CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2017/11/13 10:00:14
Modified files:
sys/net : pfkeyv2.c
Log message:
Grab the KERNEL_LOCK() to iterate on the global list of PF_KEY sockets.
It isn't safe to manipulate PF_KEY sockets without KERNEL_LOCK() because
they aren't protected by the NET_LOCK().
I missed this in my previous audit and neither my tests, the regression
tests nor the IPsec performance tests exposed the problem. Hopefully I
added the right check to soassertlocked() a while back.
Found the hardway by and ok sthen@
