svn commit: r195053 - in stable/7/sys: . contrib/pf netipsec
VANHULLEBUS Yvan
vanhu at FreeBSD.org
Fri Jun 26 13:37:55 UTC 2009
Author: vanhu
Date: Fri Jun 26 13:37:53 2009
New Revision: 195053
URL: http://svn.freebsd.org/changeset/base/195053
Log:
MFC: Only decrease refcnt once when flushing SPD entries, to
avoid flushing entries which are still used.
Obtained from: NETASQ
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
stable/7/sys/netipsec/key.c
Modified: stable/7/sys/netipsec/key.c
==============================================================================
--- stable/7/sys/netipsec/key.c Fri Jun 26 11:58:15 2009 (r195052)
+++ stable/7/sys/netipsec/key.c Fri Jun 26 13:37:53 2009 (r195053)
@@ -4057,10 +4057,21 @@ restart:
if (sp->scangen == gen) /* previously handled */
continue;
sp->scangen = gen;
- if (sp->state == IPSEC_SPSTATE_DEAD) {
- /* NB: clean entries created by key_spdflush */
+ if (sp->state == IPSEC_SPSTATE_DEAD &&
+ sp->refcnt == 1) {
+ /*
+ * Ensure that we only decrease refcnt once,
+ * when we're the last consumer.
+ * Directly call SP_DELREF/key_delsp instead
+ * of KEY_FREESP to avoid unlocking/relocking
+ * SPTREE_LOCK before key_delsp: may refcnt
+ * be increased again during that time ?
+ * NB: also clean entries created by
+ * key_spdflush
+ */
+ SP_DELREF(sp);
+ key_delsp(sp);
SPTREE_UNLOCK();
- KEY_FREESP(&sp);
goto restart;
}
if (sp->lifetime == 0 && sp->validtime == 0)
@@ -4070,7 +4081,6 @@ restart:
sp->state = IPSEC_SPSTATE_DEAD;
SPTREE_UNLOCK();
key_spdexpire(sp);
- KEY_FREESP(&sp);
goto restart;
}
}
More information about the svn-src-stable-7
mailing list