RELENG_5 and FAST_IPSEC limits

Hajimu UMEMOTO ume at freebsd.org
Wed Mar 16 11:39:07 PST 2005 

Hi,

>>>>> On Wed, 16 Mar 2005 10:17:14 -0800
>>>>> Sam Leffler <sam at errno.com> said:

sam> Note the change lacks any locking so if your SA db is changing there's a 
sam> good chance you'll blow up.

Ah, yes.  I forgot the fact that FAST_IPSEC is mpsafe.
How about this?  This is againt sys/netipsec/key.c with my previous
patch applied.

Index: sys/netipsec/key.c
diff -u -p sys/netipsec/key.c.old sys/netipsec/key.c
--- sys/netipsec/key.c.old	Thu Mar 17 03:52:18 2005
+++ sys/netipsec/key.c	Thu Mar 17 04:01:50 2005
@@ -2408,6 +2408,7 @@ key_setspddump(errorp)
 
 	/* search SPD entry and get buffer size. */
 	cnt = 0;
+	SPTREE_LOCK();
 	for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
 		LIST_FOREACH(sp, &sptree[dir], chain) {
 			cnt++;
@@ -2415,6 +2416,7 @@ key_setspddump(errorp)
 	}
 
 	if (cnt == 0) {
+		SPTREE_UNLOCK();
 		*errorp = ENOENT;
 		return (NULL);
 	}
@@ -2426,6 +2428,7 @@ key_setspddump(errorp)
 			n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 0);
 
 			if (!n) {
+				SPTREE_UNLOCK();
 				*errorp = ENOBUFS;
 				m_freem(m);
 				return (NULL);
@@ -2438,6 +2441,7 @@ key_setspddump(errorp)
 			}
 		}
 	}
+	SPTREE_UNLOCK();
 
 	*errorp = 0;
 	return (m);
@@ -6572,6 +6576,7 @@ key_setdump(req_satype, errorp)
 
 	/* count sav entries to be sent to the userland. */
 	cnt = 0;
+	SAHTREE_LOCK();
 	LIST_FOREACH(sah, &sahtree, chain) {
 		if (req_satype != SADB_SATYPE_UNSPEC &&
 		    proto != sah->saidx.proto)
@@ -6588,6 +6593,7 @@ key_setdump(req_satype, errorp)
 	}
 
 	if (cnt == 0) {
+		SAHTREE_UNLOCK();
 		*errorp = ENOENT;
 		return (NULL);
 	}
@@ -6601,6 +6607,7 @@ key_setdump(req_satype, errorp)
 
 		/* map proto to satype */
 		if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
+			SAHTREE_UNLOCK();
 			m_freem(m);
 			*errorp = EINVAL;
 			return (NULL);
@@ -6614,6 +6621,7 @@ key_setdump(req_satype, errorp)
 				n = key_setdumpsa(sav, SADB_DUMP, satype,
 				    --cnt, 0);
 				if (!n) {
+					SAHTREE_UNLOCK();
 					m_freem(m);
 					*errorp = ENOBUFS;
 					return (NULL);
@@ -6626,6 +6634,7 @@ key_setdump(req_satype, errorp)
 			}
 		}
 	}
+	SAHTREE_UNLOCK();
 
 	if (!m) {
 		*errorp = EINVAL;


Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

More information about the freebsd-stable mailing list