Like all other pr_sysctl functions, pfkeyv2_sysctl() is called with the
NET_LOCK() held, so trade splsoftnet()/splx() dances with an assert.
ok?
Index: net/pfkeyv2.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.150
diff -u -p -r1.150 pfkeyv2.c
--- net/pfkeyv2.c 24 Jan 2017 10:08:30 -0000 1.150
+++ net/pfkeyv2.c 13 Feb 2017 10:41:06 -0000
@@ -2228,9 +2228,11 @@ pfkeyv2_sysctl(int *name, u_int namelen,
void *new, size_t newlen)
{
struct pfkeyv2_sysctl_walk w;
- int s, error = EINVAL;
+ int error = EINVAL;
u_int rdomain;
+ splsoftassert(IPL_SOFTNET);
+
if (new)
return (EPERM);
if (namelen < 1)
@@ -2246,9 +2248,7 @@ pfkeyv2_sysctl(int *name, u_int namelen,
case NET_KEY_SADB_DUMP:
if ((error = suser(curproc, 0)) != 0)
return (error);
- s = splsoftnet();
error = tdb_walk(rdomain, pfkeyv2_sysctl_walker, &w);
- splx(s);
if (oldp)
*oldlenp = w.w_where - oldp;
else
@@ -2256,10 +2256,8 @@ pfkeyv2_sysctl(int *name, u_int namelen,
break;
case NET_KEY_SPD_DUMP:
- s = splsoftnet();
error = pfkeyv2_ipo_walk(rdomain,
pfkeyv2_sysctl_policydumper, &w);
- splx(s);
if (oldp)
*oldlenp = w.w_where - oldp;
else
