Add FPU_KERN_KTHR flag to fpu_kern_enter(9), which avoids saving FPU

context into memory for the kernel threads which called
fpu_kern_thread(9).  This allows the fpu_kern_enter() callers to not
check for is_fpu_kern_thread() to get the optimization.

Apply the flag to padlock(4) and aesni(4).  In aesni_cipher_process(),
do not leak FPU context state on error.

Sponsored by:	The FreeBSD Foundation
MFC after:	1 week

4 files changed, 28 insertions, 60 deletions

diff --git a/sys/crypto/aesni/aesni_wrap.c b/sys/crypto/aesni/aesni_wrap.c
index 4f5acf3..0a6193b 100644
--- a/sys/crypto/aesni/aesni_wrap.c
+++ b/sys/crypto/aesni/aesni_wrap.c
@@ -382,22 +382,16 @@ int
 aesni_cipher_setup(struct aesni_session *ses, struct cryptoini *encini)
 {
 	struct thread *td;
-	int error, saved_ctx;
+	int error;
 
 	td = curthread;
-	if (!is_fpu_kern_thread(0)) {
-		error = fpu_kern_enter(td, ses->fpu_ctx, FPU_KERN_NORMAL);
-		saved_ctx = 1;
-	} else {
-		error = 0;
-		saved_ctx = 0;
-	}
-	if (error == 0) {
-		error = aesni_cipher_setup_common(ses, encini->cri_key,
-		    encini->cri_klen);
-		if (saved_ctx)
-			fpu_kern_leave(td, ses->fpu_ctx);
-	}
+	error = fpu_kern_enter(td, ses->fpu_ctx, FPU_KERN_NORMAL |
+	    FPU_KERN_KTHR);
+	if (error != 0)
+		return (error);
+	error = aesni_cipher_setup_common(ses, encini->cri_key,
+	    encini->cri_klen);
+	fpu_kern_leave(td, ses->fpu_ctx);
 	return (error);
 }
 
@@ -407,22 +401,17 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptodesc *enccrd,
 {
 	struct thread *td;
 	uint8_t *buf;
-	int error, allocated, saved_ctx;
+	int error, allocated;
 
 	buf = aesni_cipher_alloc(enccrd, crp, &allocated);
 	if (buf == NULL)
 		return (ENOMEM);
 
 	td = curthread;
-	if (!is_fpu_kern_thread(0)) {
-		error = fpu_kern_enter(td, ses->fpu_ctx, FPU_KERN_NORMAL);
-		if (error != 0)
-			goto out;
-		saved_ctx = 1;
-	} else {
-		saved_ctx = 0;
-		error = 0;
-	}
+	error = fpu_kern_enter(td, ses->fpu_ctx, FPU_KERN_NORMAL |
+	    FPU_KERN_KTHR);
+	if (error != 0)
+		goto out1;
 
 	if ((enccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0) {
 		error = aesni_cipher_setup_common(ses, enccrd->crd_key,
@@ -460,8 +449,6 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptodesc *enccrd,
 			    ses->iv);
 		}
 	}
-	if (saved_ctx)
-		fpu_kern_leave(td, ses->fpu_ctx);
 	if (allocated)
 		crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
 		    enccrd->crd_len, buf);
@@ -469,7 +456,9 @@ aesni_cipher_process(struct aesni_session *ses, struct cryptodesc *enccrd,
 		crypto_copydata(crp->crp_flags, crp->crp_buf,
 		    enccrd->crd_skip + enccrd->crd_len - AES_BLOCK_LEN,
 		    AES_BLOCK_LEN, ses->iv);
- out:
+out:
+	fpu_kern_leave(td, ses->fpu_ctx);
+out1:
 	if (allocated) {
 		bzero(buf, enccrd->crd_len);
 		free(buf, M_AESNI);
diff --git a/sys/crypto/via/padlock.c b/sys/crypto/via/padlock.c
index f601d2a..65a7b5d 100644
--- a/sys/crypto/via/padlock.c
+++ b/sys/crypto/via/padlock.c
@@ -171,7 +171,7 @@ padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
 	struct padlock_session *ses = NULL;
 	struct cryptoini *encini, *macini;
 	struct thread *td;
-	int error, saved_ctx;
+	int error;
 
 	if (sidp == NULL || cri == NULL)
 		return (EINVAL);
@@ -246,18 +246,11 @@ padlock_newsession(device_t dev, uint32_t *sidp, struct cryptoini *cri)
 
 	if (macini != NULL) {
 		td = curthread;
-		if (!is_fpu_kern_thread(0)) {
-			error = fpu_kern_enter(td, ses->ses_fpu_ctx,
-			    FPU_KERN_NORMAL);
-			saved_ctx = 1;
-		} else {
-			error = 0;
-			saved_ctx = 0;
-		}
+		error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL |
+		    FPU_KERN_KTHR);
 		if (error == 0) {
 			error = padlock_hash_setup(ses, macini);
-			if (saved_ctx)
-				fpu_kern_leave(td, ses->ses_fpu_ctx);
+			fpu_kern_leave(td, ses->ses_fpu_ctx);
 		}
 		if (error != 0) {
 			padlock_freesession_one(sc, ses, 0);
diff --git a/sys/crypto/via/padlock_cipher.c b/sys/crypto/via/padlock_cipher.c
index 7170211..0e4beb8 100644
--- a/sys/crypto/via/padlock_cipher.c
+++ b/sys/crypto/via/padlock_cipher.c
@@ -205,7 +205,7 @@ padlock_cipher_process(struct padlock_session *ses, struct cryptodesc *enccrd,
 	struct thread *td;
 	u_char *buf, *abuf;
 	uint32_t *key;
-	int allocated, error, saved_ctx;
+	int allocated, error;
 
 	buf = padlock_cipher_alloc(enccrd, crp, &allocated);
 	if (buf == NULL)
@@ -250,21 +250,13 @@ padlock_cipher_process(struct padlock_session *ses, struct cryptodesc *enccrd,
 	}
 
 	td = curthread;
-	if (!is_fpu_kern_thread(0)) {
-		error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL);
-		saved_ctx = 1;
-	} else {
-		error = 0;
-		saved_ctx = 0;
-	}
+	error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL |
+	    FPU_KERN_KTHR);
 	if (error != 0)
 		goto out;
-
 	padlock_cbc(abuf, abuf, enccrd->crd_len / AES_BLOCK_LEN, key, cw,
 	    ses->ses_iv);
-
-	if (saved_ctx)
-		fpu_kern_leave(td, ses->ses_fpu_ctx);
+	fpu_kern_leave(td, ses->ses_fpu_ctx);
 
 	if (allocated) {
 		crypto_copyback(crp->crp_flags, crp->crp_buf, enccrd->crd_skip,
diff --git a/sys/crypto/via/padlock_hash.c b/sys/crypto/via/padlock_hash.c
index 924a9ec..9dffc40 100644
--- a/sys/crypto/via/padlock_hash.c
+++ b/sys/crypto/via/padlock_hash.c
@@ -366,24 +366,18 @@ padlock_hash_process(struct padlock_session *ses, struct cryptodesc *maccrd,
     struct cryptop *crp)
 {
 	struct thread *td;
-	int error, saved_ctx;
+	int error;
 
 	td = curthread;
-	if (!is_fpu_kern_thread(0)) {
-		error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL);
-		saved_ctx = 1;
-	} else {
-		error = 0;
-		saved_ctx = 0;
-	}
+	error = fpu_kern_enter(td, ses->ses_fpu_ctx, FPU_KERN_NORMAL |
+	    FPU_KERN_KTHR);
 	if (error != 0)
 		return (error);
 	if ((maccrd->crd_flags & CRD_F_KEY_EXPLICIT) != 0)
 		padlock_hash_key_setup(ses, maccrd->crd_key, maccrd->crd_klen);
 
 	error = padlock_authcompute(ses, maccrd, crp->crp_buf, crp->crp_flags);
-	if (saved_ctx)
-		fpu_kern_leave(td, ses->ses_fpu_ctx);
+	fpu_kern_leave(td, ses->ses_fpu_ctx);
 	return (error);
 }