Subject: Re: CVS commit: syssrc/sys/netinet6
To: None <wrstuden@netbsd.org>
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
List: source-changes
Date: 05/11/2002 05:04:35
----Next_Part(Sat_May_11_05:04:35_2002_343)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: Bill Studenmund <wrstuden@netbsd.org>
Subject: Re: CVS commit: syssrc/sys/netinet6
Date: Fri, 10 May 2002 08:17:27 -0700 (PDT)
> On Fri, 10 May 2002, Jun-ichiro itojun Hagino wrote:
> > Log Message:
> > disable ipsec policy caching on pcb, as it seems that there's some reference-
> > counting mistake that causes panic - see PR 15953 and 13813.
> >
> > i am unable to find the real cause of problem, so it is a shortterm workaround,
> > hopefully.
>
> I looked into this at one point. One thing that would probably help is to
> add a macro for increasing the reference count. That way we can easily
> instrument checks on refrence adding in addition to reference releaseing.
> Tests like make sure we aren't about to overflow or we aren't adding a
> reference to something with 0 references.
I think this patch fix the problem.
---
YAMAMOTO Takashi<yamt@mwd.biglobe.ne.jp>
----Next_Part(Sat_May_11_05:04:35_2002_343)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="key.c.diff"
Index: key.c
===================================================================
RCS file: /cvs/cvsroot/syssrc/sys/netkey/key.c,v
retrieving revision 1.60
diff -u -p -r1.60 key.c
--- key.c 2002/03/21 02:27:50 1.60
+++ key.c 2002/05/10 19:59:40
@@ -961,10 +961,8 @@ key_delsp(sp)
if (sp == NULL)
panic("key_delsp: NULL pointer is passed.\n");
- sp->state = IPSEC_SPSTATE_DEAD;
-
if (sp->refcnt > 0)
- return; /* can't free */
+ panic("key_delsp: refcnt > 0");
s = splsoftnet(); /*called from softclock()*/
/* remove from SP index */
@@ -1558,6 +1556,7 @@ key_spdadd(so, m, mhp)
if (newsp) {
newsp->state = IPSEC_SPSTATE_DEAD;
key_freesp(newsp);
+ key_freesp(newsp);
}
} else {
if (newsp != NULL) {
@@ -1778,6 +1777,7 @@ key_spddelete(so, m, mhp)
sp->state = IPSEC_SPSTATE_DEAD;
key_freesp(sp);
+ key_freesp(sp);
/* invalidate all cached SPD pointers on pcb */
ipsec_invalpcbcacheall();
@@ -1843,6 +1843,7 @@ key_spddelete2(so, m, mhp)
sp->state = IPSEC_SPSTATE_DEAD;
key_freesp(sp);
+ key_freesp(sp);
/* invalidate all cached SPD pointers on pcb */
ipsec_invalpcbcacheall();
@@ -2051,8 +2052,16 @@ key_spdflush(so, m, mhp)
return key_senderror(so, m, EINVAL);
for (dir = 0; dir < IPSEC_DIR_MAX; dir++) {
- LIST_FOREACH(sp, &sptree[dir], chain) {
+ struct secpolicy *nextsp;
+
+ for (sp = LIST_FIRST(&sptree[dir]);
+ sp;
+ sp = nextsp) {
+ nextsp = LIST_NEXT(sp, chain);
+ if (sp->state == IPSEC_SPSTATE_DEAD)
+ continue;
sp->state = IPSEC_SPSTATE_DEAD;
+ key_freesp(sp);
}
}
@@ -3842,7 +3851,7 @@ void
key_timehandler(arg)
void *arg;
{
- u_int dir;
+/* u_int dir; */
int s;
struct timeval tv;
@@ -3850,6 +3859,7 @@ key_timehandler(arg)
s = splsoftnet(); /*called from softclock()*/
+#if 0
/* SPD */
{
struct secpolicy *sp, *nextsp;
@@ -3866,6 +3876,7 @@ key_timehandler(arg)
}
}
}
+#endif
/* SAD */
{
----Next_Part(Sat_May_11_05:04:35_2002_343)----