mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-25 18:59:33 +03:00
module: icp: remove provider stats
These were all folded into a single kstat at /proc/spl/kstat/kcf/NONAME_provider_stats with no way to know which one it actually was, and only the AES and SHA (so not Skein) ones were ever updated Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz> Closes #12901
This commit is contained in:
parent
bf86638687
commit
666749806d
@ -91,7 +91,6 @@ retry:
|
||||
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
|
||||
error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key,
|
||||
plaintext, ciphertext, spi_ctx_tmpl);
|
||||
KCF_PROV_INCRSTATS(pd, error);
|
||||
|
||||
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
|
||||
/* Add pd to the linked list of providers tried. */
|
||||
@ -164,7 +163,6 @@ retry:
|
||||
|
||||
error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key,
|
||||
ciphertext, plaintext, spi_ctx_tmpl);
|
||||
KCF_PROV_INCRSTATS(pd, error);
|
||||
|
||||
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
|
||||
/* Add pd to the linked list of providers tried. */
|
||||
|
@ -107,7 +107,6 @@ retry:
|
||||
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
|
||||
error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data,
|
||||
mac, spi_ctx_tmpl);
|
||||
KCF_PROV_INCRSTATS(pd, error);
|
||||
|
||||
if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
|
||||
/* Add pd to the linked list of providers tried. */
|
||||
@ -171,7 +170,6 @@ crypto_mac_init_prov(kcf_provider_desc_t *pd,
|
||||
crypto_mechanism_t lmech = *mech;
|
||||
KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech);
|
||||
rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl);
|
||||
KCF_PROV_INCRSTATS(pd, rv);
|
||||
|
||||
if (rv == CRYPTO_SUCCESS)
|
||||
*ctxp = (crypto_context_t)ctx;
|
||||
@ -259,9 +257,7 @@ crypto_mac_update(crypto_context_t context, crypto_data_t *data)
|
||||
return (CRYPTO_INVALID_CONTEXT);
|
||||
}
|
||||
|
||||
int rv = KCF_PROV_MAC_UPDATE(pd, ctx, data);
|
||||
KCF_PROV_INCRSTATS(pd, rv);
|
||||
return (rv);
|
||||
return (KCF_PROV_MAC_UPDATE(pd, ctx, data));
|
||||
}
|
||||
|
||||
/*
|
||||
@ -291,7 +287,6 @@ crypto_mac_final(crypto_context_t context, crypto_data_t *mac)
|
||||
}
|
||||
|
||||
int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac);
|
||||
KCF_PROV_INCRSTATS(pd, rv);
|
||||
|
||||
/* Release the hold done in kcf_new_ctx() during init step. */
|
||||
KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx);
|
||||
|
@ -40,55 +40,11 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define KCF_MODULE "kcf"
|
||||
|
||||
/*
|
||||
* Prefixes convention: structures internal to the kernel cryptographic
|
||||
* framework start with 'kcf_'. Exposed structure start with 'crypto_'.
|
||||
*/
|
||||
|
||||
/* Provider stats. Not protected. */
|
||||
typedef struct kcf_prov_stats {
|
||||
kstat_named_t ps_ops_total;
|
||||
kstat_named_t ps_ops_passed;
|
||||
kstat_named_t ps_ops_failed;
|
||||
kstat_named_t ps_ops_busy_rval;
|
||||
} kcf_prov_stats_t;
|
||||
|
||||
/*
|
||||
* Keep all the information needed by the scheduler from
|
||||
* this provider.
|
||||
*/
|
||||
typedef struct kcf_sched_info {
|
||||
/* The number of operations dispatched. */
|
||||
uint64_t ks_ndispatches;
|
||||
|
||||
/* The number of operations that failed. */
|
||||
uint64_t ks_nfails;
|
||||
|
||||
/* The number of operations that returned CRYPTO_BUSY. */
|
||||
uint64_t ks_nbusy_rval;
|
||||
} kcf_sched_info_t;
|
||||
|
||||
/*
|
||||
* pd_irefcnt approximates the number of inflight requests to the
|
||||
* provider. Though we increment this counter during registration for
|
||||
* other purposes, that base value is mostly same across all providers.
|
||||
* So, it is a good measure of the load on a provider when it is not
|
||||
* in a busy state. Once a provider notifies it is busy, requests
|
||||
* back up in the taskq. So, we use tq_nalloc in that case which gives
|
||||
* the number of task entries in the task queue. Note that we do not
|
||||
* acquire any locks here as it is not critical to get the exact number
|
||||
* and the lock contention may be too costly for this code path.
|
||||
*/
|
||||
#define KCF_PROV_INCRSTATS(pd, error) { \
|
||||
(pd)->pd_sched_info.ks_ndispatches++; \
|
||||
if (error == CRYPTO_BUSY) \
|
||||
(pd)->pd_sched_info.ks_nbusy_rval++; \
|
||||
else if (error != CRYPTO_SUCCESS) \
|
||||
(pd)->pd_sched_info.ks_nfails++; \
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* The following two macros should be
|
||||
@ -147,15 +103,12 @@ typedef enum {
|
||||
* number to an index in pd_mechanisms array
|
||||
* pd_mechanisms: Array of mechanisms supported by the provider, specified
|
||||
* by the provider during registration
|
||||
* pd_sched_info: Scheduling information associated with the provider
|
||||
* pd_mech_list_count: The number of entries in pi_mechanisms, specified
|
||||
* by the provider during registration
|
||||
* pd_remove_cv: cv to wait on while the provider queue drains
|
||||
* pd_description: Provider description string
|
||||
* pd_kcf_prov_handle: KCF-private handle assigned by KCF
|
||||
* pd_prov_id: Identification # assigned by KCF to provider
|
||||
* pd_kstat: kstat associated with the provider
|
||||
* pd_ks_data: kstat data
|
||||
*/
|
||||
typedef struct kcf_provider_desc {
|
||||
uint_t pd_refcnt;
|
||||
@ -166,14 +119,11 @@ typedef struct kcf_provider_desc {
|
||||
ushort_t pd_mech_indx[KCF_OPS_CLASSSIZE]\
|
||||
[KCF_MAXMECHTAB];
|
||||
const crypto_mech_info_t *pd_mechanisms;
|
||||
kcf_sched_info_t pd_sched_info;
|
||||
uint_t pd_mech_list_count;
|
||||
kcondvar_t pd_remove_cv;
|
||||
const char *pd_description;
|
||||
crypto_kcf_provider_handle_t pd_kcf_prov_handle;
|
||||
crypto_provider_id_t pd_prov_id;
|
||||
kstat_t *pd_kstat;
|
||||
kcf_prov_stats_t pd_ks_data;
|
||||
} kcf_provider_desc_t;
|
||||
|
||||
/* atomic operations in linux implicitly form a memory barrier */
|
||||
|
@ -38,15 +38,6 @@
|
||||
|
||||
static int init_prov_mechs(const crypto_provider_info_t *,
|
||||
kcf_provider_desc_t *);
|
||||
static int kcf_prov_kstat_update(kstat_t *, int);
|
||||
static void delete_kstat(kcf_provider_desc_t *);
|
||||
|
||||
static const kcf_prov_stats_t kcf_stats_ks_data_template = {
|
||||
{ "kcf_ops_total", KSTAT_DATA_UINT64 },
|
||||
{ "kcf_ops_passed", KSTAT_DATA_UINT64 },
|
||||
{ "kcf_ops_failed", KSTAT_DATA_UINT64 },
|
||||
{ "kcf_ops_returned_busy", KSTAT_DATA_UINT64 }
|
||||
};
|
||||
|
||||
/*
|
||||
* This routine is used to add cryptographic providers to the KEF framework.
|
||||
@ -95,27 +86,6 @@ crypto_register_provider(const crypto_provider_info_t *info,
|
||||
* to keep some entries cached to improve performance.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Create the kstat for this provider. There is a kstat
|
||||
* installed for each successfully registered provider.
|
||||
* This kstat is deleted, when the provider unregisters.
|
||||
*/
|
||||
prov_desc->pd_kstat = kstat_create("kcf", 0, "NONAME_provider_stats",
|
||||
"crypto", KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
|
||||
sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
|
||||
|
||||
if (prov_desc->pd_kstat != NULL) {
|
||||
bcopy(&kcf_stats_ks_data_template,
|
||||
&prov_desc->pd_ks_data,
|
||||
sizeof (kcf_stats_ks_data_template));
|
||||
prov_desc->pd_kstat->ks_data = &prov_desc->pd_ks_data;
|
||||
KCF_PROV_REFHOLD(prov_desc);
|
||||
KCF_PROV_IREFHOLD(prov_desc);
|
||||
prov_desc->pd_kstat->ks_private = prov_desc;
|
||||
prov_desc->pd_kstat->ks_update = kcf_prov_kstat_update;
|
||||
kstat_install(prov_desc->pd_kstat);
|
||||
}
|
||||
|
||||
mutex_enter(&prov_desc->pd_lock);
|
||||
prov_desc->pd_state = KCF_PROV_READY;
|
||||
mutex_exit(&prov_desc->pd_lock);
|
||||
@ -192,8 +162,6 @@ crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
|
||||
return (CRYPTO_UNKNOWN_PROVIDER);
|
||||
}
|
||||
|
||||
delete_kstat(desc);
|
||||
|
||||
/* Release reference held by kcf_prov_tab_lookup(). */
|
||||
KCF_PROV_REFRELE(desc);
|
||||
|
||||
@ -290,35 +258,6 @@ init_prov_mechs(const crypto_provider_info_t *info, kcf_provider_desc_t *desc)
|
||||
return (CRYPTO_ARGUMENTS_BAD);
|
||||
}
|
||||
|
||||
/*
|
||||
* Update routine for kstat. Only privileged users are allowed to
|
||||
* access this information, since this information is sensitive.
|
||||
* There are some cryptographic attacks (e.g. traffic analysis)
|
||||
* which can use this information.
|
||||
*/
|
||||
static int
|
||||
kcf_prov_kstat_update(kstat_t *ksp, int rw)
|
||||
{
|
||||
kcf_prov_stats_t *ks_data;
|
||||
kcf_provider_desc_t *pd = (kcf_provider_desc_t *)ksp->ks_private;
|
||||
|
||||
if (rw == KSTAT_WRITE)
|
||||
return (EACCES);
|
||||
|
||||
ks_data = ksp->ks_data;
|
||||
|
||||
ks_data->ps_ops_total.value.ui64 = pd->pd_sched_info.ks_ndispatches;
|
||||
ks_data->ps_ops_failed.value.ui64 = pd->pd_sched_info.ks_nfails;
|
||||
ks_data->ps_ops_busy_rval.value.ui64 = pd->pd_sched_info.ks_nbusy_rval;
|
||||
ks_data->ps_ops_passed.value.ui64 =
|
||||
pd->pd_sched_info.ks_ndispatches -
|
||||
pd->pd_sched_info.ks_nfails -
|
||||
pd->pd_sched_info.ks_nbusy_rval;
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Utility routine called from failure paths in crypto_register_provider()
|
||||
* and from crypto_load_soft_disabled().
|
||||
@ -339,19 +278,3 @@ undo_register_provider(kcf_provider_desc_t *desc, boolean_t remove_prov)
|
||||
if (remove_prov)
|
||||
(void) kcf_prov_tab_rem_provider(desc->pd_prov_id);
|
||||
}
|
||||
|
||||
static void
|
||||
delete_kstat(kcf_provider_desc_t *desc)
|
||||
{
|
||||
/* destroy the kstat created for this provider */
|
||||
if (desc->pd_kstat != NULL) {
|
||||
kcf_provider_desc_t *kspd = desc->pd_kstat->ks_private;
|
||||
|
||||
/* release reference held by desc->pd_kstat->ks_private */
|
||||
ASSERT(desc == kspd);
|
||||
kstat_delete(kspd->pd_kstat);
|
||||
desc->pd_kstat = NULL;
|
||||
KCF_PROV_REFRELE(kspd);
|
||||
KCF_PROV_IREFRELE(kspd);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user