Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Don't acquire global locks for IPsec if NET_MPSAFE
details: https://anonhg.NetBSD.org/src/rev/e5876e7ae6e9
branches: trunk
changeset: 825655:e5876e7ae6e9
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Thu Jul 27 06:59:28 2017 +0000
description:
Don't acquire global locks for IPsec if NET_MPSAFE
Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
diffstat:
sys/netinet/ip_input.c | 10 ++--------
sys/netinet6/ip6_input.c | 6 ++----
sys/netipsec/ipsec_output.c | 13 +++++++++++--
sys/netipsec/ipsec_private.h | 24 +++++++++++++++++++++++-
sys/netipsec/key.c | 14 ++++++--------
sys/netipsec/xform_ah.c | 35 ++++++++++++++---------------------
sys/netipsec/xform_esp.c | 35 ++++++++++++++---------------------
sys/netipsec/xform_ipcomp.c | 35 ++++++++++++++---------------------
8 files changed, 86 insertions(+), 86 deletions(-)
diffs (truncated from 585 to 300 lines):
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netinet/ip_input.c
--- a/sys/netinet/ip_input.c Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netinet/ip_input.c Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_input.c,v 1.359 2017/07/19 07:24:46 ozaki-r Exp $ */
+/* $NetBSD: ip_input.c,v 1.360 2017/07/27 06:59:28 ozaki-r Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.359 2017/07/19 07:24:46 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_input.c,v 1.360 2017/07/27 06:59:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -754,13 +754,10 @@
#ifdef IPSEC
/* Check the security policy (SP) for the packet */
if (ipsec_used) {
- SOFTNET_LOCK();
if (ipsec4_input(m, IP_FORWARDING |
(ip_directedbcast ? IP_ALLOWBROADCAST : 0)) != 0) {
- SOFTNET_UNLOCK();
goto out;
}
- SOFTNET_UNLOCK();
}
#endif
ip_forward(m, srcrt, ifp);
@@ -803,12 +800,9 @@
*/
if (ipsec_used &&
(inetsw[ip_protox[ip->ip_p]].pr_flags & PR_LASTHDR) != 0) {
- SOFTNET_LOCK();
if (ipsec4_input(m, 0) != 0) {
- SOFTNET_UNLOCK();
goto out;
}
- SOFTNET_UNLOCK();
}
#endif
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netinet6/ip6_input.c
--- a/sys/netinet6/ip6_input.c Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netinet6/ip6_input.c Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ip6_input.c,v 1.180 2017/07/06 17:14:35 christos Exp $ */
+/* $NetBSD: ip6_input.c,v 1.181 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.180 2017/07/06 17:14:35 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_input.c,v 1.181 2017/07/27 06:59:28 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_gateway.h"
@@ -790,9 +790,7 @@
& PR_LASTHDR) != 0) {
int error;
- SOFTNET_LOCK();
error = ipsec6_input(m);
- SOFTNET_UNLOCK();
if (error)
goto bad;
}
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netipsec/ipsec_output.c
--- a/sys/netipsec/ipsec_output.c Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netipsec/ipsec_output.c Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_output.c,v 1.56 2017/07/21 03:08:10 ozaki-r Exp $ */
+/* $NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $ */
/*-
* Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,13 +29,14 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.56 2017/07/21 03:08:10 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.57 2017/07/27 06:59:28 ozaki-r Exp $");
/*
* IPsec output processing.
*/
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
+#include "opt_net_mpsafe.h"
#endif
#include <sys/param.h>
@@ -117,10 +118,14 @@
switch (af) {
#ifdef INET
case AF_INET:
+#ifndef NET_MPSAFE
KERNEL_LOCK(1, NULL);
+#endif
rv = ip_output(m, NULL, NULL, IP_RAWOUTPUT|IP_NOIPNEWID,
NULL, NULL);
+#ifndef NET_MPSAFE
KERNEL_UNLOCK_ONE(NULL);
+#endif
return rv;
#endif /* INET */
@@ -130,9 +135,13 @@
* We don't need massage, IPv6 header fields are always in
* net endian.
*/
+#ifndef NET_MPSAFE
KERNEL_LOCK(1, NULL);
+#endif
rv = ip6_output(m, NULL, NULL, 0, NULL, NULL, NULL);
+#ifndef NET_MPSAFE
KERNEL_UNLOCK_ONE(NULL);
+#endif
return rv;
#endif /* INET6 */
}
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netipsec/ipsec_private.h
--- a/sys/netipsec/ipsec_private.h Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netipsec/ipsec_private.h Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_private.h,v 1.4 2017/04/19 03:39:14 ozaki-r Exp $ */
+/* $NetBSD: ipsec_private.h,v 1.5 2017/07/27 06:59:28 ozaki-r Exp $ */
/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -79,6 +79,28 @@
/* superuser opened socket? */
#define IPSEC_PRIVILEGED_SO(so) ((so)->so_uidinfo->ui_uid == 0)
+#ifdef _KERNEL_OPT
+#include "opt_net_mpsafe.h"
+#endif
+
+#ifdef NET_MPSAFE
+#define IPSEC_DECLARE_LOCK_VARIABLE
+#define IPSEC_ACQUIRE_GLOBAL_LOCKS() do { } while (0)
+#define IPSEC_RELEASE_GLOBAL_LOCKS() do { } while (0)
+#else
+#include <sys/socketvar.h> /* for softnet_lock */
+
+#define IPSEC_DECLARE_LOCK_VARIABLE int __s
+#define IPSEC_ACQUIRE_GLOBAL_LOCKS() do { \
+ __s = splsoftnet(); \
+ mutex_enter(softnet_lock); \
+ } while (0)
+#define IPSEC_RELEASE_GLOBAL_LOCKS() do { \
+ mutex_exit(softnet_lock); \
+ splx(__s); \
+ } while (0)
+#endif
+
#endif /* _KERNEL */
#endif /* !_NETIPSEC_IPSEC_PRIVATE_H_ */
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netipsec/key.c
--- a/sys/netipsec/key.c Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netipsec/key.c Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.194 2017/07/26 09:18:15 ozaki-r Exp $ */
+/* $NetBSD: key.c,v 1.195 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
@@ -32,7 +32,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.194 2017/07/26 09:18:15 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.195 2017/07/27 06:59:28 ozaki-r Exp $");
/*
* This code is referd to RFC 2367
@@ -4540,11 +4540,10 @@
static void
key_timehandler_work(struct work *wk, void *arg)
{
- int s;
time_t now = time_uptime;
-
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_DECLARE_LOCK_VARIABLE;
+
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
key_timehandler_spd(now);
key_timehandler_sad(now);
@@ -4554,8 +4553,7 @@
/* do exchange to tick time !! */
callout_reset(&key_timehandler_ch, hz, key_timehandler, NULL);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return;
}
diff -r 88567f3ecaf5 -r e5876e7ae6e9 sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Thu Jul 27 03:21:42 2017 +0000
+++ b/sys/netipsec/xform_ah.c Thu Jul 27 06:59:28 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.69 2017/07/27 06:59:28 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.69 2017/07/27 06:59:28 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -53,7 +53,6 @@
#include <sys/syslog.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
-#include <sys/socketvar.h> /* for softnet_lock */
#include <sys/pool.h>
#include <net/if.h>
@@ -797,9 +796,10 @@
struct secasindex *saidx;
uint8_t nxt;
char *ptr;
- int s, authsize;
+ int authsize;
uint16_t dport;
uint16_t sport;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -812,8 +812,7 @@
/* find the source port for NAT-T */
nat_t_ports_get(m, &dport, &sport);
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
sav = tc->tc_sav;
if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
@@ -839,8 +838,7 @@
sav->tdb_cryptoid = crp->crp_sid;
if (crp->crp_etype == EAGAIN) {
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return crypto_dispatch(crp);
}
@@ -934,14 +932,12 @@
IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff);
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
return error;
bad:
if (sav)
KEY_FREESAV(&sav);
- mutex_exit(softnet_lock);
- splx(s);
+ IPSEC_RELEASE_GLOBAL_LOCKS();
if (m != NULL)
m_freem(m);
if (tc != NULL)
@@ -1182,7 +1178,8 @@
struct secasvar *sav;
struct mbuf *m;
void *ptr;
- int s, err;
+ int err;
+ IPSEC_DECLARE_LOCK_VARIABLE;
KASSERT(crp->crp_opaque != NULL);
tc = crp->crp_opaque;
@@ -1190,8 +1187,7 @@
ptr = (tc + 1);
m = crp->crp_buf;
- s = splsoftnet();
- mutex_enter(softnet_lock);
+ IPSEC_ACQUIRE_GLOBAL_LOCKS();
Home |
Main Index |
Thread Index |
Old Index