Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

module: icp: remove provider stats 

These were all folded into a single kstat at
  /proc/spl/kstat/kcf/NONAME_provider_stats
with no way to know which one it actually was,
and only the AES and SHA (so not Skein) ones were ever updated

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901
This commit is contained in:
наб 2022-02-02 23:11:34 +01:00 committed by Brian Behlendorf
parent bf86638687
commit 666749806d
4 changed files with 1 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
module/icp/api/kcf_cipher.c
View File

@ -91,7 +91,6 @@ retry:
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech); KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key, error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key,
plaintext, ciphertext, spi_ctx_tmpl); plaintext, ciphertext, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) { if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */ /* Add pd to the linked list of providers tried. */
@ -164,7 +163,6 @@ retry:
error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key, error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key,
ciphertext, plaintext, spi_ctx_tmpl); ciphertext, plaintext, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) { if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */ /* Add pd to the linked list of providers tried. */

7
module/icp/api/kcf_mac.c
View File

@ -107,7 +107,6 @@ retry:
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech); KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data, error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data,
mac, spi_ctx_tmpl); mac, spi_ctx_tmpl);
KCF_PROV_INCRSTATS(pd, error);
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) { if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
/* Add pd to the linked list of providers tried. */ /* Add pd to the linked list of providers tried. */
@ -171,7 +170,6 @@ crypto_mac_init_prov(kcf_provider_desc_t *pd,
crypto_mechanism_t lmech = *mech; crypto_mechanism_t lmech = *mech;
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech); KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech);
rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl); rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl);
KCF_PROV_INCRSTATS(pd, rv);
if (rv == CRYPTO_SUCCESS) if (rv == CRYPTO_SUCCESS)
*ctxp = (crypto_context_t)ctx; *ctxp = (crypto_context_t)ctx;
@ -259,9 +257,7 @@ crypto_mac_update(crypto_context_t context, crypto_data_t *data)
return (CRYPTO_INVALID_CONTEXT); return (CRYPTO_INVALID_CONTEXT);
} }
int rv = KCF_PROV_MAC_UPDATE(pd, ctx, data); return (KCF_PROV_MAC_UPDATE(pd, ctx, data));
KCF_PROV_INCRSTATS(pd, rv);
return (rv);
} }
/* /*
@ -291,7 +287,6 @@ crypto_mac_final(crypto_context_t context, crypto_data_t *mac)
} }
int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac); int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac);
KCF_PROV_INCRSTATS(pd, rv);
/* Release the hold done in kcf_new_ctx() during init step. */ /* Release the hold done in kcf_new_ctx() during init step. */
KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx); KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx);

50
module/icp/include/sys/crypto/impl.h
View File

@ -40,55 +40,11 @@
extern "C" { extern "C" {
#endif #endif
#define KCF_MODULE "kcf"
/* /*
* Prefixes convention: structures internal to the kernel cryptographic * Prefixes convention: structures internal to the kernel cryptographic
* framework start with 'kcf_'. Exposed structure start with 'crypto_'. * framework start with 'kcf_'. Exposed structure start with 'crypto_'.
*/ */
/* Provider stats. Not protected. */
typedef struct kcf_prov_stats {
kstat_named_t ps_ops_total;
kstat_named_t ps_ops_passed;
kstat_named_t ps_ops_failed;
kstat_named_t ps_ops_busy_rval;
} kcf_prov_stats_t;
/*
* Keep all the information needed by the scheduler from
* this provider.
*/
typedef struct kcf_sched_info {
/* The number of operations dispatched. */
uint64_t ks_ndispatches;
/* The number of operations that failed. */
uint64_t ks_nfails;
/* The number of operations that returned CRYPTO_BUSY. */
uint64_t ks_nbusy_rval;
} kcf_sched_info_t;
/*
* pd_irefcnt approximates the number of inflight requests to the
* provider. Though we increment this counter during registration for
* other purposes, that base value is mostly same across all providers.
* So, it is a good measure of the load on a provider when it is not
* in a busy state. Once a provider notifies it is busy, requests
* back up in the taskq. So, we use tq_nalloc in that case which gives
* the number of task entries in the task queue. Note that we do not
* acquire any locks here as it is not critical to get the exact number
* and the lock contention may be too costly for this code path.
*/
#define KCF_PROV_INCRSTATS(pd, error) { \
(pd)->pd_sched_info.ks_ndispatches++; \
if (error == CRYPTO_BUSY) \
(pd)->pd_sched_info.ks_nbusy_rval++; \
else if (error != CRYPTO_SUCCESS) \
(pd)->pd_sched_info.ks_nfails++; \
}
/* /*
* The following two macros should be * The following two macros should be
@ -147,15 +103,12 @@ typedef enum {
* number to an index in pd_mechanisms array * number to an index in pd_mechanisms array
* pd_mechanisms: Array of mechanisms supported by the provider, specified * pd_mechanisms: Array of mechanisms supported by the provider, specified
* by the provider during registration * by the provider during registration
* pd_sched_info: Scheduling information associated with the provider
* pd_mech_list_count: The number of entries in pi_mechanisms, specified * pd_mech_list_count: The number of entries in pi_mechanisms, specified
* by the provider during registration * by the provider during registration
* pd_remove_cv: cv to wait on while the provider queue drains * pd_remove_cv: cv to wait on while the provider queue drains
* pd_description: Provider description string * pd_description: Provider description string
* pd_kcf_prov_handle: KCF-private handle assigned by KCF * pd_kcf_prov_handle: KCF-private handle assigned by KCF
* pd_prov_id: Identification # assigned by KCF to provider * pd_prov_id: Identification # assigned by KCF to provider
* pd_kstat: kstat associated with the provider
* pd_ks_data: kstat data
*/ */
typedef struct kcf_provider_desc { typedef struct kcf_provider_desc {
uint_t pd_refcnt; uint_t pd_refcnt;
@ -166,14 +119,11 @@ typedef struct kcf_provider_desc {
ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\ ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\
[KCF_MAXMECHTAB]; [KCF_MAXMECHTAB];
const crypto_mech_info_t *pd_mechanisms; const crypto_mech_info_t *pd_mechanisms;
kcf_sched_info_t pd_sched_info;
uint_t pd_mech_list_count; uint_t pd_mech_list_count;
kcondvar_t pd_remove_cv; kcondvar_t pd_remove_cv;
const char *pd_description; const char *pd_description;
crypto_kcf_provider_handle_t pd_kcf_prov_handle; crypto_kcf_provider_handle_t pd_kcf_prov_handle;
crypto_provider_id_t pd_prov_id; crypto_provider_id_t pd_prov_id;
kstat_t *pd_kstat;
kcf_prov_stats_t pd_ks_data;
} kcf_provider_desc_t; } kcf_provider_desc_t;
/* atomic operations in linux implicitly form a memory barrier */ /* atomic operations in linux implicitly form a memory barrier */

77
module/icp/spi/kcf_spi.c
View File

@ -38,15 +38,6 @@
static int init_prov_mechs(const crypto_provider_info_t *, static int init_prov_mechs(const crypto_provider_info_t *,
kcf_provider_desc_t *); kcf_provider_desc_t *);
static int kcf_prov_kstat_update(kstat_t *, int);
static void delete_kstat(kcf_provider_desc_t *);
static const kcf_prov_stats_t kcf_stats_ks_data_template = {
{ "kcf_ops_total", KSTAT_DATA_UINT64 },
{ "kcf_ops_passed", KSTAT_DATA_UINT64 },
{ "kcf_ops_failed", KSTAT_DATA_UINT64 },
{ "kcf_ops_returned_busy", KSTAT_DATA_UINT64 }
};
/* /*
* This routine is used to add cryptographic providers to the KEF framework. * This routine is used to add cryptographic providers to the KEF framework.
@ -95,27 +86,6 @@ crypto_register_provider(const crypto_provider_info_t *info,
* to keep some entries cached to improve performance. * to keep some entries cached to improve performance.
*/ */
/*
* Create the kstat for this provider. There is a kstat
* installed for each successfully registered provider.
* This kstat is deleted, when the provider unregisters.
*/
prov_desc->pd_kstat = kstat_create("kcf", 0, "NONAME_provider_stats",
"crypto", KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
if (prov_desc->pd_kstat != NULL) {
bcopy(&kcf_stats_ks_data_template,
&prov_desc->pd_ks_data,
sizeof (kcf_stats_ks_data_template));
prov_desc->pd_kstat->ks_data = &prov_desc->pd_ks_data;
KCF_PROV_REFHOLD(prov_desc);
KCF_PROV_IREFHOLD(prov_desc);
prov_desc->pd_kstat->ks_private = prov_desc;
prov_desc->pd_kstat->ks_update = kcf_prov_kstat_update;
kstat_install(prov_desc->pd_kstat);
}
mutex_enter(&prov_desc->pd_lock); mutex_enter(&prov_desc->pd_lock);
prov_desc->pd_state = KCF_PROV_READY; prov_desc->pd_state = KCF_PROV_READY;
mutex_exit(&prov_desc->pd_lock); mutex_exit(&prov_desc->pd_lock);
@ -192,8 +162,6 @@ crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
return (CRYPTO_UNKNOWN_PROVIDER); return (CRYPTO_UNKNOWN_PROVIDER);
} }
delete_kstat(desc);
/* Release reference held by kcf_prov_tab_lookup(). */ /* Release reference held by kcf_prov_tab_lookup(). */
KCF_PROV_REFRELE(desc); KCF_PROV_REFRELE(desc);
@ -290,35 +258,6 @@ init_prov_mechs(const crypto_provider_info_t *info, kcf_provider_desc_t *desc)
return (CRYPTO_ARGUMENTS_BAD); return (CRYPTO_ARGUMENTS_BAD);
} }
/*
* Update routine for kstat. Only privileged users are allowed to
* access this information, since this information is sensitive.
* There are some cryptographic attacks (e.g. traffic analysis)
* which can use this information.
*/
static int
kcf_prov_kstat_update(kstat_t *ksp, int rw)
{
kcf_prov_stats_t *ks_data;
kcf_provider_desc_t *pd = (kcf_provider_desc_t *)ksp->ks_private;
if (rw == KSTAT_WRITE)
return (EACCES);
ks_data = ksp->ks_data;
ks_data->ps_ops_total.value.ui64 = pd->pd_sched_info.ks_ndispatches;
ks_data->ps_ops_failed.value.ui64 = pd->pd_sched_info.ks_nfails;
ks_data->ps_ops_busy_rval.value.ui64 = pd->pd_sched_info.ks_nbusy_rval;
ks_data->ps_ops_passed.value.ui64 =
pd->pd_sched_info.ks_ndispatches -
pd->pd_sched_info.ks_nfails -
pd->pd_sched_info.ks_nbusy_rval;
return (0);
}
/* /*
* Utility routine called from failure paths in crypto_register_provider() * Utility routine called from failure paths in crypto_register_provider()
* and from crypto_load_soft_disabled(). * and from crypto_load_soft_disabled().
@ -339,19 +278,3 @@ undo_register_provider(kcf_provider_desc_t *desc, boolean_t remove_prov)
if (remove_prov) if (remove_prov)
(void) kcf_prov_tab_rem_provider(desc->pd_prov_id); (void) kcf_prov_tab_rem_provider(desc->pd_prov_id);
} }
static void
delete_kstat(kcf_provider_desc_t *desc)
{
/* destroy the kstat created for this provider */
if (desc->pd_kstat != NULL) {
kcf_provider_desc_t *kspd = desc->pd_kstat->ks_private;
/* release reference held by desc->pd_kstat->ks_private */
ASSERT(desc == kspd);
kstat_delete(kspd->pd_kstat);
desc->pd_kstat = NULL;
KCF_PROV_REFRELE(kspd);
KCF_PROV_IREFRELE(kspd);
}
}