1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 /*
26  * Copyright 2010 Nexenta Systems, Inc.  All rights reserved.
27  */
28 
29 #ifndef _SYS_CRYPTO_SCHED_IMPL_H
30 #define	_SYS_CRYPTO_SCHED_IMPL_H
31 
32 /*
33  * Scheduler internal structures.
34  */
35 
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39 
40 #include <sys/types.h>
41 #include <sys/mutex.h>
42 #include <sys/condvar.h>
43 #include <sys/door.h>
44 #include <sys/crypto/api.h>
45 #include <sys/crypto/spi.h>
46 #include <sys/crypto/impl.h>
47 #include <sys/crypto/common.h>
48 #include <sys/crypto/ops_impl.h>
49 
50 typedef void (kcf_func_t)(void *, int);
51 
52 typedef enum kcf_req_status {
53 	REQ_ALLOCATED = 1,
54 	REQ_WAITING,		/* At the framework level */
55 	REQ_INPROGRESS,		/* At the provider level */
56 	REQ_DONE,
57 	REQ_CANCELED
58 } kcf_req_status_t;
59 
60 typedef enum kcf_call_type {
61 	CRYPTO_SYNCH = 1,
62 	CRYPTO_ASYNCH
63 } kcf_call_type_t;
64 
65 #define	CHECK_FASTPATH(crq, pd) ((crq) == NULL ||	\
66 	!((crq)->cr_flag & CRYPTO_ALWAYS_QUEUE)) &&	\
67 	(pd)->pd_prov_type == CRYPTO_SW_PROVIDER
68 
69 #define	KCF_KMFLAG(crq)	(((crq) == NULL) ? KM_SLEEP : KM_NOSLEEP)
70 
71 /*
72  * The framework keeps an internal handle to use in the adaptive
73  * asynchronous case. This is the case when a client has the
74  * CRYPTO_ALWAYS_QUEUE bit clear and a software provider is used for
75  * the request. The request is completed in the context of the calling
76  * thread and kernel memory must be allocated with KM_NOSLEEP.
77  *
78  * The framework passes a pointer to the handle in crypto_req_handle_t
79  * argument when it calls the SPI of the software provider. The macros
80  * KCF_RHNDL() and KCF_SWFP_RHNDL() are used to do this.
81  *
82  * When a provider asks the framework for kmflag value via
83  * crypto_kmflag(9S) we use REQHNDL2_KMFLAG() macro.
84  */
85 extern ulong_t kcf_swprov_hndl;
86 #define	KCF_RHNDL(kmflag) (((kmflag) == KM_SLEEP) ? NULL : &kcf_swprov_hndl)
87 #define	KCF_SWFP_RHNDL(crq) (((crq) == NULL) ? NULL : &kcf_swprov_hndl)
88 #define	REQHNDL2_KMFLAG(rhndl) \
89 	((rhndl == &kcf_swprov_hndl) ? KM_NOSLEEP : KM_SLEEP)
90 
91 /* Internal call_req flags. They start after the public ones in api.h */
92 
93 #define	CRYPTO_SETDUAL	0x00001000	/* Set the 'cont' boolean before */
94 					/* submitting the request */
95 #define	KCF_ISDUALREQ(crq)	\
96 	(((crq) == NULL) ? B_FALSE : (crq->cr_flag & CRYPTO_SETDUAL))
97 
98 typedef struct kcf_prov_tried {
99 	kcf_provider_desc_t	*pt_pd;
100 	struct kcf_prov_tried	*pt_next;
101 } kcf_prov_tried_t;
102 
103 /* Must be different from KM_SLEEP and KM_NOSLEEP */
104 #define	KCF_HOLD_PROV	0x1000
105 
106 #define	IS_FG_SUPPORTED(mdesc, fg)		\
107 	(((mdesc)->pm_mech_info.cm_func_group_mask & (fg)) != 0)
108 
109 #define	IS_PROVIDER_TRIED(pd, tlist)		\
110 	(tlist != NULL && is_in_triedlist(pd, tlist))
111 
112 #define	IS_RECOVERABLE(error)			\
113 	(error == CRYPTO_BUFFER_TOO_BIG ||	\
114 	error == CRYPTO_BUSY ||			\
115 	error == CRYPTO_DEVICE_ERROR ||		\
116 	error == CRYPTO_DEVICE_MEMORY ||	\
117 	error == CRYPTO_KEY_SIZE_RANGE ||	\
118 	error == CRYPTO_NO_PERMISSION)
119 
120 #define	KCF_ATOMIC_INCR(x)	atomic_inc_32(&(x))
121 #define	KCF_ATOMIC_DECR(x)	atomic_dec_32(&(x))
122 
123 /*
124  * Node structure for synchronous requests.
125  */
126 typedef struct kcf_sreq_node {
127 	/* Should always be the first field in this structure */
128 	kcf_call_type_t		sn_type;
129 	/*
130 	 * sn_cv and sr_lock are used to wait for the
131 	 * operation to complete. sn_lock also protects
132 	 * the sn_state field.
133 	 */
134 	kcondvar_t		sn_cv;
135 	kmutex_t		sn_lock;
136 	kcf_req_status_t	sn_state;
137 
138 	/*
139 	 * Return value from the operation. This will be
140 	 * one of the CRYPTO_* errors defined in common.h.
141 	 */
142 	int			sn_rv;
143 
144 	/*
145 	 * parameters to call the SPI with. This can be
146 	 * a pointer as we know the caller context/stack stays.
147 	 */
148 	struct kcf_req_params	*sn_params;
149 
150 	/* Internal context for this request */
151 	struct kcf_context	*sn_context;
152 
153 	/* Provider handling this request */
154 	kcf_provider_desc_t	*sn_provider;
155 
156 	kcf_prov_cpu_t		*sn_mp;
157 } kcf_sreq_node_t;
158 
159 /*
160  * Node structure for asynchronous requests. A node can be on
161  * on a chain of requests hanging of the internal context
162  * structure and can be in the global software provider queue.
163  */
164 typedef struct kcf_areq_node {
165 	/* Should always be the first field in this structure */
166 	kcf_call_type_t		an_type;
167 
168 	/* an_lock protects the field an_state  */
169 	kmutex_t		an_lock;
170 	kcf_req_status_t	an_state;
171 	crypto_call_req_t	an_reqarg;
172 
173 	/*
174 	 * parameters to call the SPI with. We need to
175 	 * save the params since the caller stack can go away.
176 	 */
177 	struct kcf_req_params	an_params;
178 
179 	/*
180 	 * The next two fields should be NULL for operations that
181 	 * don't need a context.
182 	 */
183 	/* Internal context for this request */
184 	struct kcf_context	*an_context;
185 
186 	/* next in chain of requests for context */
187 	struct kcf_areq_node	*an_ctxchain_next;
188 
189 	kcondvar_t		an_turn_cv;
190 	boolean_t		an_is_my_turn;
191 	boolean_t		an_isdual;	/* for internal reuse */
192 
193 	/*
194 	 * Next and previous nodes in the global software
195 	 * queue. These fields are NULL for a hardware
196 	 * provider since we use a taskq there.
197 	 */
198 	struct kcf_areq_node	*an_next;
199 	struct kcf_areq_node	*an_prev;
200 
201 	/* Provider handling this request */
202 	kcf_provider_desc_t	*an_provider;
203 	kcf_prov_cpu_t		*an_mp;
204 	kcf_prov_tried_t	*an_tried_plist;
205 
206 	struct kcf_areq_node	*an_idnext;	/* Next in ID hash */
207 	struct kcf_areq_node	*an_idprev;	/* Prev in ID hash */
208 	kcondvar_t		an_done;	/* Signal request completion */
209 	uint_t			an_refcnt;
210 } kcf_areq_node_t;
211 
212 #define	KCF_AREQ_REFHOLD(areq) {		\
213 	atomic_inc_32(&(areq)->an_refcnt);	\
214 	ASSERT((areq)->an_refcnt != 0);		\
215 }
216 
217 #define	KCF_AREQ_REFRELE(areq) {				\
218 	ASSERT((areq)->an_refcnt != 0);				\
219 	membar_exit();						\
220 	if (atomic_dec_32_nv(&(areq)->an_refcnt) == 0)	\
221 		kcf_free_req(areq);				\
222 }
223 
224 #define	GET_REQ_TYPE(arg) *((kcf_call_type_t *)(arg))
225 
226 #define	NOTIFY_CLIENT(areq, err) (*(areq)->an_reqarg.cr_callback_func)(\
227 	(areq)->an_reqarg.cr_callback_arg, err);
228 
229 /* For internally generated call requests for dual operations */
230 typedef	struct kcf_call_req {
231 	crypto_call_req_t	kr_callreq;	/* external client call req */
232 	kcf_req_params_t	kr_params;	/* Params saved for next call */
233 	kcf_areq_node_t		*kr_areq;	/* Use this areq */
234 	off_t			kr_saveoffset;
235 	size_t			kr_savelen;
236 } kcf_dual_req_t;
237 
238 /*
239  * The following are some what similar to macros in callo.h, which implement
240  * callout tables.
241  *
242  * The lower four bits of the ID are used to encode the table ID to
243  * index in to. The REQID_COUNTER_HIGH bit is used to avoid any check for
244  * wrap around when generating ID. We assume that there won't be a request
245  * which takes more time than 2^^(sizeof (long) - 5) other requests submitted
246  * after it. This ensures there won't be any ID collision.
247  */
248 #define	REQID_COUNTER_HIGH	(1UL << (8 * sizeof (long) - 1))
249 #define	REQID_COUNTER_SHIFT	4
250 #define	REQID_COUNTER_LOW	(1 << REQID_COUNTER_SHIFT)
251 #define	REQID_TABLES		16
252 #define	REQID_TABLE_MASK	(REQID_TABLES - 1)
253 
254 #define	REQID_BUCKETS		512
255 #define	REQID_BUCKET_MASK	(REQID_BUCKETS - 1)
256 #define	REQID_HASH(id)	(((id) >> REQID_COUNTER_SHIFT) & REQID_BUCKET_MASK)
257 
258 #define	GET_REQID(areq) (areq)->an_reqarg.cr_reqid
259 #define	SET_REQID(areq, val)	GET_REQID(areq) = val
260 
261 /*
262  * Hash table for async requests.
263  */
264 typedef struct kcf_reqid_table {
265 	kmutex_t		rt_lock;
266 	crypto_req_id_t		rt_curid;
267 	kcf_areq_node_t		*rt_idhash[REQID_BUCKETS];
268 } kcf_reqid_table_t;
269 
270 /*
271  * Global software provider queue structure. Requests to be
272  * handled by a SW provider and have the ALWAYS_QUEUE flag set
273  * get queued here.
274  */
275 typedef struct kcf_global_swq {
276 	/*
277 	 * gs_cv and gs_lock are used to wait for new requests.
278 	 * gs_lock protects the changes to the queue.
279 	 */
280 	kcondvar_t		gs_cv;
281 	kmutex_t		gs_lock;
282 	uint_t			gs_njobs;
283 	uint_t			gs_maxjobs;
284 	kcf_areq_node_t		*gs_first;
285 	kcf_areq_node_t		*gs_last;
286 } kcf_global_swq_t;
287 
288 
289 /*
290  * Internal representation of a canonical context. We contain crypto_ctx_t
291  * structure in order to have just one memory allocation. The SPI
292  * ((crypto_ctx_t *)ctx)->cc_framework_private maps to this structure.
293  */
294 typedef struct kcf_context {
295 	crypto_ctx_t		kc_glbl_ctx;
296 	uint_t			kc_refcnt;
297 	kmutex_t		kc_in_use_lock;
298 	/*
299 	 * kc_req_chain_first and kc_req_chain_last are used to chain
300 	 * multiple async requests using the same context. They should be
301 	 * NULL for sync requests.
302 	 */
303 	kcf_areq_node_t		*kc_req_chain_first;
304 	kcf_areq_node_t		*kc_req_chain_last;
305 	kcf_provider_desc_t	*kc_prov_desc;	/* Prov. descriptor */
306 	kcf_provider_desc_t	*kc_sw_prov_desc;	/* Prov. descriptor */
307 	kcf_mech_entry_t	*kc_mech;
308 	struct kcf_context	*kc_secondctx;	/* for dual contexts */
309 } kcf_context_t;
310 
311 /*
312  * Bump up the reference count on the framework private context. A
313  * global context or a request that references this structure should
314  * do a hold.
315  */
316 #define	KCF_CONTEXT_REFHOLD(ictx) {		\
317 	atomic_inc_32(&(ictx)->kc_refcnt);	\
318 	ASSERT((ictx)->kc_refcnt != 0);		\
319 }
320 
321 /*
322  * Decrement the reference count on the framework private context.
323  * When the last reference is released, the framework private
324  * context structure is freed along with the global context.
325  */
326 #define	KCF_CONTEXT_REFRELE(ictx) {				\
327 	ASSERT((ictx)->kc_refcnt != 0);				\
328 	membar_exit();						\
329 	if (atomic_dec_32_nv(&(ictx)->kc_refcnt) == 0)	\
330 		kcf_free_context(ictx);				\
331 }
332 
333 /*
334  * Check if we can release the context now. In case of CRYPTO_QUEUED
335  * we do not release it as we can do it only after the provider notified
336  * us. In case of CRYPTO_BUSY, the client can retry the request using
337  * the context, so we do not release the context.
338  *
339  * This macro should be called only from the final routine in
340  * an init/update/final sequence. We do not release the context in case
341  * of update operations. We require the consumer to free it
342  * explicitly, in case it wants to abandon the operation. This is done
343  * as there may be mechanisms in ECB mode that can continue even if
344  * an operation on a block fails.
345  */
346 #define	KCF_CONTEXT_COND_RELEASE(rv, kcf_ctx) {			\
347 	if (KCF_CONTEXT_DONE(rv))				\
348 		KCF_CONTEXT_REFRELE(kcf_ctx);			\
349 }
350 
351 /*
352  * This macro determines whether we're done with a context.
353  */
354 #define	KCF_CONTEXT_DONE(rv)					\
355 	((rv) != CRYPTO_QUEUED && (rv) != CRYPTO_BUSY &&	\
356 	    (rv) != CRYPTO_BUFFER_TOO_SMALL)
357 
358 /*
359  * A crypto_ctx_template_t is internally a pointer to this struct
360  */
361 typedef	struct kcf_ctx_template {
362 	crypto_kcf_provider_handle_t	ct_prov_handle;	/* provider handle */
363 	uint_t				ct_generation;	/* generation # */
364 	size_t				ct_size;	/* for freeing */
365 	crypto_spi_ctx_template_t	ct_prov_tmpl;	/* context template */
366 							/* from the SW prov */
367 } kcf_ctx_template_t;
368 
369 /*
370  * Structure for pool of threads working on global software queue.
371  */
372 typedef struct kcf_pool {
373 	uint32_t	kp_threads;		/* Number of threads in pool */
374 	uint32_t	kp_idlethreads;		/* Idle threads in pool */
375 	uint32_t	kp_blockedthreads;	/* Blocked threads in pool */
376 
377 	/*
378 	 * cv & lock for the condition where more threads need to be created.
379 	 */
380 	kcondvar_t	kp_cv;		/* Creator cond. variable */
381 	kmutex_t	kp_lock;		/* Creator lock */
382 
383 } kcf_pool_t;
384 
385 
386 /*
387  * State of a crypto bufcall element.
388  */
389 typedef enum cbuf_state {
390 	CBUF_FREE = 1,
391 	CBUF_WAITING,
392 	CBUF_RUNNING
393 } cbuf_state_t;
394 
395 /*
396  * Structure of a crypto bufcall element.
397  */
398 typedef struct kcf_cbuf_elem {
399 	/*
400 	 * lock and cv to wait for CBUF_RUNNING to be done
401 	 * kc_lock also protects kc_state.
402 	 */
403 	kmutex_t		kc_lock;
404 	kcondvar_t		kc_cv;
405 	cbuf_state_t		kc_state;
406 
407 	struct kcf_cbuf_elem	*kc_next;
408 	struct kcf_cbuf_elem	*kc_prev;
409 
410 	void			(*kc_func)(void *arg);
411 	void			*kc_arg;
412 } kcf_cbuf_elem_t;
413 
414 /*
415  * State of a notify element.
416  */
417 typedef enum ntfy_elem_state {
418 	NTFY_WAITING = 1,
419 	NTFY_RUNNING
420 } ntfy_elem_state_t;
421 
422 /*
423  * Structure of a notify list element.
424  */
425 typedef struct kcf_ntfy_elem {
426 	/*
427 	 * lock and cv to wait for NTFY_RUNNING to be done.
428 	 * kn_lock also protects kn_state.
429 	 */
430 	kmutex_t			kn_lock;
431 	kcondvar_t			kn_cv;
432 	ntfy_elem_state_t		kn_state;
433 
434 	struct kcf_ntfy_elem		*kn_next;
435 	struct kcf_ntfy_elem		*kn_prev;
436 
437 	crypto_notify_callback_t	kn_func;
438 	uint32_t			kn_event_mask;
439 } kcf_ntfy_elem_t;
440 
441 
442 /*
443  * The following values are based on the assumption that it would
444  * take around eight cpus to load a hardware provider (This is true for
445  * at least one product) and a kernel client may come from different
446  * low-priority interrupt levels. We will have CYRPTO_TASKQ_MIN number
447  * of cached taskq entries. The CRYPTO_TASKQ_MAX number is based on
448  * a throughput of 1GB/s using 512-byte buffers. These are just
449  * reasonable estimates and might need to change in future.
450  */
451 #define	CRYPTO_TASKQ_THREADS	8
452 #define	CYRPTO_TASKQ_MIN	64
453 #define	CRYPTO_TASKQ_MAX	2 * 1024 * 1024
454 
455 extern int crypto_taskq_threads;
456 extern int crypto_taskq_minalloc;
457 extern int crypto_taskq_maxalloc;
458 extern kcf_global_swq_t *gswq;
459 extern int kcf_maxthreads;
460 extern int kcf_minthreads;
461 
462 /*
463  * All pending crypto bufcalls are put on a list. cbuf_list_lock
464  * protects changes to this list.
465  */
466 extern kmutex_t cbuf_list_lock;
467 extern kcondvar_t cbuf_list_cv;
468 
469 /*
470  * All event subscribers are put on a list. kcf_notify_list_lock
471  * protects changes to this list.
472  */
473 extern kmutex_t ntfy_list_lock;
474 extern kcondvar_t ntfy_list_cv;
475 
476 boolean_t kcf_get_next_logical_provider_member(kcf_provider_desc_t *,
477     kcf_provider_desc_t *, kcf_provider_desc_t **);
478 extern int kcf_get_hardware_provider(crypto_mech_type_t, crypto_key_t *,
479     crypto_mech_type_t, crypto_key_t *,
480     kcf_provider_desc_t *, kcf_provider_desc_t **,
481     crypto_func_group_t);
482 extern int kcf_get_hardware_provider_nomech(offset_t, offset_t,
483     kcf_provider_desc_t *, kcf_provider_desc_t **);
484 extern void kcf_free_triedlist(kcf_prov_tried_t *);
485 extern kcf_prov_tried_t *kcf_insert_triedlist(kcf_prov_tried_t **,
486     kcf_provider_desc_t *, int);
487 extern kcf_provider_desc_t *kcf_get_mech_provider(crypto_mech_type_t,
488     crypto_key_t *, kcf_mech_entry_t **, int *, kcf_prov_tried_t *,
489     crypto_func_group_t, size_t);
490 extern kcf_provider_desc_t *kcf_get_dual_provider(crypto_mechanism_t *,
491     crypto_key_t *, crypto_mechanism_t *, crypto_key_t *,
492     kcf_mech_entry_t **, crypto_mech_type_t *,
493     crypto_mech_type_t *, int *, kcf_prov_tried_t *,
494     crypto_func_group_t, crypto_func_group_t, size_t);
495 extern crypto_ctx_t *kcf_new_ctx(crypto_call_req_t  *, kcf_provider_desc_t *,
496     crypto_session_id_t);
497 extern int kcf_submit_request(kcf_provider_desc_t *, crypto_ctx_t *,
498     crypto_call_req_t *, kcf_req_params_t *, boolean_t);
499 extern void kcf_sched_init(void);
500 extern void kcf_sched_start(void);
501 extern void kcf_sop_done(kcf_sreq_node_t *, int);
502 extern void kcf_aop_done(kcf_areq_node_t *, int);
503 extern int common_submit_request(kcf_provider_desc_t *,
504     crypto_ctx_t *, kcf_req_params_t *, crypto_req_handle_t);
505 extern void kcf_free_context(kcf_context_t *);
506 
507 extern struct modctl *kcf_get_modctl(crypto_provider_info_t *);
508 extern void kcf_free_req(kcf_areq_node_t *areq);
509 extern void crypto_bufcall_service(void);
510 
511 extern void kcf_walk_ntfylist(uint32_t, void *);
512 extern void kcf_do_notify(kcf_provider_desc_t *, boolean_t);
513 
514 extern kcf_dual_req_t *kcf_alloc_req(crypto_call_req_t *);
515 extern void kcf_next_req(void *, int);
516 extern void kcf_last_req(void *, int);
517 
518 #ifdef __cplusplus
519 }
520 #endif
521 
522 #endif /* _SYS_CRYPTO_SCHED_IMPL_H */
523