module: icp: guarantee the ops vector is persistent

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901
This commit is contained in:
наб 2021-12-23 18:27:44 +01:00 committed by Brian Behlendorf
parent d59a7fae40
commit b0502ab097
2 changed files with 4 additions and 80 deletions

View File

@ -193,26 +193,6 @@ kcf_prov_tab_lookup(crypto_provider_id_t prov_id)
return (prov_desc); return (prov_desc);
} }
static void
allocate_ops(const crypto_ops_t *src, crypto_ops_t *dst)
{
if (src->co_digest_ops != NULL)
dst->co_digest_ops = kmem_alloc(sizeof (crypto_digest_ops_t),
KM_SLEEP);
if (src->co_cipher_ops != NULL)
dst->co_cipher_ops = kmem_alloc(sizeof (crypto_cipher_ops_t),
KM_SLEEP);
if (src->co_mac_ops != NULL)
dst->co_mac_ops = kmem_alloc(sizeof (crypto_mac_ops_t),
KM_SLEEP);
if (src->co_ctx_ops != NULL)
dst->co_ctx_ops = kmem_alloc(sizeof (crypto_ctx_ops_t),
KM_SLEEP);
}
/* /*
* Allocate a provider descriptor. mech_list_count specifies the * Allocate a provider descriptor. mech_list_count specifies the
* number of mechanisms supported by the providers, and is used * number of mechanisms supported by the providers, and is used
@ -223,10 +203,8 @@ allocate_ops(const crypto_ops_t *src, crypto_ops_t *dst)
kcf_provider_desc_t * kcf_provider_desc_t *
kcf_alloc_provider_desc(const crypto_provider_info_t *info) kcf_alloc_provider_desc(const crypto_provider_info_t *info)
{ {
kcf_provider_desc_t *desc; kcf_provider_desc_t *desc =
const crypto_ops_t *src_ops = info->pi_ops_vector; kmem_zalloc(sizeof (kcf_provider_desc_t), KM_SLEEP);
desc = kmem_zalloc(sizeof (kcf_provider_desc_t), KM_SLEEP);
/* /*
* pd_description serves two purposes * pd_description serves two purposes
@ -246,17 +224,6 @@ kcf_alloc_provider_desc(const crypto_provider_info_t *info)
CRYPTO_PROVIDER_DESCR_MAX_LEN); CRYPTO_PROVIDER_DESCR_MAX_LEN);
desc->pd_description[CRYPTO_PROVIDER_DESCR_MAX_LEN] = '\0'; desc->pd_description[CRYPTO_PROVIDER_DESCR_MAX_LEN] = '\0';
/*
* Since the framework does not require the ops vector specified
* by the providers during registration to be persistent,
* KCF needs to allocate storage where copies of the ops
* vectors are copied.
*/
crypto_ops_t *opvec = kmem_zalloc(sizeof (crypto_ops_t), KM_SLEEP);
if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER)
allocate_ops(src_ops, opvec);
desc->pd_ops_vector = opvec;
desc->pd_mech_list_count = info->pi_mech_list_count; desc->pd_mech_list_count = info->pi_mech_list_count;
desc->pd_mechanisms = kmem_zalloc(sizeof (crypto_mech_info_t) * desc->pd_mechanisms = kmem_zalloc(sizeof (crypto_mech_info_t) *
info->pi_mech_list_count, KM_SLEEP); info->pi_mech_list_count, KM_SLEEP);
@ -327,26 +294,6 @@ kcf_free_provider_desc(kcf_provider_desc_t *desc)
kmem_free(desc->pd_description, kmem_free(desc->pd_description,
CRYPTO_PROVIDER_DESCR_MAX_LEN + 1); CRYPTO_PROVIDER_DESCR_MAX_LEN + 1);
if (desc->pd_ops_vector != NULL) {
if (desc->pd_ops_vector->co_digest_ops != NULL)
kmem_free(desc->pd_ops_vector->co_digest_ops,
sizeof (crypto_digest_ops_t));
if (desc->pd_ops_vector->co_cipher_ops != NULL)
kmem_free(desc->pd_ops_vector->co_cipher_ops,
sizeof (crypto_cipher_ops_t));
if (desc->pd_ops_vector->co_mac_ops != NULL)
kmem_free(desc->pd_ops_vector->co_mac_ops,
sizeof (crypto_mac_ops_t));
if (desc->pd_ops_vector->co_ctx_ops != NULL)
kmem_free(desc->pd_ops_vector->co_ctx_ops,
sizeof (crypto_ctx_ops_t));
kmem_free(desc->pd_ops_vector, sizeof (crypto_ops_t));
}
if (desc->pd_mechanisms != NULL) if (desc->pd_mechanisms != NULL)
/* free the memory associated with the mechanism info's */ /* free the memory associated with the mechanism info's */
kmem_free(desc->pd_mechanisms, sizeof (crypto_mech_info_t) * kmem_free(desc->pd_mechanisms, sizeof (crypto_mech_info_t) *

View File

@ -58,26 +58,6 @@ static const kcf_prov_stats_t kcf_stats_ks_data_template = {
{ "kcf_ops_returned_busy", KSTAT_DATA_UINT64 } { "kcf_ops_returned_busy", KSTAT_DATA_UINT64 }
}; };
#define KCF_SPI_COPY_OPS(src, dst, ops) if ((src)->ops != NULL) \
memcpy((void *) (dst)->ops, (src)->ops, sizeof (*(src)->ops));
/*
* Copy an ops vector from src to dst. Used during provider registration
* to copy the ops vector from the provider info structure to the
* provider descriptor maintained by KCF.
* Copying the ops vector specified by the provider is needed since the
* framework does not require the provider info structure to be
* persistent.
*/
static void
copy_ops_vector(const crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
{
KCF_SPI_COPY_OPS(src_ops, dst_ops, co_digest_ops);
KCF_SPI_COPY_OPS(src_ops, dst_ops, co_cipher_ops);
KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mac_ops);
KCF_SPI_COPY_OPS(src_ops, dst_ops, co_ctx_ops);
}
/* /*
* This routine is used to add cryptographic providers to the KEF framework. * This routine is used to add cryptographic providers to the KEF framework.
* Providers pass a crypto_provider_info structure to crypto_register_provider() * Providers pass a crypto_provider_info structure to crypto_register_provider()
@ -130,12 +110,9 @@ crypto_register_provider(const crypto_provider_info_t *info,
(size_t)CRYPTO_PROVIDER_DESCR_MAX_LEN)); (size_t)CRYPTO_PROVIDER_DESCR_MAX_LEN));
} }
/* Change from Illumos: the ops vector is persistent. */
if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) { if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {
if (info->pi_ops_vector == NULL) { prov_desc->pd_ops_vector = info->pi_ops_vector;
goto bail;
}
crypto_ops_t *pvec = (crypto_ops_t *)prov_desc->pd_ops_vector;
copy_ops_vector(info->pi_ops_vector, pvec);
prov_desc->pd_flags = info->pi_flags; prov_desc->pd_flags = info->pi_flags;
} }