diff options
| author | pjd <pjd@FreeBSD.org> | 2006-03-23 23:26:34 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2006-03-23 23:26:34 +0000 |
| commit | 7d617251ccf3bd1070412da64297d4297326750f (patch) | |
| tree | c1bc7035e9d14907aec090c8b90c47ea48fcb3f8 /sys/netipsec | |
| parent | ca9322eb004cb4c274348373abcea11f597d4347 (diff) | |
| download | FreeBSD-src-7d617251ccf3bd1070412da64297d4297326750f.zip FreeBSD-src-7d617251ccf3bd1070412da64297d4297326750f.tar.gz | |
Allow to use fast_ipsec(4) on debug.mpsafenet=0 and INVARIANTS-enabled
systems. Without the change it will panic on assertions.
MFC after: 2 weeks
Diffstat (limited to 'sys/netipsec')
| -rw-r--r-- | sys/netipsec/xform_ah.c | 21 | ||||
| -rw-r--r-- | sys/netipsec/xform_esp.c | 17 | ||||
| -rw-r--r-- | sys/netipsec/xform_ipcomp.c | 17 |
3 files changed, 44 insertions, 11 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 3b1f665..862134f 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -734,6 +734,8 @@ ah_input_cb(struct cryptop *crp) caddr_t ptr; int authsize; + NET_LOCK_GIANT(); + crd = crp->crp_desc; tc = (struct tdb_crypto *) crp->crp_opaque; @@ -764,8 +766,11 @@ ah_input_cb(struct cryptop *crp) if (sav->tdb_cryptoid != 0) sav->tdb_cryptoid = crp->crp_sid; - if (crp->crp_etype == EAGAIN) - return crypto_dispatch(crp); + if (crp->crp_etype == EAGAIN) { + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; + } ahstat.ahs_noxform++; DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); @@ -857,7 +862,7 @@ ah_input_cb(struct cryptop *crp) IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag); KEY_FREESAV(&sav); - + NET_UNLOCK_GIANT(); return error; bad: if (sav) @@ -868,6 +873,7 @@ bad: free(tc, M_XDATA); if (crp != NULL) crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } @@ -1114,6 +1120,8 @@ ah_output_cb(struct cryptop *crp) caddr_t ptr; int err; + NET_LOCK_GIANT(); + tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); skip = tc->tc_skip; @@ -1140,7 +1148,9 @@ ah_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - return crypto_dispatch(crp); + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; } ahstat.ahs_noxform++; @@ -1172,7 +1182,7 @@ ah_output_cb(struct cryptop *crp) err = ipsec_process_done(m, isr); KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - + NET_UNLOCK_GIANT(); return err; bad: if (sav) @@ -1182,6 +1192,7 @@ bad: m_freem(m); free(tc, M_XDATA); crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index d9c013b..107dccf 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -460,6 +460,8 @@ esp_input_cb(struct cryptop *crp) struct secasindex *saidx; caddr_t ptr; + NET_LOCK_GIANT(); + crd = crp->crp_desc; IPSEC_ASSERT(crd != NULL, ("null crypto descriptor!")); @@ -496,7 +498,9 @@ esp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - return crypto_dispatch(crp); + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; } espstat.esps_noxform++; @@ -625,6 +629,7 @@ esp_input_cb(struct cryptop *crp) IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag); KEY_FREESAV(&sav); + NET_UNLOCK_GIANT(); return error; bad: if (sav) @@ -635,6 +640,7 @@ bad: free(tc, M_XDATA); if (crp != NULL) crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } @@ -881,6 +887,8 @@ esp_output_cb(struct cryptop *crp) struct mbuf *m; int err, error; + NET_LOCK_GIANT(); + tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); m = (struct mbuf *) crp->crp_buf; @@ -908,7 +916,9 @@ esp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - return crypto_dispatch(crp); + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; } espstat.esps_noxform++; @@ -936,7 +946,7 @@ esp_output_cb(struct cryptop *crp) err = ipsec_process_done(m, isr); KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - + NET_UNLOCK_GIANT(); return err; bad: if (sav) @@ -946,6 +956,7 @@ bad: m_freem(m); free(tc, M_XDATA); crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 1ad6c49..6885584 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -219,6 +219,8 @@ ipcomp_input_cb(struct cryptop *crp) u_int8_t nproto; caddr_t addr; + NET_LOCK_GIANT(); + crd = crp->crp_desc; tc = (struct tdb_crypto *) crp->crp_opaque; @@ -249,7 +251,9 @@ ipcomp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - return crypto_dispatch(crp); + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; } ipcompstat.ipcomps_noxform++; @@ -302,6 +306,7 @@ ipcomp_input_cb(struct cryptop *crp) IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, NULL); KEY_FREESAV(&sav); + NET_UNLOCK_GIANT(); return error; bad: if (sav) @@ -312,6 +317,7 @@ bad: free(tc, M_XDATA); if (crp) crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } @@ -493,6 +499,8 @@ ipcomp_output_cb(struct cryptop *crp) struct mbuf *m; int error, skip, rlen; + NET_LOCK_GIANT(); + tc = (struct tdb_crypto *) crp->crp_opaque; IPSEC_ASSERT(tc != NULL, ("null opaque data area!")); m = (struct mbuf *) crp->crp_buf; @@ -519,7 +527,9 @@ ipcomp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - return crypto_dispatch(crp); + error = crypto_dispatch(crp); + NET_UNLOCK_GIANT(); + return error; } ipcompstat.ipcomps_noxform++; DPRINTF(("%s: crypto error %d\n", __func__, crp->crp_etype)); @@ -572,7 +582,7 @@ ipcomp_output_cb(struct cryptop *crp) error = ipsec_process_done(m, isr); KEY_FREESAV(&sav); IPSECREQUEST_UNLOCK(isr); - + NET_UNLOCK_GIANT(); return error; bad: if (sav) @@ -582,6 +592,7 @@ bad: m_freem(m); free(tc, M_XDATA); crypto_freereq(crp); + NET_UNLOCK_GIANT(); return error; } |
