Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: src/sys
Module Name: src
Committed By: ozaki-r
Date: Wed Aug 2 01:28:03 UTC 2017
Modified Files:
src/sys/netinet6: ip6_forward.c ip6_output.c
src/sys/netipsec: ipsec.c ipsec.h key.c key.h xform_ah.c xform_esp.c
xform_ipcomp.c
src/sys/rump/librump/rumpnet: net_stub.c
Log Message:
Make IPsec SPD MP-safe
We use localcount(9), not psref(9), to make the sptree and secpolicy (SP)
entries MP-safe because SPs need to be referenced over opencrypto
processing that executes a callback in a different context.
SPs on sockets aren't managed by the sptree and can be destroyed in softint.
localcount_drain cannot be used in softint so we delay the destruction of
such SPs to a thread context. To do so, a list to manage such SPs is added
(key_socksplist) and key_timehandler_spd deletes dead SPs in the list.
For more details please read the locking notes in key.c.
Proposed on tech-kern@ and tech-net@
To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 src/sys/netinet6/ip6_forward.c
cvs rdiff -u -r1.192 -r1.193 src/sys/netinet6/ip6_output.c
cvs rdiff -u -r1.112 -r1.113 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec.h
cvs rdiff -u -r1.196 -r1.197 src/sys/netipsec/key.c
cvs rdiff -u -r1.25 -r1.26 src/sys/netipsec/key.h
cvs rdiff -u -r1.69 -r1.70 src/sys/netipsec/xform_ah.c
cvs rdiff -u -r1.67 -r1.68 src/sys/netipsec/xform_esp.c
cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/xform_ipcomp.c
cvs rdiff -u -r1.26 -r1.27 src/sys/rump/librump/rumpnet/net_stub.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index