Author: jhb
Date: Fri Feb 23 23:56:33 2018
New Revision: 329887
URL: https://svnweb.freebsd.org/changeset/base/329887
Log:
MFC 327803: Flesh out static dtrace probes for /dev/crypto ioctl errors.
In particular, no probes were present for AEAD requests, but also for
some other error cases in other ioctl requests.
Sponsored by: Chelsio Communications
Modified:
stable/11/sys/opencrypto/cryptodev.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/sys/opencrypto/cryptodev.c
==============================================================================
--- stable/11/sys/opencrypto/cryptodev.c Fri Feb 23 23:27:53 2018
(r329886)
+++ stable/11/sys/opencrypto/cryptodev.c Fri Feb 23 23:56:33 2018
(r329887)
@@ -443,6 +443,7 @@ cryptof_ioctl(
default:
CRYPTDEB("invalid cipher");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
@@ -490,6 +491,7 @@ cryptof_ioctl(
break;
default:
CRYPTDEB("invalid mac");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
@@ -503,6 +505,8 @@ cryptof_ioctl(
sop->keylen < txform->minkey) {
CRYPTDEB("invalid cipher parameters");
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
@@ -511,6 +515,8 @@ cryptof_ioctl(
if ((error = copyin(sop->key, crie.cri_key,
crie.cri_klen / 8))) {
CRYPTDEB("invalid key");
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
if (thash)
@@ -523,6 +529,8 @@ cryptof_ioctl(
if (sop->mackeylen != thash->keysize) {
CRYPTDEB("invalid mac key length");
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
@@ -532,6 +540,8 @@ cryptof_ioctl(
if ((error = copyin(sop->mackey, cria.cri_key,
cria.cri_klen / 8))) {
CRYPTDEB("invalid mac key");
+ SDT_PROBE1(opencrypto, dev, ioctl,
+ error, __LINE__);
goto bail;
}
}
@@ -547,6 +557,8 @@ cryptof_ioctl(
error = checkforsoftware(&crid);
if (error) {
CRYPTDEB("checkforsoftware");
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
goto bail;
}
} else
@@ -554,6 +566,7 @@ cryptof_ioctl(
error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
if (error) {
CRYPTDEB("crypto_newsession");
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
@@ -564,6 +577,7 @@ cryptof_ioctl(
if (cse == NULL) {
crypto_freesession(sid);
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
CRYPTDEB("csecreate");
goto bail;
}
@@ -596,8 +610,10 @@ bail:
case CIOCFSESSION:
ses = *(u_int32_t *)data;
cse = csefind(fcr, ses);
- if (cse == NULL)
+ if (cse == NULL) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
csedelete(fcr, cse);
error = csefree(cse);
break;
@@ -627,8 +643,10 @@ bail:
case CIOCKEY32:
case CIOCKEY232:
#endif
- if (!crypto_userasymcrypto)
+ if (!crypto_userasymcrypto) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EPERM); /* XXX compat? */
+ }
#ifdef COMPAT_FREEBSD32
if (cmd == CIOCKEY32 || cmd == CIOCKEY232) {
kop = &kopc;
@@ -662,8 +680,12 @@ bail:
* fallback to doing them in software.
*/
*(int *)data = 0;
- } else
+ } else {
error = crypto_getfeat((int *)data);
+ if (error)
+ SDT_PROBE1(opencrypto, dev, ioctl, error,
+ __LINE__);
+ }
break;
case CIOCFINDDEV:
error = cryptodev_find((struct crypt_find_op *)data);
@@ -671,12 +693,15 @@ bail:
case CIOCCRYPTAEAD:
caead = (struct crypt_aead *)data;
cse = csefind(fcr, caead->ses);
- if (cse == NULL)
+ if (cse == NULL) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
error = cryptodev_aead(cse, caead, active_cred, td);
break;
default:
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
break;
}
return (error);
@@ -887,12 +912,16 @@ cryptodev_aead(
struct cryptodesc *crde = NULL, *crda = NULL;
int error;
- if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4)
+ if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (E2BIG);
+ }
if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL ||
- (caead->len % cse->txform->blocksize) != 0)
+ (caead->len % cse->txform->blocksize) != 0) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
+ }
uio = &cse->uio;
uio->uio_iov = &cse->iovec;
@@ -910,6 +939,7 @@ cryptodev_aead(
crp = crypto_getreq(2);
if (crp == NULL) {
error = ENOMEM;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
@@ -917,12 +947,16 @@ cryptodev_aead(
crde = crda->crd_next;
if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
- caead->aadlen)))
+ caead->aadlen))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base +
- caead->aadlen, caead->len)))
+ caead->aadlen, caead->len))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
crda->crd_skip = 0;
crda->crd_len = caead->aadlen;
@@ -955,11 +989,14 @@ cryptodev_aead(
if (caead->iv) {
if (caead->ivlen > sizeof cse->tmp_iv) {
error = EINVAL;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
- if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen)))
+ if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen);
crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
} else {
@@ -969,8 +1006,10 @@ cryptodev_aead(
}
if ((error = copyin(caead->tag, (caddr_t)cse->uio.uio_iov[0].iov_base +
- caead->len + caead->aadlen, cse->thash->hashsize)))
+ caead->len + caead->aadlen, cse->thash->hashsize))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
again:
/*
* Let the dispatch run unlocked, then, interlock against the
@@ -985,8 +1024,10 @@ again:
error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
mtx_unlock(&cse->lock);
- if (error != 0)
+ if (error != 0) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if (crp->crp_etype == EAGAIN) {
crp->crp_etype = 0;
@@ -996,22 +1037,28 @@ again:
if (crp->crp_etype != 0) {
error = crp->crp_etype;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
if (cse->error) {
error = cse->error;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
}
if (caead->dst && (error = copyout(
(caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst,
- caead->len)))
+ caead->len))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base +
- caead->aadlen + caead->len, caead->tag, cse->thash->hashsize)))
+ caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto bail;
+ }
bail:
crypto_freereq(crp);
@@ -1050,6 +1097,7 @@ cryptodev_key(struct crypt_kop *kop)
int in, out, size, i;
if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EFBIG);
}
@@ -1059,30 +1107,38 @@ cryptodev_key(struct crypt_kop *kop)
case CRK_MOD_EXP:
if (in == 3 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_MOD_EXP_CRT:
if (in == 6 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DSA_SIGN:
if (in == 5 && out == 2)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DSA_VERIFY:
if (in == 7 && out == 0)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
case CRK_DH_COMPUTE_KEY:
if (in == 3 && out == 1)
break;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
default:
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (EINVAL);
}
krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
- if (!krp)
+ if (!krp) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
return (ENOMEM);
+ }
krp->krp_op = kop->crk_op;
krp->krp_status = kop->crk_status;
krp->krp_iparams = kop->crk_iparams;
@@ -1092,9 +1148,11 @@ cryptodev_key(struct crypt_kop *kop)
krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;
for (i = 0; i < CRK_MAXPARAM; i++) {
- if (kop->crk_param[i].crp_nbits > 65536)
+ if (kop->crk_param[i].crp_nbits > 65536) {
/* Limit is the same as in OpenBSD */
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
}
for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
@@ -1105,22 +1163,28 @@ cryptodev_key(struct crypt_kop *kop)
if (i >= krp->krp_iparams)
continue;
error = copyin(kop->crk_param[i].crp_p,
krp->krp_param[i].crp_p, size);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
}
error = crypto_kdispatch(krp);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
error = tsleep(krp, PSOCK, "crydev", 0);
if (error) {
/* XXX can this happen? if so, how do we recover? */
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
}
kop->crk_crid = krp->krp_crid; /* device that did the work */
if (krp->krp_status != 0) {
error = krp->krp_status;
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
}
@@ -1129,8 +1193,10 @@ cryptodev_key(struct crypt_kop *kop)
if (size == 0)
continue;
error = copyout(krp->krp_param[i].crp_p,
kop->crk_param[i].crp_p, size);
- if (error)
+ if (error) {
+ SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
goto fail;
+ }
}
fail:
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
