CVSROOT: /cvs Module name: src Changes by: m...@cvs.openbsd.org 2017/11/13 10:00:14
Modified files: sys/net : pfkeyv2.c Log message: Grab the KERNEL_LOCK() to iterate on the global list of PF_KEY sockets. It isn't safe to manipulate PF_KEY sockets without KERNEL_LOCK() because they aren't protected by the NET_LOCK(). I missed this in my previous audit and neither my tests, the regression tests nor the IPsec performance tests exposed the problem. Hopefully I added the right check to soassertlocked() a while back. Found the hardway by and ok sthen@