Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Feb 2018 23:56:33 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r329887 - stable/11/sys/opencrypto
Message-ID:  <201802232356.w1NNuXEL055927@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jhb
Date: Fri Feb 23 23:56:33 2018
New Revision: 329887
URL: https://svnweb.freebsd.org/changeset/base/329887

Log:
  MFC 327803: Flesh out static dtrace probes for /dev/crypto ioctl errors.
  
  In particular, no probes were present for AEAD requests, but also for
  some other error cases in other ioctl requests.
  
  Sponsored by:	Chelsio Communications

Modified:
  stable/11/sys/opencrypto/cryptodev.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/11/sys/opencrypto/cryptodev.c	Fri Feb 23 23:27:53 2018	(r329886)
+++ stable/11/sys/opencrypto/cryptodev.c	Fri Feb 23 23:56:33 2018	(r329887)
@@ -443,6 +443,7 @@ cryptof_ioctl(
 
 		default:
 			CRYPTDEB("invalid cipher");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
 
@@ -490,6 +491,7 @@ cryptof_ioctl(
 			break;
 		default:
 			CRYPTDEB("invalid mac");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}
 
@@ -503,6 +505,8 @@ cryptof_ioctl(
 			    sop->keylen < txform->minkey) {
 				CRYPTDEB("invalid cipher parameters");
 				error = EINVAL;
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 
@@ -511,6 +515,8 @@ cryptof_ioctl(
 			if ((error = copyin(sop->key, crie.cri_key,
 			    crie.cri_klen / 8))) {
 				CRYPTDEB("invalid key");
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 			if (thash)
@@ -523,6 +529,8 @@ cryptof_ioctl(
 			if (sop->mackeylen != thash->keysize) {
 				CRYPTDEB("invalid mac key length");
 				error = EINVAL;
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 
@@ -532,6 +540,8 @@ cryptof_ioctl(
 				if ((error = copyin(sop->mackey, cria.cri_key,
 				    cria.cri_klen / 8))) {
 					CRYPTDEB("invalid mac key");
+					SDT_PROBE1(opencrypto, dev, ioctl,
+					    error, __LINE__);
 					goto bail;
 				}
 			}
@@ -547,6 +557,8 @@ cryptof_ioctl(
 			error = checkforsoftware(&crid);
 			if (error) {
 				CRYPTDEB("checkforsoftware");
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 		} else
@@ -554,6 +566,7 @@ cryptof_ioctl(
 		error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
 		if (error) {
 			CRYPTDEB("crypto_newsession");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
 		}
 
@@ -564,6 +577,7 @@ cryptof_ioctl(
 		if (cse == NULL) {
 			crypto_freesession(sid);
 			error = EINVAL;
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			CRYPTDEB("csecreate");
 			goto bail;
 		}
@@ -596,8 +610,10 @@ bail:
 	case CIOCFSESSION:
 		ses = *(u_int32_t *)data;
 		cse = csefind(fcr, ses);
-		if (cse == NULL)
+		if (cse == NULL) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
+		}
 		csedelete(fcr, cse);
 		error = csefree(cse);
 		break;
@@ -627,8 +643,10 @@ bail:
 	case CIOCKEY32:
 	case CIOCKEY232:
 #endif
-		if (!crypto_userasymcrypto)
+		if (!crypto_userasymcrypto) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EPERM);		/* XXX compat? */
+		}
 #ifdef COMPAT_FREEBSD32
 		if (cmd == CIOCKEY32 || cmd == CIOCKEY232) {
 			kop = &kopc;
@@ -662,8 +680,12 @@ bail:
 			 * fallback to doing them in software.
 			 */
 			*(int *)data = 0;
-		} else
+		} else {
 			error = crypto_getfeat((int *)data);
+			if (error)
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
+		}
 		break;
 	case CIOCFINDDEV:
 		error = cryptodev_find((struct crypt_find_op *)data);
@@ -671,12 +693,15 @@ bail:
 	case CIOCCRYPTAEAD:
 		caead = (struct crypt_aead *)data;
 		cse = csefind(fcr, caead->ses);
-		if (cse == NULL)
+		if (cse == NULL) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
+		}
 		error = cryptodev_aead(cse, caead, active_cred, td);
 		break;
 	default:
 		error = EINVAL;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		break;
 	}
 	return (error);
@@ -887,12 +912,16 @@ cryptodev_aead(
 	struct cryptodesc *crde = NULL, *crda = NULL;
 	int error;
 
-	if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4)
+	if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (E2BIG);
+	}
 
 	if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL ||
-	    (caead->len % cse->txform->blocksize) != 0)
+	    (caead->len % cse->txform->blocksize) != 0) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
+	}
 
 	uio = &cse->uio;
 	uio->uio_iov = &cse->iovec;
@@ -910,6 +939,7 @@ cryptodev_aead(
 	crp = crypto_getreq(2);
 	if (crp == NULL) {
 		error = ENOMEM;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}
 
@@ -917,12 +947,16 @@ cryptodev_aead(
 	crde = crda->crd_next;
 
 	if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
-	    caead->aadlen)))
+	    caead->aadlen))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 
 	if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base +
-	    caead->aadlen, caead->len)))
+	    caead->aadlen, caead->len))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 
 	crda->crd_skip = 0;
 	crda->crd_len = caead->aadlen;
@@ -955,11 +989,14 @@ cryptodev_aead(
 	if (caead->iv) {
 		if (caead->ivlen > sizeof cse->tmp_iv) {
 			error = EINVAL;
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
 		}
 
-		if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen)))
+		if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
+		}
 		bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen);
 		crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
 	} else {
@@ -969,8 +1006,10 @@ cryptodev_aead(
 	}
 
 	if ((error = copyin(caead->tag, (caddr_t)cse->uio.uio_iov[0].iov_base +
-	    caead->len + caead->aadlen, cse->thash->hashsize)))
+	    caead->len + caead->aadlen, cse->thash->hashsize))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 again:
 	/*
 	 * Let the dispatch run unlocked, then, interlock against the
@@ -985,8 +1024,10 @@ again:
 		error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
 	mtx_unlock(&cse->lock);
 
-	if (error != 0)
+	if (error != 0) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 
 	if (crp->crp_etype == EAGAIN) {
 		crp->crp_etype = 0;
@@ -996,22 +1037,28 @@ again:
 
 	if (crp->crp_etype != 0) {
 		error = crp->crp_etype;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}
 
 	if (cse->error) {
 		error = cse->error;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}
 
 	if (caead->dst && (error = copyout(
 	    (caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst,
-	    caead->len)))
+	    caead->len))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 
 	if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base +
-	    caead->aadlen + caead->len, caead->tag, cse->thash->hashsize)))
+	    caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 
 bail:
 	crypto_freereq(crp);
@@ -1050,6 +1097,7 @@ cryptodev_key(struct crypt_kop *kop)
 	int in, out, size, i;
 
 	if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EFBIG);
 	}
 
@@ -1059,30 +1107,38 @@ cryptodev_key(struct crypt_kop *kop)
 	case CRK_MOD_EXP:
 		if (in == 3 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_MOD_EXP_CRT:
 		if (in == 6 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DSA_SIGN:
 		if (in == 5 && out == 2)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DSA_VERIFY:
 		if (in == 7 && out == 0)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DH_COMPUTE_KEY:
 		if (in == 3 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	default:
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	}
 
 	krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
-	if (!krp)
+	if (!krp) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (ENOMEM);
+	}
 	krp->krp_op = kop->crk_op;
 	krp->krp_status = kop->crk_status;
 	krp->krp_iparams = kop->crk_iparams;
@@ -1092,9 +1148,11 @@ cryptodev_key(struct crypt_kop *kop)
 	krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
 
 	for (i = 0; i < CRK_MAXPARAM; i++) {
-		if (kop->crk_param[i].crp_nbits > 65536)
+		if (kop->crk_param[i].crp_nbits > 65536) {
 			/* Limit is the same as in OpenBSD */
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 		krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
 	}
 	for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
@@ -1105,22 +1163,28 @@ cryptodev_key(struct crypt_kop *kop)
 		if (i >= krp->krp_iparams)
 			continue;
 		error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
-		if (error)
+		if (error) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 	}
 
 	error = crypto_kdispatch(krp);
-	if (error)
+	if (error) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
+	}
 	error = tsleep(krp, PSOCK, "crydev", 0);
 	if (error) {
 		/* XXX can this happen?  if so, how do we recover? */
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
 	}
 	
 	kop->crk_crid = krp->krp_crid;		/* device that did the work */
 	if (krp->krp_status != 0) {
 		error = krp->krp_status;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
 	}
 
@@ -1129,8 +1193,10 @@ cryptodev_key(struct crypt_kop *kop)
 		if (size == 0)
 			continue;
 		error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
-		if (error)
+		if (error) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 	}
 
 fail:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802232356.w1NNuXEL055927>