module: icp: drop software provider generation numbers

We register all providers at once, before anything happens

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #12901

module/icp/api/kcf_cipher.c

@@ -90,22 +90,8 @@ retry:
 		return (error);
 	}
 
-	/*
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
-	 * Check the validity of the context template
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -193,22 +179,8 @@ retry:
 		return (error);
 	}
 
-	/*
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
-	 * Check the validity of the context template
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {

module/icp/api/kcf_ctxops.c

@@ -104,7 +104,6 @@ crypto_create_ctx_template(crypto_mechanism_t *mech, crypto_key_t *key,
 	    &(ctx_tmpl->ct_prov_tmpl), &(ctx_tmpl->ct_size), KCF_RHNDL(kmflag));
 
 	if (error == CRYPTO_SUCCESS) {
-		ctx_tmpl->ct_generation = me->me_gen_swprov;
 		*ptmpl = ctx_tmpl;
 	} else {
 		kmem_free(ctx_tmpl, sizeof (kcf_ctx_template_t));

module/icp/api/kcf_mac.c

@@ -109,22 +109,8 @@ retry:
 		return (error);
 	}
 
-	/*
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
-	 * Check the validity of the context template
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -185,22 +171,8 @@ retry:
 		return (error);
 	}
 
-	/*
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
-	 * Check the validity of the context template
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -345,16 +317,8 @@ retry:
 	 * freeing this tmpl and create a new one for the key and new provider
 	 */
 
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
 
 	error = crypto_mac_init_prov(pd, pd->pd_sid, mech, key,
 	    spi_ctx_tmpl, ctxp, crq);

module/icp/core/kcf_mech_tabs.c

@@ -111,7 +111,6 @@ static const int kcf_bf_threshold = 512;
 static const int kcf_rc4_threshold = 512;
 
 static kmutex_t kcf_mech_tabs_lock;
-static uint32_t kcf_gen_swprov = 0;
 
 static const int kcf_mech_hash_size = 256;
 static mod_hash_t *kcf_mech_hash;	/* mech name to id hash */
@@ -446,9 +445,6 @@ kcf_add_mech_provider(short mech_indx,
 		 * this mechanism.
 		 */
 		mech_entry->me_sw_prov = prov_mech;
-
-		/* We'll wrap around after 4 billion registrations! */
-		mech_entry->me_gen_swprov = kcf_gen_swprov++;
 	}
 	mutex_exit(&mech_entry->me_mutex);
 

module/icp/include/sys/crypto/impl.h

@@ -263,11 +263,6 @@ typedef	struct kcf_mech_entry {
 	crypto_mech_type_t	me_mechid;	/* Internal id for mechanism */
 	kmutex_t		me_mutex;	/* access protection	*/
 	kcf_prov_mech_desc_t	*me_sw_prov;    /* provider */
-	/*
-	 * When a provider is present, this is the generation number that
-	 * ensures no objects from old providers are used in the new one
-	 */
-	uint32_t		me_gen_swprov;
 	/*
 	 *  threshold for using hardware providers for this mech
 	 */