aboutsummaryrefslogtreecommitdiff
path: root/sys/opencrypto/cryptodev.c
diff options
context:
space:
mode:
authorJohn Baldwin <jhb@FreeBSD.org>2018-01-11 00:22:24 +0000
committerJohn Baldwin <jhb@FreeBSD.org>2018-01-11 00:22:24 +0000
commit776a2127efa4cf3e8cf65f98bb6cacaf0623ce8d (patch)
tree9d105e72f7cc7599ce2ea8e9e4422902120e780f /sys/opencrypto/cryptodev.c
parentdc045f499acc3e0d8c8e3b8f31cfc96b5a05c3a9 (diff)
downloadsrc-776a2127efa4cf3e8cf65f98bb6cacaf0623ce8d.tar.gz
src-776a2127efa4cf3e8cf65f98bb6cacaf0623ce8d.zip
Flesh out static dtrace probes for /dev/crypto ioctl errors.
In particular, no probes were present for AEAD requests, but also for some other error cases in other ioctl requests. MFC after: 2 weeks Sponsored by: Chelsio Communications
Notes
Notes: svn path=/head/; revision=327803
Diffstat (limited to 'sys/opencrypto/cryptodev.c')
-rw-r--r--sys/opencrypto/cryptodev.c102
1 files changed, 84 insertions, 18 deletions
diff --git a/sys/opencrypto/cryptodev.c b/sys/opencrypto/cryptodev.c
index d73e09fcb6a5..0fc7ba6efe7a 100644
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@@ -443,6 +443,7 @@ cryptof_ioctl(
default:
CRYPTDEB("invalid cipher");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
@@ -490,6 +491,7 @@ cryptof_ioctl(
break;
default:
CRYPTDEB("invalid mac");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
@@ -503,6 +505,8 @@ cryptof_ioctl(
sop->keylen < txform->minkey) {
CRYPTDEB("invalid cipher parameters");
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
@@ -511,6 +515,8 @@ cryptof_ioctl(
if ((error = copyin(sop->key, crie.cri_key,
crie.cri_klen / 8))) {
CRYPTDEB("invalid key");
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
if (thash)
@@ -524,6 +530,8 @@ cryptof_ioctl(
sop->mackeylen > thash->keysize) {
CRYPTDEB("invalid mac key length");
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
@@ -533,6 +541,8 @@ cryptof_ioctl(
if ((error = copyin(sop->mackey, cria.cri_key,
cria.cri_klen / 8))) {
CRYPTDEB("invalid mac key");
+ SDT_PROBE1(opencrypto, dev, ioctl,
+ error, __LINE__);
goto bail;
}
}
@@ -548,6 +558,8 @@ cryptof_ioctl(
error = checkforsoftware(&crid);
if (error) {
CRYPTDEB("checkforsoftware");
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
} else
@@ -555,6 +567,7 @@ cryptof_ioctl(
error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
if (error) {
CRYPTDEB("crypto_newsession");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
@@ -565,6 +578,7 @@ cryptof_ioctl(
if (cse == NULL) {
crypto_freesession(sid);
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
CRYPTDEB("csecreate");
goto bail;
}
@@ -597,8 +611,10 @@ bail:
case CIOCFSESSION:
ses = *(u_int32_t *)data;
cse = csefind(fcr, ses);
- if (cse == NULL)
+ if (cse == NULL) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
csedelete(fcr, cse);
error = csefree(cse);
break;
@@ -628,8 +644,10 @@ bail:
case CIOCKEY32:
case CIOCKEY232:
#endif
- if (!crypto_userasymcrypto)
+ if (!crypto_userasymcrypto) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EPERM); /* XXX compat? */
+ }
#ifdef COMPAT_FREEBSD32
if (cmd == CIOCKEY32 || cmd == CIOCKEY232) {
kop = &kopc;
@@ -663,8 +681,12 @@ bail:
* fallback to doing them in software.
*/
*(int *)data = 0;
- } else
+ } else {
error = crypto_getfeat((int *)data);
+ if (error)
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
+ }
break;
case CIOCFINDDEV:
error = cryptodev_find((struct crypt_find_op *)data);
@@ -672,12 +694,15 @@ bail:
case CIOCCRYPTAEAD:
caead = (struct crypt_aead *)data;
cse = csefind(fcr, caead->ses);
- if (cse == NULL)
+ if (cse == NULL) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
error = cryptodev_aead(cse, caead, active_cred, td);
break;
default:
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
break;
}
return (error);
@@ -892,12 +917,16 @@ cryptodev_aead(
struct cryptodesc *crde = NULL, *crda = NULL;
int error;
- if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4)
+ if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (E2BIG);
+ }
if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL ||
- (caead->len % cse->txform->blocksize) != 0)
+ (caead->len % cse->txform->blocksize) != 0) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
uio = &cse->uio;
uio->uio_iov = &cse->iovec;
@@ -915,6 +944,7 @@ cryptodev_aead(
crp = crypto_getreq(2);
if (crp == NULL) {
error = ENOMEM;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
@@ -927,12 +957,16 @@ cryptodev_aead(
}
if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
- caead->aadlen)))
+ caead->aadlen))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base +
- caead->aadlen, caead->len)))
+ caead->aadlen, caead->len))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
/*
* For GCM, crd_len covers only the AAD. For other ciphers
@@ -973,11 +1007,14 @@ cryptodev_aead(
if (caead->iv) {
if (caead->ivlen > sizeof cse->tmp_iv) {
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
- if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen)))
+ if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen);
crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
} else {
@@ -987,8 +1024,10 @@ cryptodev_aead(
}
if ((error = copyin(caead->tag, (caddr_t)cse->uio.uio_iov[0].iov_base +
- caead->len + caead->aadlen, cse->thash->hashsize)))
+ caead->len + caead->aadlen, cse->thash->hashsize))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
again:
/*
* Let the dispatch run unlocked, then, interlock against the
@@ -1003,8 +1042,10 @@ again:
error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
mtx_unlock(&cse->lock);
- if (error != 0)
+ if (error != 0) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if (crp->crp_etype == EAGAIN) {
crp->crp_etype = 0;
@@ -1014,22 +1055,28 @@ again:
if (crp->crp_etype != 0) {
error = crp->crp_etype;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
if (cse->error) {
error = cse->error;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
if (caead->dst && (error = copyout(
(caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst,
- caead->len)))
+ caead->len))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base +
- caead->aadlen + caead->len, caead->tag, cse->thash->hashsize)))
+ caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
bail:
crypto_freereq(crp);
@@ -1068,6 +1115,7 @@ cryptodev_key(struct crypt_kop *kop)
int in, out, size, i;
if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EFBIG);
}
@@ -1077,30 +1125,38 @@ cryptodev_key(struct crypt_kop *kop)
case CRK_MOD_EXP:
if (in == 3 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_MOD_EXP_CRT:
if (in == 6 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DSA_SIGN:
if (in == 5 && out == 2)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DSA_VERIFY:
if (in == 7 && out == 0)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DH_COMPUTE_KEY:
if (in == 3 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
default:
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
- if (!krp)
+ if (!krp) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (ENOMEM);
+ }
krp->krp_op = kop->crk_op;
krp->krp_status = kop->crk_status;
krp->krp_iparams = kop->crk_iparams;
@@ -1110,9 +1166,11 @@ cryptodev_key(struct crypt_kop *kop)
krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
for (i = 0; i < CRK_MAXPARAM; i++) {
- if (kop->crk_param[i].crp_nbits > 65536)
+ if (kop->crk_param[i].crp_nbits > 65536) {
/* Limit is the same as in OpenBSD */
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
}
for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
@@ -1123,22 +1181,28 @@ cryptodev_key(struct crypt_kop *kop)
if (i >= krp->krp_iparams)
continue;
error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
}
error = crypto_kdispatch(krp);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
error = tsleep(krp, PSOCK, "crydev", 0);
if (error) {
/* XXX can this happen? if so, how do we recover? */
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
}
kop->crk_crid = krp->krp_crid; /* device that did the work */
if (krp->krp_status != 0) {
error = krp->krp_status;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
}
@@ -1147,8 +1211,10 @@ cryptodev_key(struct crypt_kop *kop)
if (size == 0)
continue;
error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
}
fail:
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-20 12:45:19 +0000