diff options
author | vanhu <vanhu@FreeBSD.org> | 2009-05-27 09:31:50 +0000 |
---|---|---|
committer | vanhu <vanhu@FreeBSD.org> | 2009-05-27 09:31:50 +0000 |
commit | 6e1cb07c00e4d2ec529383b09d8f166eec355949 (patch) | |
tree | b17e5846fe6272eee4ce616afbbff931fc474b05 | |
parent | b0f73e19e78a585651be0ca62936bafb513d974e (diff) | |
download | FreeBSD-src-6e1cb07c00e4d2ec529383b09d8f166eec355949.zip FreeBSD-src-6e1cb07c00e4d2ec529383b09d8f166eec355949.tar.gz |
Only decrease refcnt once when flushing SPD entries, to
avoid flushing entries which are still used.
Approved by: gnn(mentor)
Obtained from: NETASQ
MFC after: 1 month
-rw-r--r-- | sys/netipsec/key.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 0d60149..83377e5 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -4103,10 +4103,21 @@ restart: if (sp->scangen == gen) /* previously handled */ continue; sp->scangen = gen; - if (sp->state == IPSEC_SPSTATE_DEAD) { - /* NB: clean entries created by key_spdflush */ + if (sp->state == IPSEC_SPSTATE_DEAD && + sp->refcnt == 1) { + /* + * Ensure that we only decrease refcnt once, + * when we're the last consumer. + * Directly call SP_DELREF/key_delsp instead + * of KEY_FREESP to avoid unlocking/relocking + * SPTREE_LOCK before key_delsp: may refcnt + * be increased again during that time ? + * NB: also clean entries created by + * key_spdflush + */ + SP_DELREF(sp); + key_delsp(sp); SPTREE_UNLOCK(); - KEY_FREESP(&sp); goto restart; } if (sp->lifetime == 0 && sp->validtime == 0) @@ -4116,7 +4127,6 @@ restart: sp->state = IPSEC_SPSTATE_DEAD; SPTREE_UNLOCK(); key_spdexpire(sp); - KEY_FREESP(&sp); goto restart; } } |