CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2009/09/03 01:47:27
Modified files:
sys/crypto : crypto.c cryptodev.h
Log message:
crypto hardware (eg, hifn) establishes its interrupt handler at
IPL_NET. when the hardware finishes some work for the crypto subsystem
and therefore something in the kernel that wanted crypto done, it
calls crypto_done from that interrupt handler.
one of the things that uses crypto is ipsec. when crypto is done
for ipsec it then pushes the packet along the network stack. the
problem is that all the structures inside the network stack are
only protected at splsoftnet. we could be in the middle of modifications
to the pf state table or the pfsync queues when we get a hifn
interrupt and then go stomp on the same structures.
the solution is to defer the completions so they can do the right
spl protections.
this basically reverts r1.46 of src/sys/crypto/crypto.c.
found by naddy@
