Add per-session locking to cryptosoft (swcr).

As part of ZFS Crypto, I started getting a series of panics when I did not have AESNI loaded. Adding locking fixed it, and I concluded that the Reinit function altered the AES key schedule. This locking is not as fine-grained as it could be (AESNI uses per-cpu locking), but it's minimally invasive. Sponsored by: iXsystems Inc Reviewed by: cem, mav Approved by: re (gjb), mav (mentor) Differential Revision: https://reviews.freebsd.org/D17307
svn path=/head/; revision=338953
2018-09-26 20:23:12 +00:00 · 2018-09-26 20:23:12 +00:00 · a7fcb1afcb · 2020-12-20 02:59:44 +00:00
commit a7fcb1afcb
parent 517a1827f7
2 changed files with 8 additions and 1 deletions
--- a/sys/opencrypto/cryptosoft.c
+++ b/sys/opencrypto/cryptosoft.c
@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/rwlock.h>
 #include <sys/endian.h>
 #include <sys/limits.h>
+#include <sys/mutex.h>

 #include <crypto/blowfish/blowfish.h>
 #include <crypto/sha1.h>
@ -765,6 +766,7 @@ swcr_newsession(device_t dev, crypto_session_t cses, struct cryptoini *cri)
 		return EINVAL;

 	ses = crypto_get_driver_session(cses);
+	mtx_init(&ses->swcr_lock, "swcr session lock", NULL, MTX_DEF);

 	for (i = 0; cri != NULL && i < nitems(ses->swcr_algorithms); i++) {
 		swd = &ses->swcr_algorithms[i];
@ -1022,6 +1024,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)

 	ses = crypto_get_driver_session(cses);

+	mtx_destroy(&ses->swcr_lock);
 	for (i = 0; i < nitems(ses->swcr_algorithms); i++) {
 		swd = &ses->swcr_algorithms[i];

@ -1109,7 +1112,7 @@ swcr_freesession(device_t dev, crypto_session_t cses)
 static int
 swcr_process(device_t dev, struct cryptop *crp, int hint)
 {
-	struct swcr_session *ses;
+	struct swcr_session *ses = NULL;
 	struct cryptodesc *crd;
 	struct swcr_data *sw;
 	size_t i;
@ -1124,6 +1127,7 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 	}

 	ses = crypto_get_driver_session(crp->crp_session);
+	mtx_lock(&ses->swcr_lock);

 	/* Go through crypto descriptors, processing as we go */
 	for (crd = crp->crp_desc; crd; crd = crd->crd_next) {
@ -1213,6 +1217,8 @@ swcr_process(device_t dev, struct cryptop *crp, int hint)
 	}

 done:
+	if (ses)
+		mtx_unlock(&ses->swcr_lock);
 	crypto_done(crp);
 	return 0;
 }
--- a/sys/opencrypto/cryptosoft.h
+++ b/sys/opencrypto/cryptosoft.h
@ -58,6 +58,7 @@ struct swcr_data {
 };

 struct swcr_session {
+	struct mtx	swcr_lock;
 	struct swcr_data swcr_algorithms[2];
 	unsigned swcr_nalgs;
 };