As a first step towards more fine-grained locking, don't require
crypto_{new.free}session() to be called with the "crypto_mtx"
spinlock held.
This doesn't change much for now because these functions acquire
the said mutex first on entry now, but at least it keeps the nasty
locks local to the opencrypto core.
This commit is contained in:
drochner
parent
08517f99c8
commit
d26dda3d0d
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ah.c,v 1.31 2011/02/18 20:40:58 drochner Exp $ */
|
||||
/* $NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
|
||||
/*
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.31 2011/02/18 20:40:58 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.32 2011/05/06 21:48:46 drochner Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#ifdef __FreeBSD__
|
||||
@ -234,12 +234,9 @@ ah_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
int error;
|
||||
|
||||
error = ah_init0(sav, xsp, &cria);
|
||||
if (!error) {
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
if (!error)
|
||||
error = crypto_newsession(&sav->tdb_cryptoid,
|
||||
&cria, crypto_support);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
@ -256,9 +253,7 @@ ah_zeroize(struct secasvar *sav)
|
||||
if (sav->key_auth)
|
||||
memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth));
|
||||
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
err = crypto_freesession(sav->tdb_cryptoid);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
sav->tdb_cryptoid = 0;
|
||||
sav->tdb_authalgxform = NULL;
|
||||
sav->tdb_xform = NULL;
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_esp.c,v 1.33 2011/05/05 20:15:14 drochner Exp $ */
|
||||
/* $NetBSD: xform_esp.c,v 1.34 2011/05/06 21:48:46 drochner Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.33 2011/05/05 20:15:14 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.34 2011/05/06 21:48:46 drochner Exp $");
|
||||
|
||||
#include "opt_inet.h"
|
||||
#ifdef __FreeBSD__
|
||||
@ -236,7 +236,6 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
crie.cri_key = _KEYBUF(sav->key_enc);
|
||||
/* XXX Rounds ? */
|
||||
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
if (sav->tdb_authalgxform && sav->tdb_encalgxform) {
|
||||
/* init both auth & enc */
|
||||
crie.cri_next = &cria;
|
||||
@ -253,7 +252,6 @@ esp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
DPRINTF(("esp_init: no encoding OR authentication xform!\n"));
|
||||
error = EINVAL;
|
||||
}
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return error;
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.27 2011/05/05 20:15:15 drochner Exp $ */
|
||||
/* $NetBSD: xform_ipcomp.c,v 1.28 2011/05/06 21:48:46 drochner Exp $ */
|
||||
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
|
||||
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.27 2011/05/05 20:15:15 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.28 2011/05/06 21:48:46 drochner Exp $");
|
||||
|
||||
/* IP payload compression protocol (IPComp), see RFC 2393 */
|
||||
#include "opt_inet.h"
|
||||
@ -126,9 +126,7 @@ ipcomp_init(struct secasvar *sav, const struct xformsw *xsp)
|
||||
memset(&cric, 0, sizeof (cric));
|
||||
cric.cri_alg = sav->tdb_compalgxform->type;
|
||||
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
ses = crypto_newsession(&sav->tdb_cryptoid, &cric, crypto_support);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return ses;
|
||||
}
|
||||
|
||||
@ -140,9 +138,7 @@ ipcomp_zeroize(struct secasvar *sav)
|
||||
{
|
||||
int err;
|
||||
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
err = crypto_freesession(sav->tdb_cryptoid);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
sav->tdb_cryptoid = 0;
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: crypto.c,v 1.38 2011/02/24 19:35:46 drochner Exp $ */
|
||||
/* $NetBSD: crypto.c,v 1.39 2011/05/06 21:48:46 drochner Exp $ */
|
||||
/* $FreeBSD: src/sys/opencrypto/crypto.c,v 1.4.2.5 2003/02/26 00:14:05 sam Exp $ */
|
||||
/* $OpenBSD: crypto.c,v 1.41 2002/07/17 23:52:38 art Exp $ */
|
||||
|
||||
@ -53,7 +53,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: crypto.c,v 1.38 2011/02/24 19:35:46 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: crypto.c,v 1.39 2011/05/06 21:48:46 drochner Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/reboot.h>
|
||||
@ -303,7 +303,7 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
|
||||
u_int32_t hid, lid;
|
||||
int err = EINVAL;
|
||||
|
||||
KASSERT(mutex_owned(&crypto_mtx));
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
|
||||
if (crypto_drivers == NULL)
|
||||
goto done;
|
||||
@ -366,6 +366,7 @@ crypto_newsession(u_int64_t *sid, struct cryptoini *cri, int hard)
|
||||
}
|
||||
}
|
||||
done:
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -379,7 +380,7 @@ crypto_freesession(u_int64_t sid)
|
||||
u_int32_t hid;
|
||||
int err = 0;
|
||||
|
||||
KASSERT(mutex_owned(&crypto_mtx));
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
|
||||
if (crypto_drivers == NULL) {
|
||||
err = EINVAL;
|
||||
@ -414,6 +415,7 @@ crypto_freesession(u_int64_t sid)
|
||||
memset(&crypto_drivers[hid], 0, sizeof(struct cryptocap));
|
||||
|
||||
done:
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: cryptodev.c,v 1.55 2011/02/19 16:26:34 drochner Exp $ */
|
||||
/* $NetBSD: cryptodev.c,v 1.56 2011/05/06 21:48:46 drochner Exp $ */
|
||||
/* $FreeBSD: src/sys/opencrypto/cryptodev.c,v 1.4.2.4 2003/06/03 00:09:02 sam Exp $ */
|
||||
/* $OpenBSD: cryptodev.c,v 1.53 2002/07/10 22:21:30 mickey Exp $ */
|
||||
|
||||
@ -64,7 +64,7 @@
|
||||
*/
|
||||
|
||||
#include <sys/cdefs.h>
|
||||
__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.55 2011/02/19 16:26:34 drochner Exp $");
|
||||
__KERNEL_RCSID(0, "$NetBSD: cryptodev.c,v 1.56 2011/05/06 21:48:46 drochner Exp $");
|
||||
|
||||
#include <sys/param.h>
|
||||
#include <sys/systm.h>
|
||||
@ -296,11 +296,13 @@ mbail:
|
||||
fcr->mtime = fcr->atime;
|
||||
ses = *(u_int32_t *)data;
|
||||
cse = csefind(fcr, ses);
|
||||
if (cse == NULL)
|
||||
if (cse == NULL) {
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return EINVAL;
|
||||
}
|
||||
csedelete(fcr, cse);
|
||||
error = csefree(cse);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
error = csefree(cse);
|
||||
break;
|
||||
case CIOCNFSESSION:
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
@ -922,7 +924,9 @@ cryptof_close(struct file *fp)
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
while ((cse = TAILQ_FIRST(&fcr->csessions))) {
|
||||
TAILQ_REMOVE(&fcr->csessions, cse, next);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
(void)csefree(cse);
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
}
|
||||
seldestroy(&fcr->sinfo);
|
||||
fp->f_data = NULL;
|
||||
@ -969,19 +973,18 @@ csedelete(struct fcrypt *fcr, struct csession *cse_del)
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* cseadd: call with crypto_mtx held. */
|
||||
static struct csession *
|
||||
cseadd(struct fcrypt *fcr, struct csession *cse)
|
||||
{
|
||||
KASSERT(mutex_owned(&crypto_mtx));
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
/* don't let session ID wrap! */
|
||||
if (fcr->sesn + 1 == 0) return NULL;
|
||||
TAILQ_INSERT_TAIL(&fcr->csessions, cse, next);
|
||||
cse->ses = fcr->sesn++;
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return cse;
|
||||
}
|
||||
|
||||
/* csecreate: call with crypto_mtx held. */
|
||||
static struct csession *
|
||||
csecreate(struct fcrypt *fcr, u_int64_t sid, void *key, u_int64_t keylen,
|
||||
void *mackey, u_int64_t mackeylen, u_int32_t cipher, u_int32_t mac,
|
||||
@ -990,7 +993,6 @@ csecreate(struct fcrypt *fcr, u_int64_t sid, void *key, u_int64_t keylen,
|
||||
{
|
||||
struct csession *cse;
|
||||
|
||||
KASSERT(mutex_owned(&crypto_mtx));
|
||||
cse = pool_get(&csepl, PR_NOWAIT);
|
||||
if (cse == NULL)
|
||||
return NULL;
|
||||
@ -1020,7 +1022,6 @@ csefree(struct csession *cse)
|
||||
{
|
||||
int error;
|
||||
|
||||
KASSERT(mutex_owned(&crypto_mtx));
|
||||
error = crypto_freesession(cse->sid);
|
||||
if (cse->key)
|
||||
free(cse->key, M_XDATA);
|
||||
@ -1648,8 +1649,6 @@ cryptodev_session(struct fcrypt *fcr, struct session_op *sop)
|
||||
}
|
||||
}
|
||||
|
||||
/* crypto_newsession requires that we hold the mutex. */
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
error = crypto_newsession(&sid, crihead, crypto_devallowsoft);
|
||||
if (!error) {
|
||||
DPRINTF(("cyrptodev_session: got session %d\n", (uint32_t)sid));
|
||||
@ -1667,7 +1666,6 @@ cryptodev_session(struct fcrypt *fcr, struct session_op *sop)
|
||||
DPRINTF(("SIOCSESSION violates kernel parameters %d\n",
|
||||
error));
|
||||
}
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
bail:
|
||||
if (error) {
|
||||
if (crie.cri_key) {
|
||||
@ -1716,7 +1714,9 @@ cryptodev_msessionfin(struct fcrypt *fcr, int count, u_int32_t *sesid)
|
||||
if (cse == NULL)
|
||||
continue;
|
||||
csedelete(fcr, cse);
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
error = csefree(cse);
|
||||
mutex_spin_enter(&crypto_mtx);
|
||||
}
|
||||
mutex_spin_exit(&crypto_mtx);
|
||||
return 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user