module: icp: remove provider stats

These were all folded into a single kstat at
  /proc/spl/kstat/kcf/NONAME_provider_stats
with no way to know which one it actually was,
and only the AES and SHA (so not Skein) ones were ever updated

Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Ahelenia Ziemiańska <[email protected]>
Closes #12901

4 files changed, 1 insertions, 135 deletions

diff --git a/module/icp/api/kcf_cipher.c b/module/icp/api/kcf_cipher.c
index 34023f984..81c3b96b1 100644
--- a/module/icp/api/kcf_cipher.c
+++ b/module/icp/api/kcf_cipher.c
@@ -91,7 +91,6 @@ retry:
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
 	error = KCF_PROV_ENCRYPT_ATOMIC(pd, &lmech, key,
 	    plaintext, ciphertext, spi_ctx_tmpl);
-	KCF_PROV_INCRSTATS(pd, error);
 
 	if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
 		/* Add pd to the linked list of providers tried. */
@@ -164,7 +163,6 @@ retry:
 
 	error = KCF_PROV_DECRYPT_ATOMIC(pd, &lmech, key,
 	    ciphertext, plaintext, spi_ctx_tmpl);
-	KCF_PROV_INCRSTATS(pd, error);
 
 	if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
 		/* Add pd to the linked list of providers tried. */
diff --git a/module/icp/api/kcf_mac.c b/module/icp/api/kcf_mac.c
index 36db2cbb5..6a72811ea 100644
--- a/module/icp/api/kcf_mac.c
+++ b/module/icp/api/kcf_mac.c
@@ -107,7 +107,6 @@ retry:
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, pd, &lmech);
 	error = KCF_PROV_MAC_ATOMIC(pd, &lmech, key, data,
 	    mac, spi_ctx_tmpl);
-	KCF_PROV_INCRSTATS(pd, error);
 
 	if (error != CRYPTO_SUCCESS && IS_RECOVERABLE(error)) {
 		/* Add pd to the linked list of providers tried. */
@@ -171,7 +170,6 @@ crypto_mac_init_prov(kcf_provider_desc_t *pd,
 	crypto_mechanism_t lmech = *mech;
 	KCF_SET_PROVIDER_MECHNUM(mech->cm_type, real_provider, &lmech);
 	rv = KCF_PROV_MAC_INIT(real_provider, ctx, &lmech, key, tmpl);
-	KCF_PROV_INCRSTATS(pd, rv);
 
 	if (rv == CRYPTO_SUCCESS)
 		*ctxp = (crypto_context_t)ctx;
@@ -259,9 +257,7 @@ crypto_mac_update(crypto_context_t context, crypto_data_t *data)
 		return (CRYPTO_INVALID_CONTEXT);
 	}
 
-	int rv = KCF_PROV_MAC_UPDATE(pd, ctx, data);
-	KCF_PROV_INCRSTATS(pd, rv);
-	return (rv);
+	return (KCF_PROV_MAC_UPDATE(pd, ctx, data));
 }
 
 /*
@@ -291,7 +287,6 @@ crypto_mac_final(crypto_context_t context, crypto_data_t *mac)
 	}
 
 	int rv = KCF_PROV_MAC_FINAL(pd, ctx, mac);
-	KCF_PROV_INCRSTATS(pd, rv);
 
 	/* Release the hold done in kcf_new_ctx() during init step. */
 	KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx);
diff --git a/module/icp/include/sys/crypto/impl.h b/module/icp/include/sys/crypto/impl.h
index e440d5944..dca7aa1b5 100644
--- a/module/icp/include/sys/crypto/impl.h
+++ b/module/icp/include/sys/crypto/impl.h
@@ -40,55 +40,11 @@
 extern "C" {
 #endif
 
-#define	KCF_MODULE "kcf"
-
 /*
  * Prefixes convention: structures internal to the kernel cryptographic
  * framework start with 'kcf_'. Exposed structure start with 'crypto_'.
  */
 
-/* Provider stats. Not protected. */
-typedef	struct kcf_prov_stats {
-	kstat_named_t	ps_ops_total;
-	kstat_named_t	ps_ops_passed;
-	kstat_named_t	ps_ops_failed;
-	kstat_named_t	ps_ops_busy_rval;
-} kcf_prov_stats_t;
-
-/*
- * Keep all the information needed by the scheduler from
- * this provider.
- */
-typedef struct kcf_sched_info {
-	/* The number of operations dispatched. */
-	uint64_t	ks_ndispatches;
-
-	/* The number of operations that failed. */
-	uint64_t	ks_nfails;
-
-	/* The number of operations that returned CRYPTO_BUSY. */
-	uint64_t	ks_nbusy_rval;
-} kcf_sched_info_t;
-
-/*
- * pd_irefcnt approximates the number of inflight requests to the
- * provider. Though we increment this counter during registration for
- * other purposes, that base value is mostly same across all providers.
- * So, it is a good measure of the load on a provider when it is not
- * in a busy state. Once a provider notifies it is busy, requests
- * back up in the taskq. So, we use tq_nalloc in that case which gives
- * the number of task entries in the task queue. Note that we do not
- * acquire any locks here as it is not critical to get the exact number
- * and the lock contention may be too costly for this code path.
- */
-#define	KCF_PROV_INCRSTATS(pd, error)	{				\
-	(pd)->pd_sched_info.ks_ndispatches++;				\
-	if (error == CRYPTO_BUSY)					\
-		(pd)->pd_sched_info.ks_nbusy_rval++;			\
-	else if (error != CRYPTO_SUCCESS)	\
-		(pd)->pd_sched_info.ks_nfails++;			\
-}
-
 
 /*
  * The following two macros should be
@@ -147,15 +103,12 @@ typedef enum {
  *			number to an index in pd_mechanisms array
  * pd_mechanisms:	Array of mechanisms supported by the provider, specified
  *			by the provider during registration
- * pd_sched_info:	Scheduling information associated with the provider
  * pd_mech_list_count:	The number of entries in pi_mechanisms, specified
  *			by the provider during registration
  * pd_remove_cv:	cv to wait on while the provider queue drains
  * pd_description:	Provider description string
  * pd_kcf_prov_handle:	KCF-private handle assigned by KCF
  * pd_prov_id:		Identification # assigned by KCF to provider
- * pd_kstat:		kstat associated with the provider
- * pd_ks_data:		kstat data
  */
 typedef struct kcf_provider_desc {
 	uint_t				pd_refcnt;
@@ -166,14 +119,11 @@ typedef struct kcf_provider_desc {
 	ushort_t			pd_mech_indx[KCF_OPS_CLASSSIZE]\
 					    [KCF_MAXMECHTAB];
 	const crypto_mech_info_t		*pd_mechanisms;
-	kcf_sched_info_t		pd_sched_info;
 	uint_t				pd_mech_list_count;
 	kcondvar_t			pd_remove_cv;
 	const char				*pd_description;
 	crypto_kcf_provider_handle_t	pd_kcf_prov_handle;
 	crypto_provider_id_t		pd_prov_id;
-	kstat_t				*pd_kstat;
-	kcf_prov_stats_t		pd_ks_data;
 } kcf_provider_desc_t;
 
 /* atomic operations in linux implicitly form a memory barrier */
diff --git a/module/icp/spi/kcf_spi.c b/module/icp/spi/kcf_spi.c
index 62df15801..87e765d47 100644
--- a/module/icp/spi/kcf_spi.c
+++ b/module/icp/spi/kcf_spi.c
@@ -38,15 +38,6 @@
 
 static int init_prov_mechs(const crypto_provider_info_t *,
     kcf_provider_desc_t *);
-static int kcf_prov_kstat_update(kstat_t *, int);
-static void delete_kstat(kcf_provider_desc_t *);
-
-static const kcf_prov_stats_t kcf_stats_ks_data_template = {
-	{ "kcf_ops_total",		KSTAT_DATA_UINT64 },
-	{ "kcf_ops_passed",		KSTAT_DATA_UINT64 },
-	{ "kcf_ops_failed",		KSTAT_DATA_UINT64 },
-	{ "kcf_ops_returned_busy",	KSTAT_DATA_UINT64 }
-};
 
 /*
  * This routine is used to add cryptographic providers to the KEF framework.
@@ -95,27 +86,6 @@ crypto_register_provider(const crypto_provider_info_t *info,
 	 * to keep some entries cached to improve performance.
 	 */
 
-	/*
-	 * Create the kstat for this provider. There is a kstat
-	 * installed for each successfully registered provider.
-	 * This kstat is deleted, when the provider unregisters.
-	 */
-	prov_desc->pd_kstat = kstat_create("kcf", 0, "NONAME_provider_stats",
-	    "crypto", KSTAT_TYPE_NAMED, sizeof (kcf_prov_stats_t) /
-	    sizeof (kstat_named_t), KSTAT_FLAG_VIRTUAL);
-
-	if (prov_desc->pd_kstat != NULL) {
-		bcopy(&kcf_stats_ks_data_template,
-		    &prov_desc->pd_ks_data,
-		    sizeof (kcf_stats_ks_data_template));
-		prov_desc->pd_kstat->ks_data = &prov_desc->pd_ks_data;
-		KCF_PROV_REFHOLD(prov_desc);
-		KCF_PROV_IREFHOLD(prov_desc);
-		prov_desc->pd_kstat->ks_private = prov_desc;
-		prov_desc->pd_kstat->ks_update = kcf_prov_kstat_update;
-		kstat_install(prov_desc->pd_kstat);
-	}
-
 	mutex_enter(&prov_desc->pd_lock);
 	prov_desc->pd_state = KCF_PROV_READY;
 	mutex_exit(&prov_desc->pd_lock);
@@ -192,8 +162,6 @@ crypto_unregister_provider(crypto_kcf_provider_handle_t handle)
 		return (CRYPTO_UNKNOWN_PROVIDER);
 	}
 
-	delete_kstat(desc);
-
 	/* Release reference held by kcf_prov_tab_lookup(). */
 	KCF_PROV_REFRELE(desc);
 
@@ -291,35 +259,6 @@ init_prov_mechs(const crypto_provider_info_t *info, kcf_provider_desc_t *desc)
 }
 
 /*
- * Update routine for kstat. Only privileged users are allowed to
- * access this information, since this information is sensitive.
- * There are some cryptographic attacks (e.g. traffic analysis)
- * which can use this information.
- */
-static int
-kcf_prov_kstat_update(kstat_t *ksp, int rw)
-{
-	kcf_prov_stats_t *ks_data;
-	kcf_provider_desc_t *pd = (kcf_provider_desc_t *)ksp->ks_private;
-
-	if (rw == KSTAT_WRITE)
-		return (EACCES);
-
-	ks_data = ksp->ks_data;
-
-	ks_data->ps_ops_total.value.ui64 = pd->pd_sched_info.ks_ndispatches;
-	ks_data->ps_ops_failed.value.ui64 = pd->pd_sched_info.ks_nfails;
-	ks_data->ps_ops_busy_rval.value.ui64 = pd->pd_sched_info.ks_nbusy_rval;
-	ks_data->ps_ops_passed.value.ui64 =
-	    pd->pd_sched_info.ks_ndispatches -
-	    pd->pd_sched_info.ks_nfails -
-	    pd->pd_sched_info.ks_nbusy_rval;
-
-	return (0);
-}
-
-
-/*
  * Utility routine called from failure paths in crypto_register_provider()
  * and from crypto_load_soft_disabled().
  */
@@ -339,19 +278,3 @@ undo_register_provider(kcf_provider_desc_t *desc, boolean_t remove_prov)
 	if (remove_prov)
 		(void) kcf_prov_tab_rem_provider(desc->pd_prov_id);
 }
-
-static void
-delete_kstat(kcf_provider_desc_t *desc)
-{
-	/* destroy the kstat created for this provider */
-	if (desc->pd_kstat != NULL) {
-		kcf_provider_desc_t *kspd = desc->pd_kstat->ks_private;
-
-		/* release reference held by desc->pd_kstat->ks_private */
-		ASSERT(desc == kspd);
-		kstat_delete(kspd->pd_kstat);
-		desc->pd_kstat = NULL;
-		KCF_PROV_REFRELE(kspd);
-		KCF_PROV_IREFRELE(kspd);
-	}
-}