Re: RELENG_5 and FAST_IPSEC limits

Wed, 16 Mar 2005 11:39:39 -0800 

Hi,

>>>>> On Wed, 16 Mar 2005 10:17:14 -0800
>>>>> Sam Leffler <[EMAIL PROTECTED]> said:

sam> Note the change lacks any locking so if your SA db is changing there's a 
sam> good chance you'll blow up.

Ah, yes.  I forgot the fact that FAST_IPSEC is mpsafe.
How about this?  This is againt sys/netipsec/key.c with my previous
patch applied.

Index: sys/netipsec/key.c
diff -u -p sys/netipsec/key.c.old sys/netipsec/key.c
--- sys/netipsec/key.c.old      Thu Mar 17 03:52:18 2005
+++ sys/netipsec/key.c  Thu Mar 17 04:01:50 2005
@@ -2408,6 +2408,7 @@ key_setspddump(errorp)
 
        /* search SPD entry and get buffer size. */
        cnt = 0;
+       SPTREE_LOCK();
        for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
                LIST_FOREACH(sp, &sptree[dir], chain) {
                        cnt++;
@@ -2415,6 +2416,7 @@ key_setspddump(errorp)
        }
 
        if (cnt == 0) {
+               SPTREE_UNLOCK();
                *errorp = ENOENT;
                return (NULL);
        }
@@ -2426,6 +2428,7 @@ key_setspddump(errorp)
                        n = key_setdumpsp(sp, SADB_X_SPDDUMP, cnt, 0);
 
                        if (!n) {
+                               SPTREE_UNLOCK();
                                *errorp = ENOBUFS;
                                m_freem(m);
                                return (NULL);
@@ -2438,6 +2441,7 @@ key_setspddump(errorp)
                        }
                }
        }
+       SPTREE_UNLOCK();
 
        *errorp = 0;
        return (m);
@@ -6572,6 +6576,7 @@ key_setdump(req_satype, errorp)
 
        /* count sav entries to be sent to the userland. */
        cnt = 0;
+       SAHTREE_LOCK();
        LIST_FOREACH(sah, &sahtree, chain) {
                if (req_satype != SADB_SATYPE_UNSPEC &&
                    proto != sah->saidx.proto)
@@ -6588,6 +6593,7 @@ key_setdump(req_satype, errorp)
        }
 
        if (cnt == 0) {
+               SAHTREE_UNLOCK();
                *errorp = ENOENT;
                return (NULL);
        }
@@ -6601,6 +6607,7 @@ key_setdump(req_satype, errorp)
 
                /* map proto to satype */
                if ((satype = key_proto2satype(sah->saidx.proto)) == 0) {
+                       SAHTREE_UNLOCK();
                        m_freem(m);
                        *errorp = EINVAL;
                        return (NULL);
@@ -6614,6 +6621,7 @@ key_setdump(req_satype, errorp)
                                n = key_setdumpsa(sav, SADB_DUMP, satype,
                                    --cnt, 0);
                                if (!n) {
+                                       SAHTREE_UNLOCK();
                                        m_freem(m);
                                        *errorp = ENOBUFS;
                                        return (NULL);
@@ -6626,6 +6634,7 @@ key_setdump(req_satype, errorp)
                        }
                }
        }
+       SAHTREE_UNLOCK();
 
        if (!m) {
                *errorp = EINVAL;


Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED]  [EMAIL PROTECTED],jp.}FreeBSD.org
http://www.imasy.org/~ume/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to