ok mvs@
> On 17 Jun 2021, at 01:06, Alexander Bluhm <[email protected]> wrote:
>
> On Wed, Jun 16, 2021 at 11:58:48PM +0300, Vitaliy Makkoveev wrote:
>> crypto_getreq() and crypto_freereq() don???t require kernel lock.
>
> Indeed, new diff.
>
> ok?
>
> bluhm
>
> Index: netinet/ip_ah.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ah.c,v
> retrieving revision 1.146
> diff -u -p -r1.146 ip_ah.c
> --- netinet/ip_ah.c 25 Feb 2021 02:48:21 -0000 1.146
> +++ netinet/ip_ah.c 16 Jun 2021 21:59:38 -0000
> @@ -98,6 +98,7 @@ ah_init(struct tdb *tdbp, struct xformsw
> {
> struct auth_hash *thash = NULL;
> struct cryptoini cria, crin;
> + int error;
>
> /* Authentication operation. */
> switch (ii->ii_authalg) {
> @@ -162,7 +163,10 @@ ah_init(struct tdb *tdbp, struct xformsw
> cria.cri_next = &crin;
> }
>
> - return crypto_newsession(&tdbp->tdb_cryptoid, &cria, 0);
> + KERNEL_LOCK();
> + error = crypto_newsession(&tdbp->tdb_cryptoid, &cria, 0);
> + KERNEL_UNLOCK();
> + return error;
> }
>
> /*
> @@ -171,7 +175,7 @@ ah_init(struct tdb *tdbp, struct xformsw
> int
> ah_zeroize(struct tdb *tdbp)
> {
> - int err;
> + int error;
>
> if (tdbp->tdb_amxkey) {
> explicit_bzero(tdbp->tdb_amxkey, tdbp->tdb_amxkeylen);
> @@ -179,9 +183,11 @@ ah_zeroize(struct tdb *tdbp)
> tdbp->tdb_amxkey = NULL;
> }
>
> - err = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_LOCK();
> + error = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_UNLOCK();
> tdbp->tdb_cryptoid = 0;
> - return err;
> + return error;
> }
>
> /*
> @@ -696,7 +702,10 @@ ah_input(struct mbuf *m, struct tdb *tdb
> tc->tc_rdomain = tdb->tdb_rdomain;
> memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
>
> drop:
> m_freem(m);
> @@ -1144,7 +1153,10 @@ ah_output(struct mbuf *m, struct tdb *td
> tc->tc_rdomain = tdb->tdb_rdomain;
> memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
>
> drop:
> m_freem(m);
> Index: netinet/ip_esp.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_esp.c,v
> retrieving revision 1.162
> diff -u -p -r1.162 ip_esp.c
> --- netinet/ip_esp.c 25 Feb 2021 02:48:21 -0000 1.162
> +++ netinet/ip_esp.c 16 Jun 2021 22:00:08 -0000
> @@ -93,6 +93,7 @@ esp_init(struct tdb *tdbp, struct xforms
> struct enc_xform *txform = NULL;
> struct auth_hash *thash = NULL;
> struct cryptoini cria, crie, crin;
> + int error;
>
> if (!ii->ii_encalg && !ii->ii_authalg) {
> DPRINTF(("esp_init(): neither authentication nor encryption "
> @@ -294,8 +295,11 @@ esp_init(struct tdb *tdbp, struct xforms
> cria.cri_key = ii->ii_authkey;
> }
>
> - return crypto_newsession(&tdbp->tdb_cryptoid,
> + KERNEL_LOCK();
> + error = crypto_newsession(&tdbp->tdb_cryptoid,
> (tdbp->tdb_encalgxform ? &crie : &cria), 0);
> + KERNEL_UNLOCK();
> + return error;
> }
>
> /*
> @@ -304,7 +308,7 @@ esp_init(struct tdb *tdbp, struct xforms
> int
> esp_zeroize(struct tdb *tdbp)
> {
> - int err;
> + int error;
>
> if (tdbp->tdb_amxkey) {
> explicit_bzero(tdbp->tdb_amxkey, tdbp->tdb_amxkeylen);
> @@ -318,9 +322,11 @@ esp_zeroize(struct tdb *tdbp)
> tdbp->tdb_emxkey = NULL;
> }
>
> - err = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_LOCK();
> + error = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_UNLOCK();
> tdbp->tdb_cryptoid = 0;
> - return err;
> + return error;
> }
>
> #define MAXBUFSIZ (AH_ALEN_MAX > ESP_MAX_IVS ? AH_ALEN_MAX : ESP_MAX_IVS)
> @@ -519,7 +525,10 @@ esp_input(struct mbuf *m, struct tdb *td
> crde->crd_len = m->m_pkthdr.len - (skip + hlen + alen);
> }
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
>
> drop:
> m_freem(m);
> @@ -1006,7 +1015,10 @@ esp_output(struct mbuf *m, struct tdb *t
> crda->crd_len = m->m_pkthdr.len - (skip + alen);
> }
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
>
> drop:
> m_freem(m);
> Index: netinet/ip_ipcomp.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipcomp.c,v
> retrieving revision 1.67
> diff -u -p -r1.67 ip_ipcomp.c
> --- netinet/ip_ipcomp.c 30 Sep 2019 01:53:05 -0000 1.67
> +++ netinet/ip_ipcomp.c 16 Jun 2021 22:00:45 -0000
> @@ -79,6 +79,7 @@ ipcomp_init(struct tdb *tdbp, struct xfo
> {
> struct comp_algo *tcomp = NULL;
> struct cryptoini cric;
> + int error;
>
> switch (ii->ii_compalg) {
> case SADB_X_CALG_DEFLATE:
> @@ -105,7 +106,10 @@ ipcomp_init(struct tdb *tdbp, struct xfo
> memset(&cric, 0, sizeof(cric));
> cric.cri_alg = tdbp->tdb_compalgxform->type;
>
> - return crypto_newsession(&tdbp->tdb_cryptoid, &cric, 0);
> + KERNEL_LOCK();
> + error = crypto_newsession(&tdbp->tdb_cryptoid, &cric, 0);
> + KERNEL_UNLOCK();
> + return error;
> }
>
> /*
> @@ -114,11 +118,13 @@ ipcomp_init(struct tdb *tdbp, struct xfo
> int
> ipcomp_zeroize(struct tdb *tdbp)
> {
> - int err;
> + int error;
>
> - err = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_LOCK();
> + error = crypto_freesession(tdbp->tdb_cryptoid);
> + KERNEL_UNLOCK();
> tdbp->tdb_cryptoid = 0;
> - return err;
> + return error;
> }
>
> /*
> @@ -129,7 +135,7 @@ ipcomp_input(struct mbuf *m, struct tdb
> {
> struct comp_algo *ipcompx = (struct comp_algo *) tdb->tdb_compalgxform;
> struct tdb_crypto *tc;
> - int hlen;
> + int hlen, error;
>
> struct cryptodesc *crdc = NULL;
> struct cryptop *crp;
> @@ -178,7 +184,10 @@ ipcomp_input(struct mbuf *m, struct tdb
> tc->tc_rdomain = tdb->tdb_rdomain;
> tc->tc_dst = tdb->tdb_dst;
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
> }
>
> int
> @@ -472,7 +481,10 @@ ipcomp_output(struct mbuf *m, struct tdb
> crp->crp_opaque = (caddr_t)tc;
> crp->crp_sid = tdb->tdb_cryptoid;
>
> - return crypto_dispatch(crp);
> + KERNEL_LOCK();
> + error = crypto_dispatch(crp);
> + KERNEL_UNLOCK();
> + return error;
>
> drop:
> m_freem(m);
> Index: netinet/ipsec_input.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_input.c,v
> retrieving revision 1.173
> diff -u -p -r1.173 ipsec_input.c
> --- netinet/ipsec_input.c 1 Sep 2020 01:53:34 -0000 1.173
> +++ netinet/ipsec_input.c 16 Jun 2021 12:37:54 -0000
> @@ -376,6 +376,8 @@ ipsec_input_cb(struct cryptop *crp)
> struct tdb *tdb = NULL;
> int clen, error;
>
> + KERNEL_ASSERT_LOCKED();
> +
> if (m == NULL) {
> DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
> ipsecstat_inc(ipsec_crypto);
> Index: netinet/ipsec_output.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_output.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 ipsec_output.c
> --- netinet/ipsec_output.c 10 Mar 2021 10:21:49 -0000 1.79
> +++ netinet/ipsec_output.c 16 Jun 2021 12:37:53 -0000
> @@ -391,6 +391,8 @@ ipsec_output_cb(struct cryptop *crp)
> struct tdb *tdb = NULL;
> int error, ilen, olen;
>
> + KERNEL_ASSERT_LOCKED();
> +
> if (m == NULL) {
> DPRINTF(("%s: bogus returned buffer from crypto\n", __func__));
> ipsecstat_inc(ipsec_crypto);
