module: icp: drop software provider generation numbers

We register all providers at once, before anything happens

Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #12901

5 files changed, 10 insertions, 84 deletions

diff --git a/module/icp/api/kcf_cipher.c b/module/icp/api/kcf_cipher.c
index 51cf86e97..d515fa6da 100644
--- a/module/icp/api/kcf_cipher.c
+++ b/module/icp/api/kcf_cipher.c
@@ -90,22 +90,8 @@ retry:
 		return (error);
 	}
 
-	/*
-	 * Check the validity of the context template
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -193,22 +179,8 @@ retry:
 		return (error);
 	}
 
-	/*
-	 * Check the validity of the context template
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
diff --git a/module/icp/api/kcf_ctxops.c b/module/icp/api/kcf_ctxops.c
index 21b0977d3..85cc55c8a 100644
--- a/module/icp/api/kcf_ctxops.c
+++ b/module/icp/api/kcf_ctxops.c
@@ -104,7 +104,6 @@ crypto_create_ctx_template(crypto_mechanism_t *mech, crypto_key_t *key,
 	    &(ctx_tmpl->ct_prov_tmpl), &(ctx_tmpl->ct_size), KCF_RHNDL(kmflag));
 
 	if (error == CRYPTO_SUCCESS) {
-		ctx_tmpl->ct_generation = me->me_gen_swprov;
 		*ptmpl = ctx_tmpl;
 	} else {
 		kmem_free(ctx_tmpl, sizeof (kcf_ctx_template_t));
diff --git a/module/icp/api/kcf_mac.c b/module/icp/api/kcf_mac.c
index 3238b4edf..34f404aea 100644
--- a/module/icp/api/kcf_mac.c
+++ b/module/icp/api/kcf_mac.c
@@ -109,22 +109,8 @@ retry:
 		return (error);
 	}
 
-	/*
-	 * Check the validity of the context template
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -185,22 +171,8 @@ retry:
 		return (error);
 	}
 
-	/*
-	 * Check the validity of the context template
-	 * It is very rare that the generation number mis-matches, so
-	 * is acceptable to fail here, and let the consumer recover by
-	 * freeing this tmpl and create a new one for the key and new provider
-	 */
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
 
 	/* The fast path for SW providers. */
 	if (CHECK_FASTPATH(crq, pd)) {
@@ -345,16 +317,8 @@ retry:
 	 * freeing this tmpl and create a new one for the key and new provider
 	 */
 
-	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL)) {
-		if (ctx_tmpl->ct_generation != me->me_gen_swprov) {
-			if (list != NULL)
-				kcf_free_triedlist(list);
-			KCF_PROV_REFRELE(pd);
-			return (CRYPTO_OLD_CTX_TEMPLATE);
-		} else {
-			spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
-		}
-	}
+	if (((ctx_tmpl = (kcf_ctx_template_t *)tmpl) != NULL))
+		spi_ctx_tmpl = ctx_tmpl->ct_prov_tmpl;
 
 	error = crypto_mac_init_prov(pd, pd->pd_sid, mech, key,
 	    spi_ctx_tmpl, ctxp, crq);
diff --git a/module/icp/core/kcf_mech_tabs.c b/module/icp/core/kcf_mech_tabs.c
index beed581a5..811db7136 100644
--- a/module/icp/core/kcf_mech_tabs.c
+++ b/module/icp/core/kcf_mech_tabs.c
@@ -111,7 +111,6 @@ static const int kcf_bf_threshold = 512;
 static const int kcf_rc4_threshold = 512;
 
 static kmutex_t kcf_mech_tabs_lock;
-static uint32_t kcf_gen_swprov = 0;
 
 static const int kcf_mech_hash_size = 256;
 static mod_hash_t *kcf_mech_hash;	/* mech name to id hash */
@@ -446,9 +445,6 @@ kcf_add_mech_provider(short mech_indx,
 		 * this mechanism.
 		 */
 		mech_entry->me_sw_prov = prov_mech;
-
-		/* We'll wrap around after 4 billion registrations! */
-		mech_entry->me_gen_swprov = kcf_gen_swprov++;
 	}
 	mutex_exit(&mech_entry->me_mutex);
 
diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h
index fd93ee508..8b45c0536 100644
--- a/module/icp/include/sys/crypto/impl.h
+++ b/module/icp/include/sys/crypto/impl.h
@@ -264,11 +264,6 @@ typedef	struct kcf_mech_entry {
 	kmutex_t		me_mutex;	/* access protection	*/
 	kcf_prov_mech_desc_t	*me_sw_prov;    /* provider */
 	/*
-	 * When a provider is present, this is the generation number that
-	 * ensures no objects from old providers are used in the new one
-	 */
-	uint32_t		me_gen_swprov;
-	/*
 	 *  threshold for using hardware providers for this mech
 	 */
 	size_t			me_threshold;