Page MenuHomeFreeBSD

Remove the cloned file descriptors for /dev/crypto.

Authored by jhb on Sat, Nov 21, 12:47 AM.



Crypto file descriptors were added in the original OCF import as a way
to provide per-open data (specifically the list of symmetric
sessions). However, this gives a bit of a confusing API where one has
to open /dev/crypto and then invoke an ioctl to obtain a second file
descriptor. Character devices have gained support for per-open data
via cdevpriv since OCF was imported, so simply the userland API by
permitting ioctls directly on /dev/crypto descriptors.

To provide backwards compatibility, CRIOGET now opens another
/dev/crypto descriptor via kern_openat(). This preserves prior
semantics in case CRIOGET is invoked multiple times on a single file

Test Plan
  • old and new cryptocheck work on a new kernel
  • openssl speed from 1.1.1 now works (doesn't work currently as it doesn't use CRIOGET)
  • Drew tested an earlier version of this with openssl speed as well

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb requested review of this revision.Sat, Nov 21, 12:47 AM
jhb created this revision.
markj added inline comments.
1354 ↗(On Diff #79824)

As part of an attempt to reduce the usage of volatile in preference of atomic(9), we now have a refcount_load() which should be used here.

1454 ↗(On Diff #79824)

This is going to fail if the process has restricted filesystem access, e.g., if it's in a chroot or jail without /dev/crypto, or it's in capability mode. That seems acceptable, but might be worth a comment.

This revision is now accepted and ready to land.Sun, Nov 22, 7:24 PM
  • Use refcount_load().
  • Note limitations of CRIOGET compat shim.
This revision now requires review to proceed.Tue, Nov 24, 11:03 PM
jhb marked an inline comment as done.
  • Tweak the comment a bit further.
jhb marked an inline comment as done.Tue, Nov 24, 11:06 PM
This revision is now accepted and ready to land.Tue, Nov 24, 11:07 PM
This revision was automatically updated to reflect the committed changes.