module/*.ko: prune .data, global .rodata

Evaluated every variable that lives in .data (and globals in .rodata)
in the kernel modules, and constified/eliminated/localised them
appropriately. This means that all read-only data is now actually
read-only data, and, if possible, at file scope. A lot of previously-
global-symbols became inlinable (and inlined!) constants. Probably
not in a big Wowee Performance Moment, but hey.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12899

module/icp/algs/aes/aes_impl.c

@@ -225,7 +225,7 @@ static aes_impl_ops_t aes_fastest_impl = {
 };
 
 /* All compiled in implementations */
-const aes_impl_ops_t *aes_all_impl[] = {
+static const aes_impl_ops_t *aes_all_impl[] = {
 	&aes_generic_impl,
 #if defined(__x86_64)
 	&aes_x86_64_impl,

module/icp/algs/edonr/edonr_byteorder.h

@@ -61,7 +61,7 @@
 #endif /* !MACHINE_IS_BIG_ENDIAN && !MACHINE_IS_LITTLE_ENDIAN */
 
 #if !defined(MACHINE_IS_BIG_ENDIAN) && !defined(MACHINE_IS_LITTLE_ENDIAN)
-#error unknown machine byte sex
+#error unknown machine byte order
 #endif
 
 #define	BYTEORDER_INCLUDED

module/icp/algs/modes/gcm.c

@@ -779,7 +779,7 @@ static gcm_impl_ops_t gcm_fastest_impl = {
 };
 
 /* All compiled in implementations */
-const gcm_impl_ops_t *gcm_all_impl[] = {
+static const gcm_impl_ops_t *gcm_all_impl[] = {
 	&gcm_generic_impl,
 #if defined(__x86_64) && defined(HAVE_PCLMULQDQ)
 	&gcm_pclmulqdq_impl,
@@ -1046,9 +1046,6 @@ MODULE_PARM_DESC(icp_gcm_impl, "Select gcm implementation.");
 #define	GCM_AVX_MAX_CHUNK_SIZE \
 	(((128*1024)/GCM_AVX_MIN_DECRYPT_BYTES) * GCM_AVX_MIN_DECRYPT_BYTES)
 
-/* Get the chunk size module parameter. */
-#define	GCM_CHUNK_SIZE_READ *(volatile uint32_t *) &gcm_avx_chunk_size
-
 /* Clear the FPU registers since they hold sensitive internal state. */
 #define	clear_fpu_regs() clear_fpu_regs_avx()
 #define	GHASH_AVX(ctx, in, len) \
@@ -1057,6 +1054,9 @@ MODULE_PARM_DESC(icp_gcm_impl, "Select gcm implementation.");
 
 #define	gcm_incr_counter_block(ctx) gcm_incr_counter_block_by(ctx, 1)
 
+/* Get the chunk size module parameter. */
+#define	GCM_CHUNK_SIZE_READ *(volatile uint32_t *) &gcm_avx_chunk_size
+
 /*
  * Module parameter: number of bytes to process at once while owning the FPU.
  * Rounded down to the next GCM_AVX_MIN_DECRYPT_BYTES byte boundary and is

module/icp/algs/sha2/sha2.c

@@ -65,7 +65,7 @@ static void SHA256Transform(SHA2_CTX *, const uint8_t *);
 static void SHA512Transform(SHA2_CTX *, const uint8_t *);
 #endif	/* __amd64 && _KERNEL */
 
-static uint8_t PADDING[128] = { 0x80, /* all zeros */ };
+static const uint8_t PADDING[128] = { 0x80, /* all zeros */ };
 
 /*
  * The low-level checksum routines use a lot of stack space. On systems where

module/icp/algs/skein/skein_impl.h

@@ -263,8 +263,6 @@ extern const uint64_t SKEIN_256_IV_128[];
 extern const uint64_t SKEIN_256_IV_160[];
 extern const uint64_t SKEIN_256_IV_224[];
 extern const uint64_t SKEIN_256_IV_256[];
-extern const uint64_t SKEIN_512_IV_128[];
-extern const uint64_t SKEIN_512_IV_160[];
 extern const uint64_t SKEIN_512_IV_224[];
 extern const uint64_t SKEIN_512_IV_256[];
 extern const uint64_t SKEIN_512_IV_384[];

module/icp/algs/skein/skein_iv.c

@@ -52,30 +52,6 @@ const uint64_t SKEIN_256_IV_256[] = {
 	MK_64(0x6A54E920, 0xFDE8DA69)
 };
 
-/* blkSize =  512 bits. hashSize =  128 bits */
-const uint64_t SKEIN_512_IV_128[] = {
-	MK_64(0xA8BC7BF3, 0x6FBF9F52),
-	MK_64(0x1E9872CE, 0xBD1AF0AA),
-	MK_64(0x309B1790, 0xB32190D3),
-	MK_64(0xBCFBB854, 0x3F94805C),
-	MK_64(0x0DA61BCD, 0x6E31B11B),
-	MK_64(0x1A18EBEA, 0xD46A32E3),
-	MK_64(0xA2CC5B18, 0xCE84AA82),
-	MK_64(0x6982AB28, 0x9D46982D)
-};
-
-/* blkSize =  512 bits. hashSize =  160 bits */
-const uint64_t SKEIN_512_IV_160[] = {
-	MK_64(0x28B81A2A, 0xE013BD91),
-	MK_64(0xC2F11668, 0xB5BDF78F),
-	MK_64(0x1760D8F3, 0xF6A56F12),
-	MK_64(0x4FB74758, 0x8239904F),
-	MK_64(0x21EDE07F, 0x7EAF5056),
-	MK_64(0xD908922E, 0x63ED70B8),
-	MK_64(0xB8EC76FF, 0xECCB52FA),
-	MK_64(0x01A47BB8, 0xA3F27A6E)
-};
-
 /* blkSize =  512 bits. hashSize =  224 bits */
 const uint64_t SKEIN_512_IV_224[] = {
 	MK_64(0xCCD06162, 0x48677224),

module/icp/api/kcf_miscapi.c

@@ -62,7 +62,7 @@ static kcf_ntfy_elem_t *ntfy_list_head;
  *	CRYPTO_MECH_INVALID otherwise.
  */
 crypto_mech_type_t
-crypto_mech2id(char *mechname)
+crypto_mech2id(const char *mechname)
 {
 	return (crypto_mech2id_common(mechname, B_TRUE));
 }

module/icp/asm-x86_64/aes/aes_amd64.S

@@ -693,7 +693,7 @@ aes_decrypt_amd64(const uint32_t rk[], int Nr, const uint32_t ct[4],
  * int aes_encrypt(const unsigned char *in,
  *	unsigned char *out, const aes_encrypt_ctx cx[1])/
  */
-.data
+.section .rodata
 .align	64
 enc_tab:
 	enc_vals(u8)
@@ -798,7 +798,7 @@ ENTRY_NP(aes_encrypt_amd64)
  * int aes_decrypt(const unsigned char *in,
  *	unsigned char *out, const aes_encrypt_ctx cx[1])/
  */
-.data
+.section .rodata
 .align	64
 dec_tab:
 	dec_vals(v8)

module/icp/asm-x86_64/modes/gcm_pclmulqdq.S

@@ -101,7 +101,7 @@ gcm_mul_pclmulqdq(uint64_t *x_in, uint64_t *y, uint64_t *res) {
 
 // static uint8_t byte_swap16_mask[] = {
 //	 15, 14, 13, 12, 11, 10, 9, 8, 7, 6 ,5, 4, 3, 2, 1, 0 };
-.data
+.section .rodata
 .align XMM_ALIGN
 .Lbyte_swap16_mask:
 	.byte	15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0

module/icp/asm-x86_64/sha2/sha256_impl.S

@@ -2062,7 +2062,7 @@ ENTRY_NP(SHA256TransformBlocks)
 .cfi_endproc
 SET_SIZE(SHA256TransformBlocks)
 
-.data
+.section .rodata
 .align	64
 .type	K256,@object
 K256:

module/icp/asm-x86_64/sha2/sha512_impl.S

@@ -2063,7 +2063,7 @@ ENTRY_NP(SHA512TransformBlocks)
 .cfi_endproc
 SET_SIZE(SHA512TransformBlocks)
 
-.data
+.section .rodata
 .align	64
 .type	K512,@object
 K512:

module/icp/core/kcf_callprov.c

@@ -116,7 +116,7 @@ kcf_get_hardware_provider(crypto_mech_type_t mech_type_1,
 	kcf_provider_list_t *p;
 	kcf_ops_class_t class;
 	kcf_mech_entry_t *me;
-	kcf_mech_entry_tab_t *me_tab;
+	const kcf_mech_entry_tab_t *me_tab;
 	int index, len, gqlen = INT_MAX, rv = CRYPTO_SUCCESS;
 
 	/* get the mech entry for the specified mechanism */
@@ -258,7 +258,7 @@ kcf_get_mech_provider(crypto_mech_type_t mech_type, kcf_mech_entry_t **mepp,
 	kcf_ops_class_t class;
 	int index;
 	kcf_mech_entry_t *me;
-	kcf_mech_entry_tab_t *me_tab;
+	const kcf_mech_entry_tab_t *me_tab;
 
 	class = KCF_MECH2CLASS(mech_type);
 	if ((class < KCF_FIRST_OPSCLASS) || (class > KCF_LAST_OPSCLASS)) {

module/icp/core/kcf_mech_tabs.c

@@ -82,14 +82,14 @@
 
 /* RFE 4687834 Will deal with the extensibility of these tables later */
 
-kcf_mech_entry_t kcf_digest_mechs_tab[KCF_MAXDIGEST];
-kcf_mech_entry_t kcf_cipher_mechs_tab[KCF_MAXCIPHER];
-kcf_mech_entry_t kcf_mac_mechs_tab[KCF_MAXMAC];
-kcf_mech_entry_t kcf_sign_mechs_tab[KCF_MAXSIGN];
-kcf_mech_entry_t kcf_keyops_mechs_tab[KCF_MAXKEYOPS];
-kcf_mech_entry_t kcf_misc_mechs_tab[KCF_MAXMISC];
+static kcf_mech_entry_t kcf_digest_mechs_tab[KCF_MAXDIGEST];
+static kcf_mech_entry_t kcf_cipher_mechs_tab[KCF_MAXCIPHER];
+static kcf_mech_entry_t kcf_mac_mechs_tab[KCF_MAXMAC];
+static kcf_mech_entry_t kcf_sign_mechs_tab[KCF_MAXSIGN];
+static kcf_mech_entry_t kcf_keyops_mechs_tab[KCF_MAXKEYOPS];
+static kcf_mech_entry_t kcf_misc_mechs_tab[KCF_MAXMISC];
 
-kcf_mech_entry_tab_t kcf_mech_tabs_tab[KCF_LAST_OPSCLASS + 1] = {
+const kcf_mech_entry_tab_t kcf_mech_tabs_tab[KCF_LAST_OPSCLASS + 1] = {
 	{0, NULL},				/* No class zero */
 	{KCF_MAXDIGEST, kcf_digest_mechs_tab},
 	{KCF_MAXCIPHER, kcf_cipher_mechs_tab},
@@ -108,22 +108,22 @@ kcf_mech_entry_tab_t kcf_mech_tabs_tab[KCF_LAST_OPSCLASS + 1] = {
  * There is room for refinement here.
  *
  */
-int kcf_md5_threshold = 512;
-int kcf_sha1_threshold = 512;
-int kcf_des_threshold = 512;
-int kcf_des3_threshold = 512;
-int kcf_aes_threshold = 512;
-int kcf_bf_threshold = 512;
-int kcf_rc4_threshold = 512;
+static const int kcf_md5_threshold = 512;
+static const int kcf_sha1_threshold = 512;
+static const int kcf_des_threshold = 512;
+static const int kcf_des3_threshold = 512;
+static const int kcf_aes_threshold = 512;
+static const int kcf_bf_threshold = 512;
+static const int kcf_rc4_threshold = 512;
 
-kmutex_t kcf_mech_tabs_lock;
+static kmutex_t kcf_mech_tabs_lock;
 static uint32_t kcf_gen_swprov = 0;
 
-int kcf_mech_hash_size = 256;
-mod_hash_t *kcf_mech_hash;	/* mech name to id hash */
+static const int kcf_mech_hash_size = 256;
+static mod_hash_t *kcf_mech_hash;	/* mech name to id hash */
 
 static crypto_mech_type_t
-kcf_mech_hash_find(char *mechname)
+kcf_mech_hash_find(const char *mechname)
 {
 	mod_hash_val_t hv;
 	crypto_mech_type_t mt;
@@ -166,7 +166,6 @@ kcf_destroy_mech_tabs(void)
 void
 kcf_init_mech_tabs(void)
 {
-	int i, max;
 	kcf_ops_class_t class;
 	kcf_mech_entry_t *me_tab;
 
@@ -249,9 +248,9 @@ kcf_init_mech_tabs(void)
 	    kcf_mech_hash_size, mod_hash_null_valdtor);
 
 	for (class = KCF_FIRST_OPSCLASS; class <= KCF_LAST_OPSCLASS; class++) {
-		max = kcf_mech_tabs_tab[class].met_size;
+		int max = kcf_mech_tabs_tab[class].met_size;
 		me_tab = kcf_mech_tabs_tab[class].met_tab;
-		for (i = 0; i < max; i++) {
+		for (int i = 0; i < max; i++) {
 			mutex_init(&(me_tab[i].me_mutex), NULL,
 			    MUTEX_DEFAULT, NULL);
 			if (me_tab[i].me_name[0] != 0) {
@@ -747,7 +746,7 @@ kcf_get_mech_entry(crypto_mech_type_t mech_type, kcf_mech_entry_t **mep)
 {
 	kcf_ops_class_t		class;
 	int			index;
-	kcf_mech_entry_tab_t	*me_tab;
+	const kcf_mech_entry_tab_t	*me_tab;
 
 	ASSERT(mep != NULL);
 
@@ -778,7 +777,7 @@ kcf_get_mech_entry(crypto_mech_type_t mech_type, kcf_mech_entry_t **mep)
  * to load it.
  */
 crypto_mech_type_t
-crypto_mech2id_common(char *mechname, boolean_t load_module)
+crypto_mech2id_common(const char *mechname, boolean_t load_module)
 {
 	(void) load_module;
 	return (kcf_mech_hash_find(mechname));

module/icp/core/kcf_prov_tabs.c

@@ -205,7 +205,8 @@ kcf_prov_tab_lookup(crypto_provider_id_t prov_id)
 }
 
 static void
-allocate_ops_v1(crypto_ops_t *src, crypto_ops_t *dst, uint_t *mech_list_count)
+allocate_ops_v1(const crypto_ops_t *src, crypto_ops_t *dst,
+    uint_t *mech_list_count)
 {
 	if (src->co_control_ops != NULL)
 		dst->co_control_ops = kmem_alloc(sizeof (crypto_control_ops_t),
@@ -274,7 +275,7 @@ allocate_ops_v1(crypto_ops_t *src, crypto_ops_t *dst, uint_t *mech_list_count)
 }
 
 static void
-allocate_ops_v2(crypto_ops_t *src, crypto_ops_t *dst)
+allocate_ops_v2(const crypto_ops_t *src, crypto_ops_t *dst)
 {
 	if (src->co_mech_ops != NULL)
 		dst->co_mech_ops = kmem_alloc(sizeof (crypto_mech_ops_t),
@@ -282,7 +283,7 @@ allocate_ops_v2(crypto_ops_t *src, crypto_ops_t *dst)
 }
 
 static void
-allocate_ops_v3(crypto_ops_t *src, crypto_ops_t *dst)
+allocate_ops_v3(const crypto_ops_t *src, crypto_ops_t *dst)
 {
 	if (src->co_nostore_key_ops != NULL)
 		dst->co_nostore_key_ops =
@@ -297,12 +298,11 @@ allocate_ops_v3(crypto_ops_t *src, crypto_ops_t *dst)
  * since it is invoked from user context during provider registration.
  */
 kcf_provider_desc_t *
-kcf_alloc_provider_desc(crypto_provider_info_t *info)
+kcf_alloc_provider_desc(const crypto_provider_info_t *info)
 {
-	int i, j;
 	kcf_provider_desc_t *desc;
 	uint_t mech_list_count = info->pi_mech_list_count;
-	crypto_ops_t *src_ops = info->pi_ops_vector;
+	const crypto_ops_t *src_ops = info->pi_ops_vector;
 
 	desc = kmem_zalloc(sizeof (kcf_provider_desc_t), KM_SLEEP);
 
@@ -330,21 +330,22 @@ kcf_alloc_provider_desc(crypto_provider_info_t *info)
 	 * KCF needs to allocate storage where copies of the ops
 	 * vectors are copied.
 	 */
-	desc->pd_ops_vector = kmem_zalloc(sizeof (crypto_ops_t), KM_SLEEP);
+	crypto_ops_t *opvec = kmem_zalloc(sizeof (crypto_ops_t), KM_SLEEP);
 
 	if (info->pi_provider_type != CRYPTO_LOGICAL_PROVIDER) {
-		allocate_ops_v1(src_ops, desc->pd_ops_vector, &mech_list_count);
+		allocate_ops_v1(src_ops, opvec, &mech_list_count);
 		if (info->pi_interface_version >= CRYPTO_SPI_VERSION_2)
-			allocate_ops_v2(src_ops, desc->pd_ops_vector);
+			allocate_ops_v2(src_ops, opvec);
 		if (info->pi_interface_version == CRYPTO_SPI_VERSION_3)
-			allocate_ops_v3(src_ops, desc->pd_ops_vector);
+			allocate_ops_v3(src_ops, opvec);
 	}
+	desc->pd_ops_vector = opvec;
 
 	desc->pd_mech_list_count = mech_list_count;
 	desc->pd_mechanisms = kmem_zalloc(sizeof (crypto_mech_info_t) *
 	    mech_list_count, KM_SLEEP);
-	for (i = 0; i < KCF_OPS_CLASSSIZE; i++)
-		for (j = 0; j < KCF_MAXMECHTAB; j++)
+	for (int i = 0; i < KCF_OPS_CLASSSIZE; i++)
+		for (int j = 0; j < KCF_MAXMECHTAB; j++)
 			desc->pd_mech_indx[i][j] = KCF_INVALID_INDX;
 
 	desc->pd_prov_id = KCF_PROVID_INVALID;

module/icp/core/kcf_sched.c

@@ -35,15 +35,12 @@
 #include <sys/crypto/sched_impl.h>
 #include <sys/crypto/api.h>
 
-kcf_global_swq_t *gswq;	/* Global software queue */
+static kcf_global_swq_t *gswq;	/* Global software queue */
 
 /* Thread pool related variables */
 static kcf_pool_t *kcfpool;	/* Thread pool of kcfd LWPs */
-int kcf_maxthreads = 2;
-int kcf_minthreads = 1;
-int kcf_thr_multiple = 2;	/* Boot-time tunable for experimentation */
-static ulong_t	kcf_idlethr_timeout;
-#define	KCF_DEFAULT_THRTIMEOUT	60000000	/* 60 seconds */
+static const int kcf_maxthreads = 2;
+static const int kcf_minthreads = 1;
 
 /* kmem caches used by the scheduler */
 static kmem_cache_t *kcf_sreq_cache;
@@ -1289,8 +1286,6 @@ kcfpool_alloc()
 
 	mutex_init(&kcfpool->kp_user_lock, NULL, MUTEX_DEFAULT, NULL);
 	cv_init(&kcfpool->kp_user_cv, NULL, CV_DEFAULT, NULL);
-
-	kcf_idlethr_timeout = KCF_DEFAULT_THRTIMEOUT;
 }
 
 /*

module/icp/include/sys/crypto/impl.h

@@ -210,7 +210,7 @@ typedef struct kcf_provider_desc {
 	struct kcf_provider_list	*pd_provider_list;
 	kcondvar_t			pd_resume_cv;
 	crypto_provider_handle_t	pd_prov_handle;
-	crypto_ops_t			*pd_ops_vector;
+	const crypto_ops_t			*pd_ops_vector;
 	ushort_t			pd_mech_indx[KCF_OPS_CLASSSIZE]\
 					    [KCF_MAXMECHTAB];
 	crypto_mech_info_t		*pd_mechanisms;
@@ -397,19 +397,6 @@ extern kcf_soft_conf_entry_t *soft_config_list;
 #define	KCF_MAXKEYOPS		116	/* Key generation and derivation */
 #define	KCF_MAXMISC		16	/* Others ... */
 
-#define	KCF_MAXMECHS		KCF_MAXDIGEST + KCF_MAXCIPHER + KCF_MAXMAC + \
-				KCF_MAXSIGN + KCF_MAXKEYOPS + \
-				KCF_MAXMISC
-
-extern kcf_mech_entry_t kcf_digest_mechs_tab[];
-extern kcf_mech_entry_t kcf_cipher_mechs_tab[];
-extern kcf_mech_entry_t kcf_mac_mechs_tab[];
-extern kcf_mech_entry_t kcf_sign_mechs_tab[];
-extern kcf_mech_entry_t kcf_keyops_mechs_tab[];
-extern kcf_mech_entry_t kcf_misc_mechs_tab[];
-
-extern kmutex_t kcf_mech_tabs_lock;
-
 typedef	enum {
 	KCF_DIGEST_CLASS = 1,
 	KCF_CIPHER_CLASS,
@@ -429,7 +416,7 @@ typedef	struct kcf_mech_entry_tab {
 	kcf_mech_entry_t	*met_tab;	/* the table		 */
 } kcf_mech_entry_tab_t;
 
-extern kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
+extern const kcf_mech_entry_tab_t kcf_mech_tabs_tab[];
 
 #define	KCF_MECHID(class, index)				\
 	(((crypto_mech_type_t)(class) << 32) | (crypto_mech_type_t)(index))
@@ -1283,12 +1270,13 @@ extern int kcf_add_mech_provider(short, kcf_provider_desc_t *,
     kcf_prov_mech_desc_t **);
 extern void kcf_remove_mech_provider(char *, kcf_provider_desc_t *);
 extern int kcf_get_mech_entry(crypto_mech_type_t, kcf_mech_entry_t **);
-extern kcf_provider_desc_t *kcf_alloc_provider_desc(crypto_provider_info_t *);
+extern kcf_provider_desc_t *kcf_alloc_provider_desc(
+    const crypto_provider_info_t *);
 extern void kcf_provider_zero_refcnt(kcf_provider_desc_t *);
 extern void kcf_free_provider_desc(kcf_provider_desc_t *);
 extern void kcf_soft_config_init(void);
 extern int get_sw_provider_for_mech(crypto_mech_name_t, char **);
-extern crypto_mech_type_t crypto_mech2id_common(char *, boolean_t);
+extern crypto_mech_type_t crypto_mech2id_common(const char *, boolean_t);
 extern void undo_register_provider(kcf_provider_desc_t *, boolean_t);
 extern void redo_register_provider(kcf_provider_desc_t *);
 extern void kcf_rnd_init(void);

module/icp/include/sys/crypto/sched_impl.h

@@ -457,12 +457,9 @@ typedef struct kcf_ntfy_elem {
 #define	CRYPTO_TASKQ_MIN	64
 #define	CRYPTO_TASKQ_MAX	2 * 1024 * 1024
 
-extern int crypto_taskq_threads;
-extern int crypto_taskq_minalloc;
-extern int crypto_taskq_maxalloc;
-extern kcf_global_swq_t *gswq;
-extern int kcf_maxthreads;
-extern int kcf_minthreads;
+extern const int crypto_taskq_threads;
+extern const int crypto_taskq_minalloc;
+extern const int crypto_taskq_maxalloc;
 
 /*
  * All pending crypto bufcalls are put on a list. cbuf_list_lock

module/icp/include/sys/crypto/spi.h

@@ -498,10 +498,10 @@ typedef struct crypto_nostore_key_ops {
  * by calling crypto_register_provider(9F).
  */
 typedef struct crypto_ops_v1 {
-	crypto_control_ops_t			*co_control_ops;
-	crypto_digest_ops_t			*co_digest_ops;
-	crypto_cipher_ops_t			*co_cipher_ops;
-	crypto_mac_ops_t			*co_mac_ops;
+	const crypto_control_ops_t			*co_control_ops;
+	const crypto_digest_ops_t			*co_digest_ops;
+	const crypto_cipher_ops_t			*co_cipher_ops;
+	const crypto_mac_ops_t			*co_mac_ops;
 	crypto_sign_ops_t			*co_sign_ops;
 	crypto_verify_ops_t			*co_verify_ops;
 	crypto_dual_ops_t			*co_dual_ops;
@@ -511,7 +511,7 @@ typedef struct crypto_ops_v1 {
 	crypto_object_ops_t			*co_object_ops;
 	crypto_key_ops_t			*co_key_ops;
 	crypto_provider_management_ops_t	*co_provider_ops;
-	crypto_ctx_ops_t			*co_ctx_ops;
+	const crypto_ctx_ops_t			*co_ctx_ops;
 } crypto_ops_v1_t;
 
 typedef struct crypto_ops_v2 {
@@ -653,9 +653,9 @@ typedef struct crypto_provider_info_v1 {
 	char				*pi_provider_description;
 	crypto_provider_type_t		pi_provider_type;
 	crypto_provider_handle_t	pi_provider_handle;
-	crypto_ops_t			*pi_ops_vector;
+	const crypto_ops_t			*pi_ops_vector;
 	uint_t				pi_mech_list_count;
-	crypto_mech_info_t		*pi_mechanisms;
+	const crypto_mech_info_t		*pi_mechanisms;
 	uint_t				pi_logical_provider_count;
 	crypto_kcf_provider_handle_t	*pi_logical_providers;
 } crypto_provider_info_v1_t;
@@ -711,7 +711,7 @@ typedef struct crypto_provider_info {
  * of state changes, and notify the kernel when a asynchronous request
  * completed.
  */
-extern int crypto_register_provider(crypto_provider_info_t *,
+extern int crypto_register_provider(const crypto_provider_info_t *,
 		crypto_kcf_provider_handle_t *);
 extern int crypto_unregister_provider(crypto_kcf_provider_handle_t);
 extern void crypto_provider_notification(crypto_kcf_provider_handle_t, uint_t);

module/icp/io/aes.c

@@ -39,7 +39,7 @@
 /*
  * Mechanism info structure passed to KCF during registration.
  */
-static crypto_mech_info_t aes_mech_info_tab[] = {
+static const crypto_mech_info_t aes_mech_info_tab[] = {
 	/* AES_ECB */
 	{SUN_CKM_AES_ECB, AES_ECB_MECH_INFO_TYPE,
 	    CRYPTO_FG_ENCRYPT | CRYPTO_FG_ENCRYPT_ATOMIC |
@@ -77,7 +77,7 @@ static crypto_mech_info_t aes_mech_info_tab[] = {
 
 static void aes_provider_status(crypto_provider_handle_t, uint_t *);
 
-static crypto_control_ops_t aes_control_ops = {
+static const crypto_control_ops_t aes_control_ops = {
 	aes_provider_status
 };
 
@@ -110,7 +110,7 @@ static int aes_decrypt_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *,
     crypto_data_t *, crypto_spi_ctx_template_t, crypto_req_handle_t);
 
-static crypto_cipher_ops_t aes_cipher_ops = {
+static const crypto_cipher_ops_t aes_cipher_ops = {
 	.encrypt_init = aes_encrypt_init,
 	.encrypt = aes_encrypt,
 	.encrypt_update = aes_encrypt_update,
@@ -130,7 +130,7 @@ static int aes_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
     crypto_spi_ctx_template_t, crypto_req_handle_t);
 
-static crypto_mac_ops_t aes_mac_ops = {
+static const crypto_mac_ops_t aes_mac_ops = {
 	.mac_init = NULL,
 	.mac = NULL,
 	.mac_update = NULL,
@@ -144,12 +144,12 @@ static int aes_create_ctx_template(crypto_provider_handle_t,
     size_t *, crypto_req_handle_t);
 static int aes_free_context(crypto_ctx_t *);
 
-static crypto_ctx_ops_t aes_ctx_ops = {
+static const crypto_ctx_ops_t aes_ctx_ops = {
 	.create_ctx_template = aes_create_ctx_template,
 	.free_context = aes_free_context
 };
 
-static crypto_ops_t aes_crypto_ops = {{{{{
+static const crypto_ops_t aes_crypto_ops = {{{{{
 	&aes_control_ops,
 	NULL,
 	&aes_cipher_ops,
@@ -166,13 +166,13 @@ static crypto_ops_t aes_crypto_ops = {{{{{
 	&aes_ctx_ops
 }}}}};
 
-static crypto_provider_info_t aes_prov_info = {{{{
+static const crypto_provider_info_t aes_prov_info = {{{{
 	CRYPTO_SPI_VERSION_1,
 	"AES Software Provider",
 	CRYPTO_SW_PROVIDER,
 	NULL,
 	&aes_crypto_ops,
-	sizeof (aes_mech_info_tab)/sizeof (crypto_mech_info_t),
+	sizeof (aes_mech_info_tab) / sizeof (crypto_mech_info_t),
 	aes_mech_info_tab
 }}}};
 

module/icp/io/sha2_mod.c

@@ -60,7 +60,7 @@
 /*
  * Mechanism info structure passed to KCF during registration.
  */
-static crypto_mech_info_t sha2_mech_info_tab[] = {
+static const crypto_mech_info_t sha2_mech_info_tab[] = {
 	/* SHA256 */
 	{SUN_CKM_SHA256, SHA256_MECH_INFO_TYPE,
 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
@@ -107,7 +107,7 @@ static crypto_mech_info_t sha2_mech_info_tab[] = {
 
 static void sha2_provider_status(crypto_provider_handle_t, uint_t *);
 
-static crypto_control_ops_t sha2_control_ops = {
+static const crypto_control_ops_t sha2_control_ops = {
 	sha2_provider_status
 };
 
@@ -123,7 +123,7 @@ static int sha2_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
     crypto_req_handle_t);
 
-static crypto_digest_ops_t sha2_digest_ops = {
+static const crypto_digest_ops_t sha2_digest_ops = {
 	.digest_init = sha2_digest_init,
 	.digest = sha2_digest,
 	.digest_update = sha2_digest_update,
@@ -144,7 +144,7 @@ static int sha2_mac_verify_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
     crypto_spi_ctx_template_t, crypto_req_handle_t);
 
-static crypto_mac_ops_t sha2_mac_ops = {
+static const crypto_mac_ops_t sha2_mac_ops = {
 	.mac_init = sha2_mac_init,
 	.mac = NULL,
 	.mac_update = sha2_mac_update,
@@ -158,12 +158,12 @@ static int sha2_create_ctx_template(crypto_provider_handle_t,
     size_t *, crypto_req_handle_t);
 static int sha2_free_context(crypto_ctx_t *);
 
-static crypto_ctx_ops_t sha2_ctx_ops = {
+static const crypto_ctx_ops_t sha2_ctx_ops = {
 	.create_ctx_template = sha2_create_ctx_template,
 	.free_context = sha2_free_context
 };
 
-static crypto_ops_t sha2_crypto_ops = {{{{{
+static const crypto_ops_t sha2_crypto_ops = {{{{{
 	&sha2_control_ops,
 	&sha2_digest_ops,
 	NULL,
@@ -180,13 +180,13 @@ static crypto_ops_t sha2_crypto_ops = {{{{{
 	&sha2_ctx_ops
 }}}}};
 
-static crypto_provider_info_t sha2_prov_info = {{{{
+static const crypto_provider_info_t sha2_prov_info = {{{{
 	CRYPTO_SPI_VERSION_1,
 	"SHA2 Software Provider",
 	CRYPTO_SW_PROVIDER,
 	NULL,
 	&sha2_crypto_ops,
-	sizeof (sha2_mech_info_tab)/sizeof (crypto_mech_info_t),
+	sizeof (sha2_mech_info_tab) / sizeof (crypto_mech_info_t),
 	sha2_mech_info_tab
 }}}};
 

module/icp/io/skein_mod.c

@@ -30,7 +30,7 @@
 #define	SKEIN_MODULE_IMPL
 #include <sys/skein.h>
 
-static crypto_mech_info_t skein_mech_info_tab[] = {
+static const crypto_mech_info_t skein_mech_info_tab[] = {
 	{CKM_SKEIN_256, SKEIN_256_MECH_INFO_TYPE,
 	    CRYPTO_FG_DIGEST | CRYPTO_FG_DIGEST_ATOMIC,
 	    0, 0, CRYPTO_KEYSIZE_UNIT_IN_BITS},
@@ -53,7 +53,7 @@ static crypto_mech_info_t skein_mech_info_tab[] = {
 
 static void skein_provider_status(crypto_provider_handle_t, uint_t *);
 
-static crypto_control_ops_t skein_control_ops = {
+static const crypto_control_ops_t skein_control_ops = {
 	skein_provider_status
 };
 
@@ -67,7 +67,7 @@ static int skein_digest_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_data_t *, crypto_data_t *,
     crypto_req_handle_t);
 
-static crypto_digest_ops_t skein_digest_ops = {
+static const crypto_digest_ops_t skein_digest_ops = {
 	.digest_init = skein_digest_init,
 	.digest = skein_digest,
 	.digest_update = skein_update,
@@ -82,7 +82,7 @@ static int skein_mac_atomic(crypto_provider_handle_t, crypto_session_id_t,
     crypto_mechanism_t *, crypto_key_t *, crypto_data_t *, crypto_data_t *,
     crypto_spi_ctx_template_t, crypto_req_handle_t);
 
-static crypto_mac_ops_t skein_mac_ops = {
+static const crypto_mac_ops_t skein_mac_ops = {
 	.mac_init = skein_mac_init,
 	.mac = NULL,
 	.mac_update = skein_update, /* using regular digest update is OK here */
@@ -96,12 +96,12 @@ static int skein_create_ctx_template(crypto_provider_handle_t,
     size_t *, crypto_req_handle_t);
 static int skein_free_context(crypto_ctx_t *);
 
-static crypto_ctx_ops_t skein_ctx_ops = {
+static const crypto_ctx_ops_t skein_ctx_ops = {
 	.create_ctx_template = skein_create_ctx_template,
 	.free_context = skein_free_context
 };
 
-static crypto_ops_t skein_crypto_ops = {{{{{
+static const crypto_ops_t skein_crypto_ops = {{{{{
 	&skein_control_ops,
 	&skein_digest_ops,
 	NULL,
@@ -118,7 +118,7 @@ static crypto_ops_t skein_crypto_ops = {{{{{
 	&skein_ctx_ops,
 }}}}};
 
-static crypto_provider_info_t skein_prov_info = {{{{
+static const crypto_provider_info_t skein_prov_info = {{{{
 	CRYPTO_SPI_VERSION_1,
 	"Skein Software Provider",
 	CRYPTO_SW_PROVIDER,

module/icp/spi/kcf_spi.c

@@ -39,18 +39,19 @@
 /*
  * minalloc and maxalloc values to be used for taskq_create().
  */
-int crypto_taskq_threads = CRYPTO_TASKQ_THREADS;
-int crypto_taskq_minalloc = CRYPTO_TASKQ_MIN;
-int crypto_taskq_maxalloc = CRYPTO_TASKQ_MAX;
+const int crypto_taskq_threads = CRYPTO_TASKQ_THREADS;
+const int crypto_taskq_minalloc = CRYPTO_TASKQ_MIN;
+const int crypto_taskq_maxalloc = CRYPTO_TASKQ_MAX;
 
 static void remove_provider(kcf_provider_desc_t *);
-static void process_logical_providers(crypto_provider_info_t *,
+static void process_logical_providers(const crypto_provider_info_t *,
+    kcf_provider_desc_t *);
+static int init_prov_mechs(const crypto_provider_info_t *,
     kcf_provider_desc_t *);
-static int init_prov_mechs(crypto_provider_info_t *, kcf_provider_desc_t *);
 static int kcf_prov_kstat_update(kstat_t *, int);
 static void delete_kstat(kcf_provider_desc_t *);
 
-static kcf_prov_stats_t kcf_stats_ks_data_template = {
+static const kcf_prov_stats_t kcf_stats_ks_data_template = {
 	{ "kcf_ops_total",		KSTAT_DATA_UINT64 },
 	{ "kcf_ops_passed",		KSTAT_DATA_UINT64 },
 	{ "kcf_ops_failed",		KSTAT_DATA_UINT64 },
@@ -58,7 +59,7 @@ static kcf_prov_stats_t kcf_stats_ks_data_template = {
 };
 
 #define	KCF_SPI_COPY_OPS(src, dst, ops) if ((src)->ops != NULL) \
-	*((dst)->ops) = *((src)->ops);
+	memcpy((void *) (dst)->ops, (src)->ops, sizeof (*(src)->ops));
 
 /*
  * Copy an ops vector from src to dst. Used during provider registration
@@ -69,7 +70,7 @@ static kcf_prov_stats_t kcf_stats_ks_data_template = {
  * persistent.
  */
 static void
-copy_ops_vector_v1(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
+copy_ops_vector_v1(const crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
 {
 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_control_ops);
 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_digest_ops);
@@ -88,13 +89,13 @@ copy_ops_vector_v1(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
 }
 
 static void
-copy_ops_vector_v2(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
+copy_ops_vector_v2(const crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
 {
 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_mech_ops);
 }
 
 static void
-copy_ops_vector_v3(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
+copy_ops_vector_v3(const crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
 {
 	KCF_SPI_COPY_OPS(src_ops, dst_ops, co_nostore_key_ops);
 }
@@ -108,7 +109,7 @@ copy_ops_vector_v3(crypto_ops_t *src_ops, crypto_ops_t *dst_ops)
  * routines.  Software providers call this routine in their _init() routine.
  */
 int
-crypto_register_provider(crypto_provider_info_t *info,
+crypto_register_provider(const crypto_provider_info_t *info,
     crypto_kcf_provider_handle_t *handle)
 {
 	char *ks_name;
@@ -158,16 +159,14 @@ crypto_register_provider(crypto_provider_info_t *info,
 		if (info->pi_ops_vector == NULL) {
 			goto bail;
 		}
-		copy_ops_vector_v1(info->pi_ops_vector,
-		    prov_desc->pd_ops_vector);
+		crypto_ops_t *pvec = (crypto_ops_t *)prov_desc->pd_ops_vector;
+		copy_ops_vector_v1(info->pi_ops_vector, pvec);
 		if (info->pi_interface_version >= CRYPTO_SPI_VERSION_2) {
-			copy_ops_vector_v2(info->pi_ops_vector,
-			    prov_desc->pd_ops_vector);
+			copy_ops_vector_v2(info->pi_ops_vector, pvec);
 			prov_desc->pd_flags = info->pi_flags;
 		}
 		if (info->pi_interface_version == CRYPTO_SPI_VERSION_3) {
-			copy_ops_vector_v3(info->pi_ops_vector,
-			    prov_desc->pd_ops_vector);
+			copy_ops_vector_v3(info->pi_ops_vector, pvec);
 		}
 	}
 
@@ -199,8 +198,8 @@ crypto_register_provider(crypto_provider_info_t *info,
 	 */
 	if (prov_desc->pd_prov_type == CRYPTO_HW_PROVIDER)
 		prov_desc->pd_sched_info.ks_taskq = taskq_create("kcf_taskq",
-		    crypto_taskq_threads, minclsyspri,
-		    crypto_taskq_minalloc, crypto_taskq_maxalloc,
+		    CRYPTO_TASKQ_THREADS, minclsyspri,
+		    CRYPTO_TASKQ_MIN, CRYPTO_TASKQ_MAX,
 		    TASKQ_PREPOPULATE);
 	else
 		prov_desc->pd_sched_info.ks_taskq = NULL;
@@ -566,7 +565,7 @@ crypto_kmflag(crypto_req_handle_t handle)
  * if the table of mechanisms is full.
  */
 static int
-init_prov_mechs(crypto_provider_info_t *info, kcf_provider_desc_t *desc)
+init_prov_mechs(const crypto_provider_info_t *info, kcf_provider_desc_t *desc)
 {
 	uint_t mech_idx;
 	uint_t cleanup_idx;
@@ -811,7 +810,8 @@ remove_provider_from_array(kcf_provider_desc_t *p1, kcf_provider_desc_t *p2)
  * descriptors (kcf_provider_desc_t) attached to a logical provider.
  */
 static void
-process_logical_providers(crypto_provider_info_t *info, kcf_provider_desc_t *hp)
+process_logical_providers(const crypto_provider_info_t *info,
+    kcf_provider_desc_t *hp)
 {
 	kcf_provider_desc_t *lp;
 	crypto_provider_id_t handle;