From 6e1cb07c00e4d2ec529383b09d8f166eec355949 Mon Sep 17 00:00:00 2001
From: vanhu <vanhu@FreeBSD.org>
Date: Wed, 27 May 2009 09:31:50 +0000
Subject: Only decrease refcnt once when flushing SPD entries, to avoid
 flushing entries which are still used.

Approved by:	gnn(mentor)
Obtained from:	NETASQ
MFC after:	1 month
---
 sys/netipsec/key.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

(limited to 'sys')

diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 0d60149..83377e5 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -4103,10 +4103,21 @@ restart:
 			if (sp->scangen == gen)		/* previously handled */
 				continue;
 			sp->scangen = gen;
-			if (sp->state == IPSEC_SPSTATE_DEAD) {
-				/* NB: clean entries created by key_spdflush */
+			if (sp->state == IPSEC_SPSTATE_DEAD &&
+			    sp->refcnt == 1) {
+				/*
+				 * Ensure that we only decrease refcnt once,
+				 * when we're the last consumer.
+				 * Directly call SP_DELREF/key_delsp instead
+				 * of KEY_FREESP to avoid unlocking/relocking
+				 * SPTREE_LOCK before key_delsp: may refcnt
+				 * be increased again during that time ?
+				 * NB: also clean entries created by
+				 * key_spdflush
+				 */
+				SP_DELREF(sp);
+				key_delsp(sp);
 				SPTREE_UNLOCK();
-				KEY_FREESP(&sp);
 				goto restart;
 			}
 			if (sp->lifetime == 0 && sp->validtime == 0)
@@ -4116,7 +4127,6 @@ restart:
 				sp->state = IPSEC_SPSTATE_DEAD;
 				SPTREE_UNLOCK();
 				key_spdexpire(sp);
-				KEY_FREESP(&sp);
 				goto restart;
 			}
 		}
-- 
cgit v1.1