Flesh out static dtrace probes for /dev/crypto ioctl errors.

In particular, no probes were present for AEAD requests, but also for some other error cases in other ioctl requests. MFC after: 2 weeks Sponsored by: Chelsio Communications
svn path=/head/; revision=327803
2018-01-11 00:22:24 +00:00 · 2018-01-11 00:22:24 +00:00 · 776a2127ef · 2020-12-20 02:59:44 +00:00
commit 776a2127ef
parent dc045f499a
1 changed files with 84 additions and 18 deletions
--- a/sys/opencrypto/cryptodev.c
+++ b/sys/opencrypto/cryptodev.c
@ -443,6 +443,7 @@ cryptof_ioctl(

 		default:
 			CRYPTDEB("invalid cipher");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}

@ -490,6 +491,7 @@ cryptof_ioctl(
 			break;
 		default:
 			CRYPTDEB("invalid mac");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
 		}

@ -503,6 +505,8 @@ cryptof_ioctl(
 			    sop->keylen < txform->minkey) {
 				CRYPTDEB("invalid cipher parameters");
 				error = EINVAL;
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}

@ -511,6 +515,8 @@ cryptof_ioctl(
 			if ((error = copyin(sop->key, crie.cri_key,
 			    crie.cri_klen / 8))) {
 				CRYPTDEB("invalid key");
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 			if (thash)
@ -524,6 +530,8 @@ cryptof_ioctl(
 			    sop->mackeylen > thash->keysize) {
 				CRYPTDEB("invalid mac key length");
 				error = EINVAL;
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}

@ -533,6 +541,8 @@ cryptof_ioctl(
 				if ((error = copyin(sop->mackey, cria.cri_key,
 				    cria.cri_klen / 8))) {
 					CRYPTDEB("invalid mac key");
+					SDT_PROBE1(opencrypto, dev, ioctl,
+					    error, __LINE__);
 					goto bail;
 				}
 			}
@ -548,6 +558,8 @@ cryptof_ioctl(
 			error = checkforsoftware(&crid);
 			if (error) {
 				CRYPTDEB("checkforsoftware");
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
 				goto bail;
 			}
 		} else
@ -555,6 +567,7 @@ cryptof_ioctl(
 		error = crypto_newsession(&sid, (txform ? &crie : &cria), crid);
 		if (error) {
 			CRYPTDEB("crypto_newsession");
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
 		}

@ -565,6 +578,7 @@ cryptof_ioctl(
 		if (cse == NULL) {
 			crypto_freesession(sid);
 			error = EINVAL;
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			CRYPTDEB("csecreate");
 			goto bail;
 		}
@ -597,8 +611,10 @@ cryptof_ioctl(
 	case CIOCFSESSION:
 		ses = *(u_int32_t *)data;
 		cse = csefind(fcr, ses);
-		if (cse == NULL)
+		if (cse == NULL) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
+		}
 		csedelete(fcr, cse);
 		error = csefree(cse);
 		break;
@ -628,8 +644,10 @@ cryptof_ioctl(
 	case CIOCKEY32:
 	case CIOCKEY232:
 #endif
-		if (!crypto_userasymcrypto)
+		if (!crypto_userasymcrypto) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EPERM);		/* XXX compat? */
+		}
 #ifdef COMPAT_FREEBSD32
 		if (cmd == CIOCKEY32 || cmd == CIOCKEY232) {
 			kop = &kopc;
@ -663,8 +681,12 @@ cryptof_ioctl(
 			 * fallback to doing them in software.
 			 */
 			*(int *)data = 0;
-		} else
+		} else {
 			error = crypto_getfeat((int *)data);
+			if (error)
+				SDT_PROBE1(opencrypto, dev, ioctl, error,
+				    __LINE__);
+		}
 		break;
 	case CIOCFINDDEV:
 		error = cryptodev_find((struct crypt_find_op *)data);
@ -672,12 +694,15 @@ cryptof_ioctl(
 	case CIOCCRYPTAEAD:
 		caead = (struct crypt_aead *)data;
 		cse = csefind(fcr, caead->ses);
-		if (cse == NULL)
+		if (cse == NULL) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			return (EINVAL);
+		}
 		error = cryptodev_aead(cse, caead, active_cred, td);
 		break;
 	default:
 		error = EINVAL;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		break;
 	}
 	return (error);
@ -892,12 +917,16 @@ cryptodev_aead(
 	struct cryptodesc *crde = NULL, *crda = NULL;
 	int error;

-	if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4)
+	if (caead->len > 256*1024-4 || caead->aadlen > 256*1024-4) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (E2BIG);
+	}

 	if (cse->txform == NULL || cse->thash == NULL || caead->tag == NULL ||
-	    (caead->len % cse->txform->blocksize) != 0)
+	    (caead->len % cse->txform->blocksize) != 0) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
+	}

 	uio = &cse->uio;
 	uio->uio_iov = &cse->iovec;
@ -915,6 +944,7 @@ cryptodev_aead(
 	crp = crypto_getreq(2);
 	if (crp == NULL) {
 		error = ENOMEM;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}

@ -927,12 +957,16 @@ cryptodev_aead(
 	}

 	if ((error = copyin(caead->aad, cse->uio.uio_iov[0].iov_base,
-	    caead->aadlen)))
+	    caead->aadlen))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}

 	if ((error = copyin(caead->src, (char *)cse->uio.uio_iov[0].iov_base +
-	    caead->aadlen, caead->len)))
+	    caead->aadlen, caead->len))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}

 	/*
 	 * For GCM, crd_len covers only the AAD.  For other ciphers
@ -973,11 +1007,14 @@ cryptodev_aead(
 	if (caead->iv) {
 		if (caead->ivlen > sizeof cse->tmp_iv) {
 			error = EINVAL;
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
 		}

-		if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen)))
+		if ((error = copyin(caead->iv, cse->tmp_iv, caead->ivlen))) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto bail;
+		}
 		bcopy(cse->tmp_iv, crde->crd_iv, caead->ivlen);
 		crde->crd_flags |= CRD_F_IV_EXPLICIT | CRD_F_IV_PRESENT;
 	} else {
@ -987,8 +1024,10 @@ cryptodev_aead(
 	}

 	if ((error = copyin(caead->tag, (caddr_t)cse->uio.uio_iov[0].iov_base +
-	    caead->len + caead->aadlen, cse->thash->hashsize)))
+	    caead->len + caead->aadlen, cse->thash->hashsize))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}
 again:
 	/*
 	 * Let the dispatch run unlocked, then, interlock against the
@ -1003,8 +1042,10 @@ cryptodev_aead(
 		error = msleep(crp, &cse->lock, PWAIT, "crydev", 0);
 	mtx_unlock(&cse->lock);

-	if (error != 0)
+	if (error != 0) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}

 	if (crp->crp_etype == EAGAIN) {
 		crp->crp_etype = 0;
@ -1014,22 +1055,28 @@ cryptodev_aead(

 	if (crp->crp_etype != 0) {
 		error = crp->crp_etype;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}

 	if (cse->error) {
 		error = cse->error;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
 	}

 	if (caead->dst && (error = copyout(
 	    (caddr_t)cse->uio.uio_iov[0].iov_base + caead->aadlen, caead->dst,
-	    caead->len)))
+	    caead->len))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}

 	if ((error = copyout((caddr_t)cse->uio.uio_iov[0].iov_base +
-	    caead->aadlen + caead->len, caead->tag, cse->thash->hashsize)))
+	    caead->aadlen + caead->len, caead->tag, cse->thash->hashsize))) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto bail;
+	}

 bail:
 	crypto_freereq(crp);
@ -1068,6 +1115,7 @@ cryptodev_key(struct crypt_kop *kop)
 	int in, out, size, i;

 	if (kop->crk_iparams + kop->crk_oparams > CRK_MAXPARAM) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EFBIG);
 	}

@ -1077,30 +1125,38 @@ cryptodev_key(struct crypt_kop *kop)
 	case CRK_MOD_EXP:
 		if (in == 3 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_MOD_EXP_CRT:
 		if (in == 6 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DSA_SIGN:
 		if (in == 5 && out == 2)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DSA_VERIFY:
 		if (in == 7 && out == 0)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	case CRK_DH_COMPUTE_KEY:
 		if (in == 3 && out == 1)
 			break;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	default:
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (EINVAL);
 	}

 	krp = (struct cryptkop *)malloc(sizeof *krp, M_XDATA, M_WAITOK|M_ZERO);
-	if (!krp)
+	if (!krp) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		return (ENOMEM);
+	}
 	krp->krp_op = kop->crk_op;
 	krp->krp_status = kop->crk_status;
 	krp->krp_iparams = kop->crk_iparams;
@ -1110,9 +1166,11 @@ cryptodev_key(struct crypt_kop *kop)
 	krp->krp_callback = (int (*) (struct cryptkop *)) cryptodevkey_cb;

 	for (i = 0; i < CRK_MAXPARAM; i++) {
-		if (kop->crk_param[i].crp_nbits > 65536)
+		if (kop->crk_param[i].crp_nbits > 65536) {
 			/* Limit is the same as in OpenBSD */
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 		krp->krp_param[i].crp_nbits = kop->crk_param[i].crp_nbits;
 	}
 	for (i = 0; i < krp->krp_iparams + krp->krp_oparams; i++) {
@ -1123,22 +1181,28 @@ cryptodev_key(struct crypt_kop *kop)
 		if (i >= krp->krp_iparams)
 			continue;
 		error = copyin(kop->crk_param[i].crp_p, krp->krp_param[i].crp_p, size);
-		if (error)
+		if (error) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 	}

 	error = crypto_kdispatch(krp);
-	if (error)
+	if (error) {
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
+	}
 	error = tsleep(krp, PSOCK, "crydev", 0);
 	if (error) {
 		/* XXX can this happen?  if so, how do we recover? */
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
 	}
 	
 	kop->crk_crid = krp->krp_crid;		/* device that did the work */
 	if (krp->krp_status != 0) {
 		error = krp->krp_status;
+		SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 		goto fail;
 	}

@ -1147,8 +1211,10 @@ cryptodev_key(struct crypt_kop *kop)
 		if (size == 0)
 			continue;
 		error = copyout(krp->krp_param[i].crp_p, kop->crk_param[i].crp_p, size);
-		if (error)
+		if (error) {
+			SDT_PROBE1(opencrypto, dev, ioctl, error, __LINE__);
 			goto fail;
+		}
 	}

 fail: