Author: vanhu
Date: Fri Jun 26 13:37:53 2009
New Revision: 195053
URL: http://svn.freebsd.org/changeset/base/195053
Log:
MFC: Only decrease refcnt once when flushing SPD entries, to
avoid flushing entries which are still used.
Obtained from: NETASQ
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
stable/7/sys/netipsec/key.c
Modified: stable/7/sys/netipsec/key.c
==============================================================================
--- stable/7/sys/netipsec/key.c Fri Jun 26 11:58:15 2009 (r195052)
+++ stable/7/sys/netipsec/key.c Fri Jun 26 13:37:53 2009 (r195053)
@@ -4057,10 +4057,21 @@ restart:
if (sp->scangen == gen) /* previously handled */
continue;
sp->scangen = gen;
- if (sp->state == IPSEC_SPSTATE_DEAD) {
- /* NB: clean entries created by key_spdflush */
+ if (sp->state == IPSEC_SPSTATE_DEAD &&
+ sp->refcnt == 1) {
+ /*
+ * Ensure that we only decrease refcnt once,
+ * when we're the last consumer.
+ * Directly call SP_DELREF/key_delsp instead
+ * of KEY_FREESP to avoid unlocking/relocking
+ * SPTREE_LOCK before key_delsp: may refcnt
+ * be increased again during that time ?
+ * NB: also clean entries created by
+ * key_spdflush
+ */
+ SP_DELREF(sp);
+ key_delsp(sp);
SPTREE_UNLOCK();
- KEY_FREESP(&sp);
goto restart;
}
if (sp->lifetime == 0 && sp->validtime == 0)
@@ -4070,7 +4081,6 @@ restart:
sp->state = IPSEC_SPSTATE_DEAD;
SPTREE_UNLOCK();
key_spdexpire(sp);
- KEY_FREESP(&sp);
goto restart;
}
}
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
