Module Name: src
Committed By: ozaki-r
Date: Thu Jul 27 06:59:28 UTC 2017
Modified Files:
src/sys/netinet: ip_input.c
src/sys/netinet6: ip6_input.c
src/sys/netipsec: ipsec_output.c ipsec_private.h key.c xform_ah.c
xform_esp.c xform_ipcomp.c
Log Message:
Don't acquire global locks for IPsec if NET_MPSAFE
Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
To generate a diff of this commit:
cvs rdiff -u -r1.359 -r1.360 src/sys/netinet/ip_input.c
cvs rdiff -u -r1.180 -r1.181 src/sys/netinet6/ip6_input.c
cvs rdiff -u -r1.56 -r1.57 src/sys/netipsec/ipsec_output.c
cvs rdiff -u -r1.4 -r1.5 src/sys/netipsec/ipsec_private.h
cvs rdiff -u -r1.194 -r1.195 src/sys/netipsec/key.c
cvs rdiff -u -r1.68 -r1.69 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.66 -r1.67 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/xform_ipcomp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netinet/ip_input.c
diff -u src/sys/netinet/ip_input.c:1.359 src/sys/netinet/ip_input.c:1.360
--- src/sys/netinet/ip_input.c:1.359 Wed Jul 19 07:24:46 2017
+++ src/sys/netinet/ip_input.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.359 2017/07/19 07:24:46 ozaki-r Exp $ */
+/* $NetBSD: ip_input.c,v 1.360 2017/07/27 06:59:28 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.359 2017/07/19 07:24:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.360 2017/07/27 06:59:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -754,13 +754,10 @@ ip_input(struct mbuf *m)
#ifdef IPSEC
/* Check the security policy (SP) for the packet */
if (ipsec_used) {
- SOFTNET_LOCK();
if (ipsec4_input(m, IP_FORWARDING |
(ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) {
- SOFTNET_UNLOCK();
goto out;
}
- SOFTNET_UNLOCK();
}
#endif
ip_forward(m, srcrt, ifp);
@@ -803,12 +800,9 @@ ours:
*/
if (ipsec_used &&
(inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) {
- SOFTNET_LOCK();
if (ipsec4_input(m, 0) != 0) {
- SOFTNET_UNLOCK();
goto out;
}
- SOFTNET_UNLOCK();
}
#endif
Index: src/sys/netinet6/ip6_input.c
diff -u src/sys/netinet6/ip6_input.c:1.180 src/sys/netinet6/ip6_input.c:1.181
--- src/sys/netinet6/ip6_input.c:1.180 Thu Jul 6 17:14:35 2017
+++ src/sys/netinet6/ip6_input.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.180 2017/07/06 17:14:35 christos Exp $ */
+/* $NetBSD: ip6_input.c,v 1.181 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.180 2017/07/06 17:14:35 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.181 2017/07/27 06:59:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -790,9 +790,7 @@ ip6_input(struct mbuf *m, struct ifnet *
& PR_LASTHDR) != 0) {
int error;
- SOFTNET_LOCK();
error = ipsec6_input(m);
- SOFTNET_UNLOCK();
if (error)
goto bad;
}
Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.56 src/sys/netipsec/ipsec_output.c:1.57
--- src/sys/netipsec/ipsec_output.c:1.56 Fri Jul 21 03:08:10 2017
+++ src/sys/netipsec/ipsec_output.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.56 2017/07/21 03:08:10 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,13 +29,14 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.56 2017/07/21 03:08:10 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $");
/*
* IPsec output processing.
*/
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
+#include "opt_net_mpsafe.h"
#endif
#include <sys/param.h>
@@ -117,10 +118,14 @@ ipsec_reinject_ipstack(struct mbuf *m, i
switch (af) {
#ifdef INET
case AF_INET:
+#ifndef NET_MPSAFE
KERNEL_LOCK(1, NULL);
+#endif
rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT|IP_NOIPNEWID,
NULL, NULL);
+#ifndef NET_MPSAFE
KERNEL_UNLOCK_ONE(NULL);
+#endif
return rv;
#endif /* INET */
@@ -130,9 +135,13 @@ ipsec_reinject_ipstack(struct mbuf *m, i
* We don't need massage, IPv6 header fields are always in
* net endian.
*/
+#ifndef NET_MPSAFE
KERNEL_LOCK(1, NULL);
+#endif
rv = ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL);
+#ifndef NET_MPSAFE
KERNEL_UNLOCK_ONE(NULL);
+#endif
return rv;
#endif /* INET6 */
}
Index: src/sys/netipsec/ipsec_private.h
diff -u src/sys/netipsec/ipsec_private.h:1.4 src/sys/netipsec/ipsec_private.h:1.5
--- src/sys/netipsec/ipsec_private.h:1.4 Wed Apr 19 03:39:14 2017
+++ src/sys/netipsec/ipsec_private.h Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_private.h,v 1.4 2017/04/19 03:39:14 ozaki-r Exp $ */
+/* $NetBSD: ipsec_private.h,v 1.5 2017/07/27 06:59:28 ozaki-r Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -79,6 +79,28 @@ extern percpu_t *pfkeystat_percpu;
/* superuser opened socket? */
#define IPSEC_PRIVILEGED_SO(so) ((so)->so_uidinfo->ui_uid == 0)
+#ifdef _KERNEL_OPT
+#include "opt_net_mpsafe.h"
+#endif
+
+#ifdef NET_MPSAFE
+#define IPSEC_DECLARE_LOCK_VARIABLE
+#define IPSEC_ACQUIRE_GLOBAL_LOCKS() do { } while (0)
+#define IPSEC_RELEASE_GLOBAL_LOCKS() do { } while (0)
+#else
+#include <sys/socketvar.h> /* for softnet_lock */
+
+#define IPSEC_DECLARE_LOCK_VARIABLE int __s
+#define IPSEC_ACQUIRE_GLOBAL_LOCKS() do { \
+ __s = splsoftnet(); \
+ mutex_enter(softnet_lock); \
+ } while (0)
+#define IPSEC_RELEASE_GLOBAL_LOCKS() do { \
+ mutex_exit(softnet_lock); \
+ splx(__s); \
+ } while (0)
+#endif
+
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPSEC_PRIVATE_H_ */
Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.194 src/sys/netipsec/key.c:1.195
--- src/sys/netipsec/key.c:1.194 Wed Jul 26 09:18:15 2017
+++ src/sys/netipsec/key.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.194 2017/07/26 09:18:15 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.195 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.194 2017/07/26 09:18:15 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.195 2017/07/27 06:59:28 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -4540,11 +4540,10 @@ key_timehandler_spacq(time_t now)
static void
key_timehandler_work(struct work *wk, void *arg)
{
- int s;
time_t now = time_uptime;
+ IPSEC_DECLARE_LOCK_VARIABLE;
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
key_timehandler_spd(now);
key_timehandler_sad(now);
@@ -4554,8 +4553,7 @@ key_timehandler_work(struct work *wk, vo
/* do exchange to tick time !! */
callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return;
}
Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.68 src/sys/netipsec/xform_ah.c:1.69
--- src/sys/netipsec/xform_ah.c:1.68 Thu Jul 20 08:07:14 2017
+++ src/sys/netipsec/xform_ah.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.69 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.69 2017/07/27 06:59:28 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -53,7 +53,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v
#include <sys/syslog.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
-#include <sys/socketvar.h> /* for softnet_lock */
#include <sys/pool.h>
#include <net/if.h>
@@ -797,9 +796,10 @@ ah_input_cb(struct cryptop *crp)
struct secasindex *saidx;
uint8_t nxt;
char *ptr;
- int s, authsize;
+ int authsize;
uint16_t dport;
uint16_t sport;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -812,8 +812,7 @@ ah_input_cb(struct cryptop *crp)
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
@@ -839,8 +838,7 @@ ah_input_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -934,14 +932,12 @@ ah_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m != NULL)
m_freem(m);
if (tc != NULL)
@@ -1182,7 +1178,8 @@ ah_output_cb(struct cryptop *crp)
struct secasvar *sav;
struct mbuf *m;
void *ptr;
- int s, err;
+ int err;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -1190,8 +1187,7 @@ ah_output_cb(struct cryptop *crp)
ptr = (tc + 1);
m = crp->crp_buf;
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
isr = tc->tc_isr;
sav = tc->tc_sav;
@@ -1220,8 +1216,7 @@ ah_output_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -1261,15 +1256,13 @@ ah_output_cb(struct cryptop *crp)
err = ipsec_process_done(m, isr, sav);
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return err;
bad:
if (sav)
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
pool_put(&ah_tdb_crypto_pool, tc);
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.66 src/sys/netipsec/xform_esp.c:1.67
--- src/sys/netipsec/xform_esp.c:1.66 Thu Jul 20 08:07:14 2017
+++ src/sys/netipsec/xform_esp.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.66 2017/07/20 08:07:14 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.67 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.66 2017/07/20 08:07:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.67 2017/07/27 06:59:28 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -53,7 +53,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_esp.c,
#include <sys/syslog.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
-#include <sys/socketvar.h> /* for softnet_lock */
#include <sys/cprng.h>
#include <sys/pool.h>
@@ -495,7 +494,7 @@ esp_input_cb(struct cryptop *crp)
{
char buf[IPSEC_ADDRSTRLEN];
uint8_t lastthree[3], aalg[AH_ALEN_MAX];
- int s, hlen, skip, protoff, error;
+ int hlen, skip, protoff, error;
struct mbuf *m;
const struct auth_hash *esph;
struct tdb_crypto *tc;
@@ -504,6 +503,7 @@ esp_input_cb(struct cryptop *crp)
void *ptr;
uint16_t dport;
uint16_t sport;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_desc != NULL);
KASSERT(crp->crp_opaque != NULL);
@@ -516,8 +516,7 @@ esp_input_cb(struct cryptop *crp)
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
@@ -550,8 +549,7 @@ esp_input_cb(struct cryptop *crp)
if (crp->crp_etype == EAGAIN) {
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -675,14 +673,12 @@ esp_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m != NULL)
m_freem(m);
if (tc != NULL)
@@ -956,14 +952,14 @@ esp_output_cb(struct cryptop *crp)
struct ipsecrequest *isr;
struct secasvar *sav;
struct mbuf *m;
- int s, err, error;
+ int err, error;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
m = crp->crp_buf;
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
isr = tc->tc_isr;
sav = tc->tc_sav;
@@ -997,8 +993,7 @@ esp_output_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -1038,15 +1033,13 @@ esp_output_cb(struct cryptop *crp)
err = ipsec_process_done(m, isr, sav);
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return err;
bad:
if (sav)
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
pool_put(&esp_tdb_crypto_pool, tc);
Index: src/sys/netipsec/xform_ipcomp.c
diff -u src/sys/netipsec/xform_ipcomp.c:1.47 src/sys/netipsec/xform_ipcomp.c:1.48
--- src/sys/netipsec/xform_ipcomp.c:1.47 Thu Jul 20 08:07:14 2017
+++ src/sys/netipsec/xform_ipcomp.c Thu Jul 27 06:59:28 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.47 2017/07/20 08:07:14 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.48 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.47 2017/07/20 08:07:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.48 2017/07/27 06:59:28 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -44,7 +44,6 @@ __KERNEL_RCSID(0, "$NetBSD: xform_ipcomp
#include <sys/kernel.h>
#include <sys/protosw.h>
#include <sys/sysctl.h>
-#include <sys/socketvar.h> /* for softnet_lock */
#include <sys/pool.h>
#include <netinet/in.h>
@@ -239,11 +238,12 @@ ipcomp_input_cb(struct cryptop *crp)
struct mbuf *m;
struct secasvar *sav;
struct secasindex *saidx __diagused;
- int s, hlen = IPCOMP_HLENGTH, error, clen;
+ int hlen = IPCOMP_HLENGTH, error, clen;
uint8_t nproto;
void *addr;
uint16_t dport;
uint16_t sport;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -254,8 +254,7 @@ ipcomp_input_cb(struct cryptop *crp)
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
@@ -283,8 +282,7 @@ ipcomp_input_cb(struct cryptop *crp)
if (crp->crp_etype == EAGAIN) {
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -350,14 +348,12 @@ ipcomp_input_cb(struct cryptop *crp)
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
if (tc != NULL)
@@ -519,10 +515,11 @@ ipcomp_output_cb(struct cryptop *crp)
struct ipsecrequest *isr;
struct secasvar *sav;
struct mbuf *m, *mo;
- int s, error, skip, rlen, roff;
+ int error, skip, rlen, roff;
uint8_t prot;
uint16_t cpi;
struct ipcomp * ipcomp;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -530,8 +527,7 @@ ipcomp_output_cb(struct cryptop *crp)
skip = tc->tc_skip;
rlen = crp->crp_ilen - skip;
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
isr = tc->tc_isr;
sav = tc->tc_sav;
@@ -561,8 +557,7 @@ ipcomp_output_cb(struct cryptop *crp)
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
IPCOMP_STATINC(IPCOMP_STAT_NOXFORM);
@@ -652,15 +647,13 @@ ipcomp_output_cb(struct cryptop *crp)
error = ipsec_process_done(m, isr, sav);
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
KEY_FREESAV(&sav);
KEY_FREESP(&isr->sp);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m)
m_freem(m);
pool_put(&ipcomp_tdb_crypto_pool, tc);
