On Mon, Feb 13, 2017 at 11:42:20AM +0100, Martin Pieuchot wrote:
> Like all other pr_sysctl functions, pfkeyv2_sysctl() is called with the
> NET_LOCK() held, so trade splsoftnet()/splx() dances with an assert.
>
> ok?
OK bluhm@
>
> Index: net/pfkeyv2.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.150
> diff -u -p -r1.150 pfkeyv2.c
> --- net/pfkeyv2.c 24 Jan 2017 10:08:30 -0000 1.150
> +++ net/pfkeyv2.c 13 Feb 2017 10:41:06 -0000
> @@ -2228,9 +2228,11 @@ pfkeyv2_sysctl(int *name, u_int namelen,
> void *new, size_t newlen)
> {
> struct pfkeyv2_sysctl_walk w;
> - int s, error = EINVAL;
> + int error = EINVAL;
> u_int rdomain;
>
> + splsoftassert(IPL_SOFTNET);
> +
> if (new)
> return (EPERM);
> if (namelen < 1)
> @@ -2246,9 +2248,7 @@ pfkeyv2_sysctl(int *name, u_int namelen,
> case NET_KEY_SADB_DUMP:
> if ((error = suser(curproc, 0)) != 0)
> return (error);
> - s = splsoftnet();
> error = tdb_walk(rdomain, pfkeyv2_sysctl_walker, &w);
> - splx(s);
> if (oldp)
> *oldlenp = w.w_where - oldp;
> else
> @@ -2256,10 +2256,8 @@ pfkeyv2_sysctl(int *name, u_int namelen,
> break;
>
> case NET_KEY_SPD_DUMP:
> - s = splsoftnet();
> error = pfkeyv2_ipo_walk(rdomain,
> pfkeyv2_sysctl_policydumper, &w);
> - splx(s);
> if (oldp)
> *oldlenp = w.w_where - oldp;
> else
