From 7b642517df2ee2c6cb82eb5cd127c7afe7309dc7 Mon Sep 17 00:00:00 2001
From: vanhu <vanhu@FreeBSD.org>
Date: Tue, 17 Nov 2009 16:00:41 +0000
Subject: fixed two race conditions when inserting/removing SAs via PFKey,
 which can both lead to a kernel panic when adding/removing quickly a lot of
 SAs.

Obtained from:	NETASQ
MFC after:	2w (MFC on 8 before 8.0 release ???)
---
 sys/netipsec/key.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sys/netipsec/key.c')

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 3cc5a6c..c5aa4b7 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -2852,9 +2852,10 @@ key_newsav(m, mhp, sah, errp, where, tag)
 	sa_initref(newsav);
 	newsav->state = SADB_SASTATE_LARVAL;
 
-	/* XXX locking??? */
+	SAHTREE_LOCK();
 	LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 			secasvar, chain);
+	SAHTREE_UNLOCK();
 done:
 	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 		printf("DP %s from %s:%u return SP:%p\n", __func__,
@@ -5698,8 +5699,8 @@ key_delete(so, m, mhp)
 	}
 
 	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-	SAHTREE_UNLOCK();
 	KEY_FREESAV(&sav);
+	SAHTREE_UNLOCK();
 
     {
 	struct mbuf *n;
-- 
cgit v1.1