct cryptocap)); 720 if (ses != 0) { 721 /* 722 * If there are pending sessions, just mark as invalid. 723 */ 724 cap->cc_flags |= CRYPTOCAP_F_CLEANUP; 725 cap->cc_sessions = ses; 726 } 727 err = 0; 728 } else 729 err = EINVAL; 730 731 mutex_exit(&crypto_mtx); 732 return err; 733 } 734 735 /* 736 * Clear blockage on a driver. The what parameter indicates whether 737 * the driver is now ready for cryptop's and/or cryptokop's. 738 */ 739 int 740 crypto_unblock(u_int32_t driverid, int what) 741 { 742 struct cryptocap *cap; 743 int needwakeup, err; 744 745 mutex_spin_enter(&crypto_q_mtx); 746 cap = crypto_checkdriver(driverid); 747 if (cap != NULL) { 748 needwakeup = 0; 749 if (what & CRYPTO_SYMQ) { 750 needwakeup |= cap->cc_qblocked; 751 cap->cc_qblocked = 0; 752 } 753 if (what & CRYPTO_ASYMQ) { 754 needwakeup |= cap->cc_kqblocked; 755 cap->cc_kqblocked = 0; 756 } 757 err = 0; 758 if (needwakeup) 759 setsoftcrypto(softintr_cookie); 760 mutex_spin_exit(&crypto_q_mtx); 761 } else { 762 err = EINVAL; 763 mutex_spin_exit(&crypto_q_mtx); 764 } 765 766 return err; 767 } 768 769 /* 770 * Dispatch a crypto request to a driver or queue 771 * it, to be processed by the kernel thread. 772 */ 773 int 774 crypto_dispatch(struct cryptop *crp) 775 { 776 u_int32_t hid = CRYPTO_SESID2HID(crp->crp_sid); 777 int result; 778 779 mutex_spin_enter(&crypto_q_mtx); 780 DPRINTF(("crypto_dispatch: crp %p, alg %d\n", 781 crp, crp->crp_desc->crd_alg)); 782 783 cryptostats.cs_ops++; 784 785 #ifdef CRYPTO_TIMING 786 if (crypto_timing) 787 nanouptime(&crp->crp_tstamp); 788 #endif 789 if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) { 790 struct cryptocap *cap; 791 /* 792 * Caller marked the request to be processed 793 * immediately; dispatch it directly to the 794 * driver unless the driver is currently blocked. 795 */ 796 cap = crypto_checkdriver(hid); 797 if (cap && !cap->cc_qblocked) { 798 mutex_spin_exit(&crypto_q_mtx); 799 result = crypto_invoke(crp, 0); 800 if (result == ERESTART) { 801 /* 802 * The driver ran out of resources, mark the 803 * driver ``blocked'' for cryptop's and put 804 * the op on the queue. 805 */ 806 mutex_spin_enter(&crypto_q_mtx); 807 crypto_drivers[hid].cc_qblocked = 1; 808 TAILQ_INSERT_HEAD(&crp_q, crp, crp_next); 809 cryptostats.cs_blocks++; 810 mutex_spin_exit(&crypto_q_mtx); 811 } 812 goto out_released; 813 } else { 814 /* 815 * The driver is blocked, just queue the op until 816 * it unblocks and the swi thread gets kicked. 817 */ 818 TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); 819 result = 0; 820 } 821 } else { 822 int wasempty = TAILQ_EMPTY(&crp_q); 823 /* 824 * Caller marked the request as ``ok to delay''; 825 * queue it for the swi thread. This is desirable 826 * when the operation is low priority and/or suitable 827 * for batching. 828 */ 829 TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); 830 if (wasempty) { 831 setsoftcrypto(softintr_cookie); 832 mutex_spin_exit(&crypto_q_mtx); 833 result = 0; 834 goto out_released; 835 } 836 837 result = 0; 838 } 839 840 mutex_spin_exit(&crypto_q_mtx); 841 out_released: 842 return result; 843 } 844 845 /* 846 * Add an asymetric crypto request to a queue, 847 * to be processed by the kernel thread. 848 */ 849 int 850 crypto_kdispatch(struct cryptkop *krp) 851 { 852 struct cryptocap *cap; 853 int result; 854 855 mutex_spin_enter(&crypto_q_mtx); 856 cryptostats.cs_kops++; 857 858 cap = crypto_checkdriver(krp->krp_hid); 859 if (cap && !cap->cc_kqblocked) { 860 mutex_spin_exit(&crypto_q_mtx); 861 result = crypto_kinvoke(krp, 0); 862 if (result == ERESTART) { 863 /* 864 * The driver ran out of resources, mark the 865 * driver ``blocked'' for cryptop's and put 866 * the op on the queue. 867 */ 868 mutex_spin_enter(&crypto_q_mtx); 869 crypto_drivers[krp->krp_hid].cc_kqblocked = 1; 870 TAILQ_INSERT_HEAD(&crp_kq, krp, krp_next); 871 cryptostats.cs_kblocks++; 872 mutex_spin_exit(&crypto_q_mtx); 873 } 874 } else { 875 /* 876 * The driver is blocked, just queue the op until 877 * it unblocks and the swi thread gets kicked. 878 */ 879 TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); 880 result = 0; 881 mutex_spin_exit(&crypto_q_mtx); 882 } 883 884 return result; 885 } 886 887 /* 888 * Dispatch an assymetric crypto request to the appropriate crypto devices. 889 */ 890 static int 891 crypto_kinvoke(struct cryptkop *krp, int hint) 892 { 893 u_int32_t hid; 894 int error; 895 896 /* Sanity checks. */ 897 if (krp == NULL) 898 return EINVAL; 899 if (krp->krp_callback == NULL) { 900 cv_destroy(&krp->krp_cv); 901 pool_put(&cryptkop_pool, krp); 902 return EINVAL; 903 } 904 905 mutex_enter(&crypto_mtx); 906 for (hid = 0; hid < crypto_drivers_num; hid++) { 907 if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && 908 crypto_devallowsoft == 0) 909 continue; 910 if (crypto_drivers[hid].cc_kprocess == NULL) 911 continue; 912 if ((crypto_drivers[hid].cc_kalg[krp->krp_op] & 913 CRYPTO_ALG_FLAG_SUPPORTED) == 0) 914 continue; 915 break; 916 } 917 if (hid < crypto_drivers_num) { 918 int (*process)(void *, struct cryptkop *, int); 919 void *arg; 920 921 process = crypto_drivers[hid].cc_kprocess; 922 arg = crypto_drivers[hid].cc_karg; 923 mutex_exit(&crypto_mtx); 924 krp->krp_hid = hid; 925 error = (*process)(arg, krp, hint); 926 } else { 927 mutex_exit(&crypto_mtx); 928 error = ENODEV; 929 } 930 931 if (error) { 932 krp->krp_status = error; 933 crypto_kdone(krp); 934 } 935 return 0; 936 } 937 938 #ifdef CRYPTO_TIMING 939 static void 940 crypto_tstat(struct cryptotstat *ts, struct timespec *tv) 941 { 942 struct timespec now, t; 943 944 nanouptime(&now); 945 t.tv_sec = now.tv_sec - tv->tv_sec; 946 t.tv_nsec = now.tv_nsec - tv->tv_nsec; 947 if (t.tv_nsec < 0) { 948 t.tv_sec--; 949 t.tv_nsec += 1000000000; 950 } 951 timespecadd(&ts->acc, &t, &t); 952 if (timespeccmp(&t, &ts->min, <)) 953 ts->min = t; 954 if (timespeccmp(&t, &ts->max, >)) 955 ts->max = t; 956 ts->count++; 957 958 *tv = now; 959 } 960 #endif 961 962 /* 963 * Dispatch a crypto request to the appropriate crypto devices. 964 */ 965 static int 966 crypto_invoke(struct cryptop *crp, int hint) 967 { 968 u_int32_t hid; 969 970 #ifdef CRYPTO_TIMING 971 if (crypto_timing) 972 crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp); 973 #endif 974 /* Sanity checks. */ 975 if (crp == NULL) 976 return EINVAL; 977 if (crp->crp_callback == NULL) { 978 return EINVAL; 979 } 980 if (crp->crp_desc == NULL) { 981 crp->crp_etype = EINVAL; 982 crypto_done(crp); 983 return 0; 984 } 985 986 hid = CRYPTO_SESID2HID(crp->crp_sid); 987 988 if (hid < crypto_drivers_num) { 989 int (*process)(void *, struct cryptop *, int); 990 void *arg; 991 992 if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) 993 crypto_freesession(crp->crp_sid); 994 process = crypto_drivers[hid].cc_process; 995 arg = crypto_drivers[hid].cc_arg; 996 997 /* 998 * Invoke the driver to process the request. 999 */ 1000 DPRINTF(("calling process for %p\n", crp)); 1001 return (*process)(arg, crp, hint); 1002 } else { 1003 struct cryptodesc *crd; 1004 u_int64_t nid = 0; 1005 1006 /* 1007 * Driver has unregistered; migrate the session and return 1008 * an error to the caller so they'll resubmit the op. 1009 */ 1010 for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) 1011 crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); 1012 1013 if (crypto_newsession(&nid, &(crp->crp_desc->CRD_INI), 0) == 0) 1014 crp->crp_sid = nid; 1015 1016 crp->crp_etype = EAGAIN; 1017 1018 crypto_done(crp); 1019 return 0; 1020 } 1021 } 1022 1023 /* 1024 * Release a set of crypto descriptors. 1025 */ 1026 void 1027 crypto_freereq(struct cryptop *crp) 1028 { 1029 struct cryptodesc *crd; 1030 1031 if (crp == NULL) 1032 return; 1033 DPRINTF(("crypto_freereq[%u]: crp %p\n", 1034 CRYPTO_SESID2LID(crp->crp_sid), crp)); 1035 1036 /* sanity check */ 1037 if (crp->crp_flags & CRYPTO_F_ONRETQ) { 1038 panic("crypto_freereq() freeing crp on RETQ\n"); 1039 } 1040 1041 while ((crd = crp->crp_desc) != NULL) { 1042 crp->crp_desc = crd->crd_next; 1043 pool_put(&cryptodesc_pool, crd); 1044 } 1045 pool_put(&cryptop_pool, crp); 1046 } 1047 1048 /* 1049 * Acquire a set of crypto descriptors. 1050 */ 1051 struct cryptop * 1052 crypto_getreq(int num) 1053 { 1054 struct cryptodesc *crd; 1055 struct cryptop *crp; 1056 1057 crp = pool_get(&cryptop_pool, 0); 1058 if (crp == NULL) { 1059 return NULL; 1060 } 1061 memset(crp, 0, sizeof(struct cryptop)); 1062 1063 while (num--) { 1064 crd = pool_get(&cryptodesc_pool, 0); 1065 if (crd == NULL) { 1066 crypto_freereq(crp); 1067 return NULL; 1068 } 1069 1070 memset(crd, 0, sizeof(struct cryptodesc)); 1071 crd->crd_next = crp->crp_desc; 1072 crp->crp_desc = crd; 1073 } 1074 1075 return crp; 1076 } 1077 1078 /* 1079 * Invoke the callback on behalf of the driver. 1080 */ 1081 void 1082 crypto_done(struct cryptop *crp) 1083 { 1084 int wasempty; 1085 1086 if (crp->crp_etype != 0) 1087 cryptostats.cs_errs++; 1088 #ifdef CRYPTO_TIMING 1089 if (crypto_timing) 1090 crypto_tstat(&cryptostats.cs_done, &crp->crp_tstamp); 1091 #endif 1092 DPRINTF(("crypto_done[%u]: crp %p\n", 1093 CRYPTO_SESID2LID(crp->crp_sid), crp)); 1094 1095 /* 1096 * Normal case; queue the callback for the thread. 1097 * 1098 * The return queue is manipulated by the swi thread 1099 * and, potentially, by crypto device drivers calling 1100 * back to mark operations completed. Thus we need 1101 * to mask both while manipulating the return queue. 1102 */ 1103 if (crp->crp_flags & CRYPTO_F_CBIMM) { 1104 /* 1105 * Do the callback directly. This is ok when the 1106 * callback routine does very little (e.g. the 1107 * /dev/crypto callback method just does a wakeup). 1108 */ 1109 mutex_spin_enter(&crypto_ret_q_mtx); 1110 crp->crp_flags |= CRYPTO_F_DONE; 1111 mutex_spin_exit(&crypto_ret_q_mtx); 1112 1113 #ifdef CRYPTO_TIMING 1114 if (crypto_timing) { 1115 /* 1116 * NB: We must copy the timestamp before 1117 * doing the callback as the cryptop is 1118 * likely to be reclaimed. 1119 */ 1120 struct timespec t = crp->crp_tstamp; 1121 crypto_tstat(&cryptostats.cs_cb, &t); 1122 crp->crp_callback(crp); 1123 crypto_tstat(&cryptostats.cs_finis, &t); 1124 } else 1125 #endif 1126 crp->crp_callback(crp); 1127 } else { 1128 mutex_spin_enter(&crypto_ret_q_mtx); 1129 crp->crp_flags |= CRYPTO_F_DONE; 1130 #if 0 1131 if (crp->crp_flags & CRYPTO_F_USER) { 1132 /* 1133 * TODO: 1134 * If crp->crp_flags & CRYPTO_F_USER and the used 1135 * encryption driver does all the processing in 1136 * the same context, we can skip enqueueing crp_ret_q 1137 * and cv_signal(&cryptoret_cv). 1138 */ 1139 DPRINTF(("crypto_done[%u]: crp %p CRYPTO_F_USER\n", 1140 CRYPTO_SESID2LID(crp->crp_sid), crp)); 1141 } else 1142 #endif 1143 { 1144 wasempty = TAILQ_EMPTY(&crp_ret_q); 1145 DPRINTF(("crypto_done[%u]: queueing %p\n", 1146 CRYPTO_SESID2LID(crp->crp_sid), crp)); 1147 crp->crp_flags |= CRYPTO_F_ONRETQ; 1148 TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next); 1149 if (wasempty) { 1150 DPRINTF(("crypto_done[%u]: waking cryptoret, " 1151 "crp %p hit empty queue\n.", 1152 CRYPTO_SESID2LID(crp->crp_sid), crp)); 1153 cv_signal(&cryptoret_cv); 1154 } 1155 } 1156 mutex_spin_exit(&crypto_ret_q_mtx); 1157 } 1158 } 1159 1160 /* 1161 * Invoke the callback on behalf of the driver. 1162 */ 1163 void 1164 crypto_kdone(struct cryptkop *krp) 1165 { 1166 int wasempty; 1167 1168 if (krp->krp_status != 0) 1169 cryptostats.cs_kerrs++; 1170 1171 krp->krp_flags |= CRYPTO_F_DONE; 1172 1173 /* 1174 * The return queue is manipulated by the swi thread 1175 * and, potentially, by crypto device drivers calling 1176 * back to mark operations completed. Thus we need 1177 * to mask both while manipulating the return queue. 1178 */ 1179 if (krp->krp_flags & CRYPTO_F_CBIMM) { 1180 krp->krp_callback(krp); 1181 } else { 1182 mutex_spin_enter(&crypto_ret_q_mtx); 1183 wasempty = TAILQ_EMPTY(&crp_ret_kq); 1184 krp->krp_flags |= CRYPTO_F_ONRETQ; 1185 TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next); 1186 if (wasempty) 1187 cv_signal(&cryptoret_cv); 1188 mutex_spin_exit(&crypto_ret_q_mtx); 1189 } 1190 } 1191 1192 int 1193 crypto_getfeat(int *featp) 1194 { 1195 int hid, kalg, feat = 0; 1196 1197 mutex_enter(&crypto_mtx); 1198 1199 if (crypto_userasymcrypto == 0) 1200 goto out; 1201 1202 for (hid = 0; hid < crypto_drivers_num; hid++) { 1203 if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && 1204 crypto_devallowsoft == 0) { 1205 continue; 1206 } 1207 if (crypto_drivers[hid].cc_kprocess == NULL) 1208 continue; 1209 for (kalg = 0; kalg < CRK_ALGORITHM_MAX; kalg++) 1210 if ((crypto_drivers[hid].cc_kalg[kalg] & 1211 CRYPTO_ALG_FLAG_SUPPORTED) != 0) 1212 feat |= 1 << kalg; 1213 } 1214 out: 1215 mutex_exit(&crypto_mtx); 1216 *featp = feat; 1217 return (0); 1218 } 1219 1220 /* 1221 * Software interrupt thread to dispatch crypto requests. 1222 */ 1223 static void 1224 cryptointr(void) 1225 { 1226 struct cryptop *crp, *submit, *cnext; 1227 struct cryptkop *krp, *knext; 1228 struct cryptocap *cap; 1229 int result, hint; 1230 1231 cryptostats.cs_intrs++; 1232 mutex_spin_enter(&crypto_q_mtx); 1233 do { 1234 /* 1235 * Find the first element in the queue that can be 1236 * processed and look-ahead to see if multiple ops 1237 * are ready for the same driver. 1238 */ 1239 submit = NULL; 1240 hint = 0; 1241 TAILQ_FOREACH_SAFE(crp, &crp_q, crp_next, cnext) { 1242 u_int32_t hid = CRYPTO_SESID2HID(crp->crp_sid); 1243 cap = crypto_checkdriver(hid); 1244 if (cap == NULL || cap->cc_process == NULL) { 1245 /* Op needs to be migrated, process it. */ 1246 if (submit == NULL) 1247 submit = crp; 1248 break; 1249 } 1250 if (!cap->cc_qblocked) { 1251 if (submit != NULL) { 1252 /* 1253 * We stop on finding another op, 1254 * regardless whether its for the same 1255 * driver or not. We could keep 1256 * searching the queue but it might be 1257 * better to just use a per-driver 1258 * queue instead. 1259 */ 1260 if (CRYPTO_SESID2HID(submit->crp_sid) 1261 == hid) 1262 hint = CRYPTO_HINT_MORE; 1263 break; 1264 } else { 1265 submit = crp; 1266 if ((submit->crp_flags & CRYPTO_F_BATCH) == 0) 1267 break; 1268 /* keep scanning for more are q'd */ 1269 } 1270 } 1271 } 1272 if (submit != NULL) { 1273 TAILQ_REMOVE(&crp_q, submit, crp_next); 1274 mutex_spin_exit(&crypto_q_mtx); 1275 result = crypto_invoke(submit, hint); 1276 /* we must take here as the TAILQ op or kinvoke 1277 may need this mutex below. sigh. */ 1278 mutex_spin_enter(&crypto_q_mtx); 1279 if (result == ERESTART) { 1280 /* 1281 * The driver ran out of resources, mark the 1282 * driver ``blocked'' for cryptop's and put 1283 * the request back in the queue. It would 1284 * best to put the request back where we got 1285 * it but that's hard so for now we put it 1286 * at the front. This should be ok; putting 1287 * it at the end does not work. 1288 */ 1289 /* XXX validate sid again? */ 1290 crypto_drivers[CRYPTO_SESID2HID(submit->crp_sid)].cc_qblocked = 1; 1291 TAILQ_INSERT_HEAD(&crp_q, submit, crp_next); 1292 cryptostats.cs_blocks++; 1293 } 1294 } 1295 1296 /* As above, but for key ops */ 1297 TAILQ_FOREACH_SAFE(krp, &crp_kq, krp_next, knext) { 1298 cap = crypto_checkdriver(krp->krp_hid); 1299 if (cap == NULL || cap->cc_kprocess == NULL) { 1300 /* Op needs to be migrated, process it. */ 1301 break; 1302 } 1303 if (!cap->cc_kqblocked) 1304 break; 1305 } 1306 if (krp != NULL) { 1307 TAILQ_REMOVE(&crp_kq, krp, krp_next); 1308 mutex_spin_exit(&crypto_q_mtx); 1309 result = crypto_kinvoke(krp, 0); 1310 /* the next iteration will want the mutex. :-/ */ 1311 mutex_spin_enter(&crypto_q_mtx); 1312 if (result == ERESTART) { 1313 /* 1314 * The driver ran out of resources, mark the 1315 * driver ``blocked'' for cryptkop's and put 1316 * the request back in the queue. It would 1317 * best to put the request back where we got 1318 * it but that's hard so for now we put it 1319 * at the front. This should be ok; putting 1320 * it at the end does not work. 1321 */ 1322 /* XXX validate sid again? */ 1323 crypto_drivers[krp->krp_hid].cc_kqblocked = 1; 1324 TAILQ_INSERT_HEAD(&crp_kq, krp, krp_next); 1325 cryptostats.cs_kblocks++; 1326 } 1327 } 1328 } while (submit != NULL || krp != NULL); 1329 mutex_spin_exit(&crypto_q_mtx); 1330 } 1331 1332 /* 1333 * Kernel thread to do callbacks. 1334 */ 1335 static void 1336 cryptoret(void) 1337 { 1338 struct cryptop *crp; 1339 struct cryptkop *krp; 1340 1341 mutex_spin_enter(&crypto_ret_q_mtx); 1342 for (;;) { 1343 crp = TAILQ_FIRST(&crp_ret_q); 1344 if (crp != NULL) { 1345 TAILQ_REMOVE(&crp_ret_q, crp, crp_next); 1346 crp->crp_flags &= ~CRYPTO_F_ONRETQ; 1347 } 1348 krp = TAILQ_FIRST(&crp_ret_kq); 1349 if (krp != NULL) { 1350 TAILQ_REMOVE(&crp_ret_kq, krp, krp_next); 1351 krp->krp_flags &= ~CRYPTO_F_ONRETQ; 1352 } 1353 1354 /* drop before calling any callbacks. */ 1355 if (crp == NULL && krp == NULL) { 1356 1357 /* Check for the exit condition. */ 1358 if (crypto_exit_flag != 0) { 1359 1360 /* Time to die. */ 1361 crypto_exit_flag = 0; 1362 cv_broadcast(&cryptoret_cv); 1363 mutex_spin_exit(&crypto_ret_q_mtx); 1364 kthread_exit(0); 1365 } 1366 1367 cryptostats.cs_rets++; 1368 cv_wait(&cryptoret_cv, &crypto_ret_q_mtx); 1369 continue; 1370 } 1371 1372 mutex_spin_exit(&crypto_ret_q_mtx); 1373 1374 if (crp != NULL) { 1375 #ifdef CRYPTO_TIMING 1376 if (crypto_timing) { 1377 /* 1378 * NB: We must copy the timestamp before 1379 * doing the callback as the cryptop is 1380 * likely to be reclaimed. 1381 */ 1382 struct timespec t = crp->crp_tstamp; 1383 crypto_tstat(&cryptostats.cs_cb, &t); 1384 crp->crp_callback(crp); 1385 crypto_tstat(&cryptostats.cs_finis, &t); 1386 } else 1387 #endif 1388 { 1389 crp->crp_callback(crp); 1390 } 1391 } 1392 if (krp != NULL) 1393 krp->krp_callback(krp); 1394 1395 mutex_spin_enter(&crypto_ret_q_mtx); 1396 } 1397 } 1398 1399 /* NetBSD module interface */ 1400 1401 MODULE(MODULE_CLASS_MISC, opencrypto, NULL); 1402 1403 static int 1404 opencrypto_modcmd(modcmd_t cmd, void *opaque) 1405 { 1406 int error = 0; 1407 1408 switch (cmd) { 1409 case MODULE_CMD_INIT: 1410 #ifdef _MODULE 1411 error = crypto_init(); 1412 #endif 1413 break; 1414 case MODULE_CMD_FINI: 1415 #ifdef _MODULE 1416 error = crypto_destroy(true); 1417 #endif 1418 break; 1419 default: 1420 error = ENOTTY; 1421 } 1422 return error; 1423 } 1424
Indexes created Sun Oct 19 16:10:00 GMT 2025