From 3234aae2af1b6938eaae524891568de12db7c8cc Mon Sep 17 00:00:00 2001 From: sam Date: Thu, 30 Sep 2004 01:08:02 +0000 Subject: Add missing locking for secpolicy refcnt manipulations. Submitted by: Roselyn Lee --- sys/netipsec/ipsec.c | 6 +++--- sys/netipsec/key.c | 12 ++++++++++++ sys/netipsec/key.h | 1 + 3 files changed, 16 insertions(+), 3 deletions(-) (limited to 'sys') diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index 24c99bf..e53cede 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -220,7 +220,7 @@ key_allocsp_default(const char* where, int tag) sp->policy, IPSEC_POLICY_NONE)); sp->policy = IPSEC_POLICY_NONE; } - sp->refcnt++; + key_addref(sp); KEYDEBUG(KEYDEBUG_IPSEC_STAMP, printf("DP key_allocsp_default returns SP:%p (%u)\n", @@ -317,7 +317,7 @@ ipsec_getpolicybysock(m, dir, inp, error) switch (currsp->policy) { case IPSEC_POLICY_BYPASS: case IPSEC_POLICY_IPSEC: - currsp->refcnt++; + key_addref(currsp); sp = currsp; break; @@ -350,7 +350,7 @@ ipsec_getpolicybysock(m, dir, inp, error) break; case IPSEC_POLICY_IPSEC: - currsp->refcnt++; + key_addref(currsp); sp = currsp; break; diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index c1f7d4e..df87232 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -512,6 +512,18 @@ static struct mbuf *key_alloc_mbuf __P((int)); IPSEC_ASSERT((p)->refcnt > 0, ("SP refcnt underflow")); \ (p)->refcnt--; \ } while (0) + + +/* + * Update the refcnt while holding the SPTREE lock. + */ +void +key_addref(struct secpolicy *sp) +{ + SPTREE_LOCK(); + SP_ADDREF(sp); + SPTREE_UNLOCK(); +} /* * Return 0 when there are known to be no SP's for the specified diff --git a/sys/netipsec/key.h b/sys/netipsec/key.h index 7ed9d95..75707d0 100644 --- a/sys/netipsec/key.h +++ b/sys/netipsec/key.h @@ -46,6 +46,7 @@ struct sadb_x_policy; struct secasindex; union sockaddr_union; +extern void key_addref(struct secpolicy *sp); extern int key_havesp(u_int dir); extern struct secpolicy *key_allocsp(struct secpolicyindex *, u_int, const char*, int); -- cgit v1.1