FWARC 2008/613 KT IOS Performance Counters API

FWARC 2008/615 KT Perf Reg HV API
FWARC 2009/434 KT IOS Performance Counters API Update
FWARC 2009/567 Parallel Boot HV APIs
PSARC 2009/177 Solaris support for Rainbow Falls platforms
PSARC 2009/389 Sun4v faulted SP events extension
PSARC 2009/533 CRYPTO_HMAC_NO_UPDATE - A new KCF SPI flag
PSARC 2009/605 more sun4v platform-independent cpu/mem FMA events
PSARC 2009/649 Generic PCIe root complex FMA events
6704999 extend xaui enum to work in platform independent world
6773223 RFE: guest epkt for faulted SP
6773225 RFE: Diagnosis of a faulted SP
6797776 Solaris support for Rainbow Falls platforms

4 files changed, 63 insertions, 50 deletions

diff --git a/usr/src/uts/common/crypto/api/kcf_mac.c b/usr/src/uts/common/crypto/api/kcf_mac.c
index 89dedbc016..601f67eb18 100644
--- a/usr/src/uts/common/crypto/api/kcf_mac.c
+++ b/usr/src/uts/common/crypto/api/kcf_mac.c
@@ -180,8 +180,8 @@ retry:
 		KCF_PROV_INCRSTATS(pd, error);
 	} else {
 		if (pd->pd_prov_type == CRYPTO_HW_PROVIDER &&
-		    (pd->pd_flags & CRYPTO_HASH_NO_UPDATE) &&
-		    (data->cd_length > pd->pd_hash_limit)) {
+		    (pd->pd_flags & CRYPTO_HMAC_NO_UPDATE) &&
+		    (data->cd_length > pd->pd_hmac_limit)) {
 			/*
 			 * XXX - We need a check to see if this is indeed
 			 * a HMAC. So far, all kernel clients use
@@ -305,8 +305,8 @@ retry:
 		KCF_PROV_INCRSTATS(pd, error);
 	} else {
 		if (pd->pd_prov_type == CRYPTO_HW_PROVIDER &&
-		    (pd->pd_flags & CRYPTO_HASH_NO_UPDATE) &&
-		    (data->cd_length > pd->pd_hash_limit)) {
+		    (pd->pd_flags & CRYPTO_HMAC_NO_UPDATE) &&
+		    (data->cd_length > pd->pd_hmac_limit)) {
 			/* see comments in crypto_mac() */
 			error = CRYPTO_BUFFER_TOO_BIG;
 		} else {
@@ -475,7 +475,7 @@ retry:
 	}
 
 	if (pd->pd_prov_type == CRYPTO_HW_PROVIDER &&
-	    (pd->pd_flags & CRYPTO_HASH_NO_UPDATE)) {
+	    (pd->pd_flags & CRYPTO_HMAC_NO_UPDATE)) {
 		/*
 		 * The hardware provider has limited HMAC support.
 		 * So, we fallback early here to using a software provider.
diff --git a/usr/src/uts/common/crypto/io/crypto.c b/usr/src/uts/common/crypto/io/crypto.c
index ac9e37efd7..6d886945d2 100644
--- a/usr/src/uts/common/crypto/io/crypto.c
+++ b/usr/src/uts/common/crypto/io/crypto.c
@@ -800,18 +800,28 @@ crypto_build_function_list(crypto_function_list_t *fl, kcf_provider_desc_t *pd)
 			fl->fl_set_pin = B_TRUE;
 	}
 
-	fl->prov_is_limited = pd->pd_flags & CRYPTO_HASH_NO_UPDATE;
-	if (fl->prov_is_limited) {
+	fl->prov_is_hash_limited = pd->pd_flags & CRYPTO_HASH_NO_UPDATE;
+	if (fl->prov_is_hash_limited) {
+		fl->prov_hash_limit = min(pd->pd_hash_limit,
+		    min(CRYPTO_MAX_BUFFER_LEN,
+		    curproc->p_task->tk_proj->kpj_data.kpd_crypto_mem_ctl));
+	}
+
+	fl->prov_is_hmac_limited = pd->pd_flags & CRYPTO_HMAC_NO_UPDATE;
+	if (fl->prov_is_hmac_limited) {
+		fl->prov_hmac_limit = min(pd->pd_hmac_limit,
+		    min(CRYPTO_MAX_BUFFER_LEN,
+		    curproc->p_task->tk_proj->kpj_data.kpd_crypto_mem_ctl));
+	}
+
+	if (fl->prov_is_hash_limited || fl->prov_is_hmac_limited) {
 		/*
-		 * XXX - The threshold should ideally be per hash
+		 * XXX - The threshold should ideally be per hash/HMAC
 		 * mechanism. For now, we use the same value for all
-		 * hash mechanisms. Empirical evidence suggests this
+		 * hash/HMAC mechanisms. Empirical evidence suggests this
 		 * is fine.
 		 */
 		fl->prov_hash_threshold = kcf_md5_threshold;
-		fl->prov_hash_limit = min(pd->pd_hash_limit,
-		    min(CRYPTO_MAX_BUFFER_LEN,
-		    curproc->p_task->tk_proj->kpj_data.kpd_crypto_mem_ctl));
 	}
 
 	fl->total_threshold_count = MAX_NUM_THRESHOLD;
diff --git a/usr/src/uts/common/crypto/io/dprov.c b/usr/src/uts/common/crypto/io/dprov.c
index 7278873dee..e292744ae0 100644
--- a/usr/src/uts/common/crypto/io/dprov.c
+++ b/usr/src/uts/common/crypto/io/dprov.c
@@ -1792,21 +1792,9 @@ dprov_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
 	    DDI_PROP_DONTPASS, "max_digest_sz", INT_MAX);
 	if (dprov_max_digestsz != INT_MAX && dprov_max_digestsz != 0 &&
 	    dprov_max_digestsz != DDI_PROP_NOT_FOUND) {
-		int i, nmechs;
-
 		dprov_no_multipart = B_TRUE;
-		dprov_prov_info.pi_flags |= CRYPTO_HASH_NO_UPDATE;
-
-		/* Set cm_max_input_length for all hash mechs */
-		nmechs = sizeof (dprov_mech_info_tab) /
-		    sizeof (crypto_mech_info_t);
-		for (i = 0; i < nmechs; i++) {
-			if (dprov_mech_info_tab[i].cm_func_group_mask &
-			    CRYPTO_FG_DIGEST) {
-				dprov_mech_info_tab[i].cm_max_input_length =
-				    dprov_max_digestsz;
-			}
-		}
+		dprov_prov_info.pi_flags |=
+		    (CRYPTO_HASH_NO_UPDATE | CRYPTO_HMAC_NO_UPDATE);
 	}
 
 	/* create taskq */
@@ -8557,6 +8545,8 @@ dprov_mgmt_task(dprov_req_t *taskq_req)
 		if (softc->ds_token_initialized)
 			ext_info->ei_flags |= CRYPTO_EXTF_TOKEN_INITIALIZED;
 
+		ext_info->ei_hash_max_input_len = dprov_max_digestsz;
+		ext_info->ei_hmac_max_input_len = dprov_max_digestsz;
 		error = CRYPTO_SUCCESS;
 		break;
 	}
diff --git a/usr/src/uts/common/crypto/spi/kcf_spi.c b/usr/src/uts/common/crypto/spi/kcf_spi.c
index c43cd34ed7..2634ed3624 100644
--- a/usr/src/uts/common/crypto/spi/kcf_spi.c
+++ b/usr/src/uts/common/crypto/spi/kcf_spi.c
@@ -276,7 +276,7 @@ crypto_register_provider(crypto_provider_info_t *info,
 	else
 		prov_desc->pd_taskq = NULL;
 
-	/* no kernel session to logical providers */
+	/* no kernel session to logical providers and no pd_flags  */
 	if (prov_desc->pd_prov_type != CRYPTO_LOGICAL_PROVIDER) {
 		/*
 		 * Open a session for session-oriented providers. This session
@@ -293,11 +293,38 @@ crypto_register_provider(crypto_provider_info_t *info,
 			    CRYPTO_USER, NULL, 0, prov_desc);
 			ret = kcf_submit_request(prov_desc, NULL, NULL, &params,
 			    B_FALSE);
+			if (ret != CRYPTO_SUCCESS)
+				goto undo_then_bail;
+		}
 
-			if (ret != CRYPTO_SUCCESS) {
-				undo_register_provider(prov_desc, B_TRUE);
-				ret = CRYPTO_FAILED;
-				goto bail;
+		/*
+		 * Get the value for the maximum input length allowed if
+		 * CRYPTO_HASH_NO_UPDATE or CRYPTO_HASH_NO_UPDATE is specified.
+		 */
+		if (prov_desc->pd_flags &
+		    (CRYPTO_HASH_NO_UPDATE | CRYPTO_HMAC_NO_UPDATE)) {
+			kcf_req_params_t params;
+			crypto_provider_ext_info_t ext_info;
+
+			if (KCF_PROV_PROVMGMT_OPS(prov_desc) == NULL)
+				goto undo_then_bail;
+
+			bzero(&ext_info, sizeof (ext_info));
+			KCF_WRAP_PROVMGMT_OPS_PARAMS(&params,
+			    KCF_OP_MGMT_EXTINFO,
+			    0, NULL, 0, NULL, 0, NULL, &ext_info, prov_desc);
+			ret = kcf_submit_request(prov_desc, NULL, NULL,
+			    &params, B_FALSE);
+			if (ret != CRYPTO_SUCCESS)
+				goto undo_then_bail;
+
+			if (prov_desc->pd_flags & CRYPTO_HASH_NO_UPDATE) {
+				prov_desc->pd_hash_limit =
+				    ext_info.ei_hash_max_input_len;
+			}
+			if (prov_desc->pd_flags & CRYPTO_HMAC_NO_UPDATE) {
+				prov_desc->pd_hmac_limit =
+				    ext_info.ei_hmac_max_input_len;
 			}
 		}
 	}
@@ -380,8 +407,12 @@ crypto_register_provider(crypto_provider_info_t *info,
 
 exit:
 	*handle = prov_desc->pd_kcf_prov_handle;
-	ret = CRYPTO_SUCCESS;
+	KCF_PROV_REFRELE(prov_desc);
+	return (CRYPTO_SUCCESS);
 
+undo_then_bail:
+	undo_register_provider(prov_desc, B_TRUE);
+	ret = CRYPTO_FAILED;
 bail:
 	KCF_PROV_REFRELE(prov_desc);
 	return (ret);
@@ -746,24 +777,6 @@ init_prov_mechs(crypto_provider_info_t *info, kcf_provider_desc_t *desc)
 			break;
 		}
 
-		if (desc->pd_flags & CRYPTO_HASH_NO_UPDATE &&
-		    mi->cm_func_group_mask & CRYPTO_FG_DIGEST) {
-			/*
-			 * We ask the provider to specify the limit
-			 * per hash mechanism. But, in practice, a
-			 * hardware limitation means all hash mechanisms
-			 * will have the same maximum size allowed for
-			 * input data. So, we make it a per provider
-			 * limit to keep it simple.
-			 */
-			if (mi->cm_max_input_length == 0) {
-				err = CRYPTO_ARGUMENTS_BAD;
-				break;
-			} else {
-				desc->pd_hash_limit = mi->cm_max_input_length;
-			}
-		}
-
 		if ((err = kcf_add_mech_provider(mech_idx, desc, &pmd)) !=
 		    KCF_SUCCESS)
 			break;