s/SGLs/SGEs/

Since ccp_initialize_queue() is only used once, it be a bit neater to have a ccp_initialize_queues() instead and move this loop there.

"error" is write-only.

This function and the one below appear to be unused.

Missing $FreeBSD$ tags in the headers.

This line is misindented.

Missing include guard.

Some of these headers aren't needed: dev/pci/*, mutex.h, lock.h, rman.h, module.h, ...

Need to include opt_ddb.h to SRCS to be able to build it as a standalone KLD.

There's a lot of printf("XXX...") in the driver, which ought to be cleaned up at some point.

Not something to be addressed here, but crypto_get_driverid() should probably just use unr(9). :/

Seems like an odd initialization default, especially since we don't set cipher_mode in the AES-XTS case. We don't register support for AES-XTS, so this isn't a major problem at the moment, but it looks weird.

You could just set ec before breaking from the loop?

This looks like it should be assigning to error instead. There's also an extra newline.

It looks like we don't do proper cleanup in the caller if this loop aborts. e.g., we won't call pci_release_msi().

"rid" may be modified by bus_alloc_resource_any(). In practice I guess it's not an issue for SYS_RES_IRQ, but the man page explicitly warns about this.

Is it worth checking the value of g_ccp_ring_order first to make sure it's sane?

It'd be nice to come up with a better name for "i" given its use in this cleanup block.

mflags is unused.

Should this be addressed? :)

It would be a good idea to verify this too. Perhaps also cache the paddrs, but the lookup is pretty cheap, so it may not be worth the effort.

Note that min() will truncate to 32 bits.

Write-only var, but I'm guessing that addressing the XXX might change that.

keydata and keydata_len are left uninitialized if we go through the default case.

It'd be nice to clean this up.

This doesn't seem to be used either?

Does C actually guarantee that this cast will give you the low 32 bits? It would be a bit cleaner to explicitly mask the bits you want.

This should be committed separately.

Definitely. At one point I was keeping this stuff separate in a git stash but I guess it got merged in sometime. Some of it even leaks stuff like key information.

I suppose. Mostly it just needs to be initialized to something other than CCP_AES_MODE_GCTR.

Ideally AES-XTS will be added at some point, and that will make it more clear. We could #if 0 the the XTS case of the outer switch, making it return EINVAL? (Though as you point out, it should never be invoked as we don't register support.)

Yes, that's true. Handling cleanup fully correctly if some step in initialization fails is hard.

Hm. We could use a temporary copy for the call to bus_alloc_resource_any.

Might as well.

At this time, yes, but the intent is to eventually pass M_WAITOK / M_NOWAIT.

Probably :(

Sure. Note that the H_vectors here are local to this driver (since they're in reverse order). Can you think of an annotation short of __align(PAGE_SIZE) to make sure they don't cross a page boundary at compile time? I suppose some clever CTASSERTs might work.

The other consideration is that crd_len is int, so we're dealing with at most 31 bit lengths.

It's currently vestigial from ccr(4) based on the following commented out line, but yeah, the XXX probably needs addressing.

The default case here is impossible to reach. This routine is invoked from ccp_process with a session mode of BLKCIPHER. That requires ccp_newsession with one of CBC, ICM, or XTS. And newsession shouldn't be called with XTS at this time as it isn't registered.

As in, actually implement XTS? :-) Yes.

Vestigial from the ccr driver.

I believe so. Not sure how else it could be interpreted. Note that vm_paddr_t is an integer rather than pointer type.

https://stackoverflow.com/questions/6752567/casting-a-large-number-type-to-a-smaller-type claims that the standard says:

If the destination type is unsigned, the resulting value is the least unsigned integer congruent to the source integer (modulo 2^n where n is the number of bits used to represent the unsigned type). [Note: In a two's complement representation, this conversion is conceptual and there is no change in the bit pattern (if there is no truncation).]

I can't think of another annotation that might help, but I think this CTASSERT might do it:

CTASSERT(PAGE_SIZE - ((uintptr_t)&vec[0] % PAGE_SIZE) >= sizeof(vec))

I think all of the vectors would together fit in less of a page, so you could maybe put them in a single array and align that.

The compiler doesn't know that. :)

I see, thanks.

The other reason to use ECB is that it is so clearly a bogus value. The hardware will do it, but OCF and this driver don't support it (for good reason).

Thanks, I'll do something like that.

It doesn't produce an error. I don't recall it producing a warning, either, thought it may be. Do you think the compiler is assuming UB and generating bad code? The CBC and ICM tests pass, so I think that is unlikely.

At least gcc 6 emits an error for this.

Ah, sure. I have been building with Clang. Is keydata / keydata_len all I need to initialize to silence the GCC warning?

Yep, looks like it. gcc is also complaining about sgl_nsegs being write-only. With those two things fixed, ccp builds.