CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2023/08/08 04:14:29
Modified files:
sys/net : if_sec.c
Log message:
try to avoid a deadlock between sec_down and sec_send.
sec_send runs in the systq (because it calls ipsec stuff which uses
crypto, which is not mpsafe) and takes the net lock (because ipsec
output calls ip_output and other stuff). sec_down is called with
NET_LOCK held and tries to run a barrier for send task. if the send
task is running but is waiting for the net lock while sec_down is
holding the net lock while waiting for the task to finish, we're
deadlocked.
this copies the sc_up thing from pfsync, which hopefuly avoids this.
pointed out by mvs@
