From owner-svn-src-head@freebsd.org Thu Jan 11 00:22:25 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3EDCE9A18D; Thu, 11 Jan 2018 00:22:25 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 657A074983; Thu, 11 Jan 2018 00:22:25 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A6DB95568; Thu, 11 Jan 2018 00:22:24 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w0B0MOlY001244; Thu, 11 Jan 2018 00:22:24 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w0B0MONG001243; Thu, 11 Jan 2018 00:22:24 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201801110022.w0B0MONG001243@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 11 Jan 2018 00:22:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r327803 - head/sys/opencrypto X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/sys/opencrypto X-SVN-Commit-Revision: 327803 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2018 00:22:25 -0000 Author: jhb Date: Thu Jan 11 00:22:24 2018 New Revision: 327803 URL: https://svnweb.freebsd.org/changeset/base/327803 Log: Flesh out static dtrace probes for /dev/crypto ioctl errors. In particular, no probes were present for AEAD requests, but also for some other error cases in other ioctl requests. MFC after: 2 weeks Sponsored by: Chelsio Communications Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Wed Jan 10 23:19:32 2018 (r327802) +++ head/sys/opencrypto/cryptodev.c Thu Jan 11 00:22:24 2018 (r327803) @@ -443,6 +443,7 @@ cryptof_ioctl( default: CRYPTDEB("invalid cipher"); + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); } @@ -490,6 +491,7 @@ cryptof_ioctl( break; default: CRYPTDEB("invalid mac"); + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); } @@ -503,6 +505,8 @@ cryptof_ioctl( sop->keylen < txform->minkey) { CRYPTDEB("invalid cipher parameters"); error = EINVAL; + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); goto bail; } @@ -511,6 +515,8 @@ cryptof_ioctl( if ((error = copyin(sop->key, crie.cri_key, crie.cri_klen / 8))) { CRYPTDEB("invalid key"); + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); goto bail; } if (thash) @@ -524,6 +530,8 @@ cryptof_ioctl( sop->mackeylen > thash->keysize) { CRYPTDEB("invalid mac key length"); error = EINVAL; + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); goto bail; } @@ -533,6 +541,8 @@ cryptof_ioctl( if ((error = copyin(sop->mackey, cria.cri_key, cria.cri_klen / 8))) { CRYPTDEB("invalid mac key"); + SDT_PROBE1(opencrypto, dev, ioctl, + error, __LINE__); goto bail; } } @@ -548,6 +558,8 @@ cryptof_ioctl( error = checkforsoftware(&crid); if (error) { CRYPTDEB("checkforsoftware"); + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); goto bail; } } else @@ -555,6 +567,7 @@ cryptof_ioctl( error = crypto_newsession(&sid, (txform ? &crie : &cria), crid); if (error) { CRYPTDEB("crypto_newsession"); + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } @@ -565,6 +578,7 @@ cryptof_ioctl( if (cse == NULL) { crypto_freesession(sid); error = EINVAL; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); CRYPTDEB("csecreate"); goto bail; } @@ -597,8 +611,10 @@ bail: case CIOCFSESSION: ses = *(u_int32_t *)data; cse = csefind(fcr, ses); - if (cse == NULL) + if (cse == NULL) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); + } csedelete(fcr, cse); error = csefree(cse); break; @@ -628,8 +644,10 @@ bail: case CIOCKEY32: case CIOCKEY232: #endif - if (!crypto_userasymcrypto) + if (!crypto_userasymcrypto) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EPERM); /* XXX compat? */ + } #ifdef COMPAT_FREEBSD32 if (cmd == CIOCKEY32 || cmd == CIOCKEY232) { kop = &kopc; @@ -663,8 +681,12 @@ bail: * fallback to doing them in software. */ *(int *)data = 0; - } else + } else { error = crypto_getfeat((int *)data); + if (error) + SDT_PROBE1(opencrypto, dev, ioctl, error, + __LINE__); + } break; case CIOCFINDDEV: error = cryptodev_find((struct crypt_find_op *)data); @@ -672,12 +694,15 @@ bail: case CIOCCRYPTAEAD: caead = (struct crypt_aead *)data; cse = csefind(fcr, caead->ses); - if (cse == NULL) + if (cse == NULL) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); + } error = cryptodev_aead(cse, caead, active_cred, td); break; default: error = EINVAL; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); break; } return (error); @@ -892,12 +917,16 @@ cryptodev_aead( struct cryptodesc *crde = NULL, *crda = NULL; int error; - if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) + if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (E2BIG); + } if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL || - (caead->len % cse->txform->blocksize) != 0) + (caead->len % cse->txform->blocksize) != 0) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); + } uio = &cse->uio; uio->uio_iov = &cse->iovec; @@ -915,6 +944,7 @@ cryptodev_aead( crp = crypto_getreq(2); if (crp == NULL) { error = ENOMEM; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } @@ -927,12 +957,16 @@ cryptodev_aead( } if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base, - caead->aadlen))) + caead->aadlen))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base + - caead->aadlen, caead->len))) + caead->aadlen, caead->len))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } /* * For GCM, crd_len covers only the AAD. For other ciphers @@ -973,11 +1007,14 @@ cryptodev_aead( if (caead->iv) { if (caead->ivlen > sizeof cse->tmp_iv) { error = EINVAL; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } - if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) + if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen); crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT; } else { @@ -987,8 +1024,10 @@ cryptodev_aead( } if ((error = copyin(caead->tag, (caddr_t)cse->uio.uio_iov[0].iov_base + - caead->len + caead->aadlen, cse->thash->hashsize))) + caead->len + caead->aadlen, cse->thash->hashsize))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } again: /* * Let the dispatch run unlocked, then, interlock against the @@ -1003,8 +1042,10 @@ again: error = msleep(crp, &cse->lock, PWAIT, "crydev", 0); mtx_unlock(&cse->lock); - if (error != 0) + if (error != 0) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } if (crp->crp_etype == EAGAIN) { crp->crp_etype = 0; @@ -1014,22 +1055,28 @@ again: if (crp->crp_etype != 0) { error = crp->crp_etype; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } if (cse->error) { error = cse->error; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; } if (caead->dst && (error = copyout( (caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst, - caead->len))) + caead->len))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base + - caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) + caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto bail; + } bail: crypto_freereq(crp); @@ -1068,6 +1115,7 @@ cryptodev_key(struct crypt_kop *kop) int in, out, size, i; if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EFBIG); } @@ -1077,30 +1125,38 @@ cryptodev_key(struct crypt_kop *kop) case CRK_MOD_EXP: if (in == 3 && out == 1) break; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); case CRK_MOD_EXP_CRT: if (in == 6 && out == 1) break; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); case CRK_DSA_SIGN: if (in == 5 && out == 2) break; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); case CRK_DSA_VERIFY: if (in == 7 && out == 0) break; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); case CRK_DH_COMPUTE_KEY: if (in == 3 && out == 1) break; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); default: + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (EINVAL); } krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO); - if (!krp) + if (!krp) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); return (ENOMEM); + } krp->krp_op = kop->crk_op; krp->krp_status = kop->crk_status; krp->krp_iparams = kop->crk_iparams; @@ -1110,9 +1166,11 @@ cryptodev_key(struct crypt_kop *kop) krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb; for (i = 0; i < CRK_MAXPARAM; i++) { - if (kop->crk_param[i].crp_nbits > 65536) + if (kop->crk_param[i].crp_nbits > 65536) { /* Limit is the same as in OpenBSD */ + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; + } krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits; } for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) { @@ -1123,22 +1181,28 @@ cryptodev_key(struct crypt_kop *kop) if (i >= krp->krp_iparams) continue; error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size); - if (error) + if (error) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; + } } error = crypto_kdispatch(krp); - if (error) + if (error) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; + } error = tsleep(krp, PSOCK, "crydev", 0); if (error) { /* XXX can this happen? if so, how do we recover? */ + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; } kop->crk_crid = krp->krp_crid; /* device that did the work */ if (krp->krp_status != 0) { error = krp->krp_status; + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; } @@ -1147,8 +1211,10 @@ cryptodev_key(struct crypt_kop *kop) if (size == 0) continue; error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size); - if (error) + if (error) { + SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__); goto fail; + } } fail: