We can remove these splsoftnet()/splx() dances because:

- pr_ctlinput* are now always called at IPL_SOFTNET
- ipsec_adjust_mtu() is only called in ip_output() so at the correct IPL.

ok?

Index: netinet/ipsec_input.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_input.c,v
retrieving revision 1.136
diff -u -p -r1.136 ipsec_input.c
--- netinet/ipsec_input.c       2 Sep 2016 09:39:32 -0000       1.136
+++ netinet/ipsec_input.c       19 Jan 2017 03:59:37 -0000
@@ -817,7 +817,6 @@ ipsec_common_ctlinput(u_int rdomain, int
     void *v, int proto)
 {
        struct ip *ip = v;
-       int s;
 
        if (cmd == PRC_MSGSIZE && ip && ip_mtudisc && ip->ip_v == 4) {
                struct tdb *tdbp;
@@ -846,21 +845,16 @@ ipsec_common_ctlinput(u_int rdomain, int
 
                bcopy((caddr_t)ip + hlen, &spi, sizeof(u_int32_t));
 
-               s = splsoftnet();
                tdbp = gettdb(rdomain, spi, (union sockaddr_union *)&dst,
                    proto);
-               if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID) {
-                       splx(s);
+               if (tdbp == NULL || tdbp->tdb_flags & TDBF_INVALID)
                        return (NULL);
-               }
 
                /* Walk the chain backwards to the first tdb */
                for (; tdbp; tdbp = tdbp->tdb_inext) {
                        if (tdbp->tdb_flags & TDBF_INVALID ||
-                           (adjust = ipsec_hdrsz(tdbp)) == -1) {
-                               splx(s);
+                           (adjust = ipsec_hdrsz(tdbp)) == -1)
                                return (NULL);
-                       }
 
                        mtu -= adjust;
 
@@ -873,8 +867,6 @@ ipsec_common_ctlinput(u_int rdomain, int
                            ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
                            adjust));
                }
-               splx(s);
-               return (NULL);
        }
        return (NULL);
 }
@@ -890,7 +882,8 @@ udpencap_ctlinput(int cmd, struct sockad
        ssize_t adjust;
        struct sockaddr_in dst, src;
        union sockaddr_union *su_dst, *su_src;
-       int s;
+
+       splsoftassert(IPL_SOFTNET);
 
        icp = (struct icmp *)((caddr_t) ip - offsetof(struct icmp, icmp_ip));
        mtu = ntohs(icp->icmp_nextmtu);
@@ -913,7 +906,6 @@ udpencap_ctlinput(int cmd, struct sockad
        src.sin_addr.s_addr = ip->ip_src.s_addr;
        su_src = (union sockaddr_union *)&src;
 
-       s = splsoftnet();
        tdbp = gettdbbysrcdst(rdomain, 0, su_src, su_dst, IPPROTO_ESP);
 
        for (; tdbp != NULL; tdbp = tdbp->tdb_snext) {
@@ -934,7 +926,6 @@ udpencap_ctlinput(int cmd, struct sockad
                        }
                }
        }
-       splx(s);
        return (NULL);
 }
 
Index: netinet/ipsec_output.c
===================================================================
RCS file: /cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.64
diff -u -p -r1.64 ipsec_output.c
--- netinet/ipsec_output.c      11 Oct 2016 22:08:01 -0000      1.64
+++ netinet/ipsec_output.c      19 Jan 2017 03:57:56 -0000
@@ -567,9 +567,8 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
        struct tdb *tdbp;
        struct m_tag *mtag;
        ssize_t adjust;
-       int s;
 
-       s = splsoftnet();
+       splsoftassert(IPL_SOFTNET);
 
        for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, NULL); mtag;
             mtag = m_tag_find(m, PACKET_TAG_IPSEC_OUT_DONE, mtag)) {
@@ -590,6 +589,4 @@ ipsec_adjust_mtu(struct mbuf *m, u_int32
                    ntohl(tdbp->tdb_spi), tdbp->tdb_mtu,
                    adjust, m));
        }
-
-       splx(s);
 }

Reply via email to