fixed two race conditions when inserting/removing SAs via PFKey,

which can both lead to a kernel panic when adding/removing quickly a lot of SAs. Obtained from: NETASQ MFC after: 2w (MFC on 8 before 8.0 release ???)
author: vanhu <vanhu@FreeBSD.org> 2009-11-17 16:00:41 +0000
committer: vanhu <vanhu@FreeBSD.org> 2009-11-17 16:00:41 +0000
commit: 7b642517df2ee2c6cb82eb5cd127c7afe7309dc7 (patch)
tree: 87668138b7e4c509c71303ca6d2e3006eefdd209 /sys/netipsec
parent: 42d253f0148105546f591c61ab9e265f70653656 (diff)
download: FreeBSD-src-7b642517df2ee2c6cb82eb5cd127c7afe7309dc7.zip
FreeBSD-src-7b642517df2ee2c6cb82eb5cd127c7afe7309dc7.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 3cc5a6c..c5aa4b7 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2852,9 +2852,10 @@ key_newsav(m, mhp, sah, errp, where, tag)
 	sa_initref(newsav);
 	newsav->state = SADB_SASTATE_LARVAL;
 
-	/* XXX locking??? */
+	SAHTREE_LOCK();
 	LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 			secasvar, chain);
+	SAHTREE_UNLOCK();
 done:
 	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 		printf("DP %s from %s:%u return SP:%p\n", __func__,
@@ -5698,8 +5699,8 @@ key_delete(so, m, mhp)
 	}
 
 	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-	SAHTREE_UNLOCK();
 	KEY_FREESAV(&sav);
+	SAHTREE_UNLOCK();
 
     {
 	struct mbuf *n;
author	vanhu <vanhu@FreeBSD.org>	2009-11-17 16:00:41 +0000
committer	vanhu <vanhu@FreeBSD.org>	2009-11-17 16:00:41 +0000
commit	7b642517df2ee2c6cb82eb5cd127c7afe7309dc7 (patch)
tree	87668138b7e4c509c71303ca6d2e3006eefdd209 /sys/netipsec
parent	42d253f0148105546f591c61ab9e265f70653656 (diff)
download	FreeBSD-src-7b642517df2ee2c6cb82eb5cd127c7afe7309dc7.zip FreeBSD-src-7b642517df2ee2c6cb82eb5cd127c7afe7309dc7.tar.gz