On Sat, May 27, 2017 at 07:45:49PM +0200, Alexander Bluhm wrote: > On Sat, May 27, 2017 at 06:37:48PM +0200, Claudio Jeker wrote: > > Similar to the routing socket the pfkey socket only needs the > > netlock further down (in pfkeyv2_send()). With this all users of > > raw_usrreq are now not using the NET_LOCK which should simplify to push > > the NET_LOCK down. > > In sorflush() we have > sa_family_t af = pr->pr_domain->dom_family; > sblock(sb, M_WAITOK, > (af != PF_LOCAL && af != PF_ROUTE) ? &netlock : NULL); > > I think you should keep that in sync and add PF_KEY here. >
Agreed, new diff -- :wq Claudio Index: kern/uipc_socket.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.184 diff -u -p -r1.184 uipc_socket.c --- kern/uipc_socket.c 15 May 2017 13:00:10 -0000 1.184 +++ kern/uipc_socket.c 27 May 2017 18:27:05 -0000 @@ -1043,7 +1043,8 @@ sorflush(struct socket *so) sb->sb_flags |= SB_NOINTR; sblock(sb, M_WAITOK, - (af != PF_LOCAL && af != PF_ROUTE) ? &netlock : NULL); + (af != PF_LOCAL && af != PF_ROUTE && af != PF_KEY) ? + &netlock : NULL); socantrcvmore(so); sbunlock(sb); asb = *sb; Index: kern/uipc_socket2.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.76 diff -u -p -r1.76 uipc_socket2.c --- kern/uipc_socket2.c 15 May 2017 12:26:00 -0000 1.76 +++ kern/uipc_socket2.c 27 May 2017 14:04:34 -0000 @@ -273,7 +273,8 @@ solock(struct socket *so) int s; if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) && - (so->so_proto->pr_domain->dom_family != PF_ROUTE)) + (so->so_proto->pr_domain->dom_family != PF_ROUTE) && + (so->so_proto->pr_domain->dom_family != PF_KEY)) NET_LOCK(s); else s = -42; @@ -292,7 +293,8 @@ void soassertlocked(struct socket *so) { if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) && - (so->so_proto->pr_domain->dom_family != PF_ROUTE)) + (so->so_proto->pr_domain->dom_family != PF_ROUTE) && + (so->so_proto->pr_domain->dom_family != PF_KEY)) NET_ASSERT_LOCKED(); } @@ -300,7 +302,8 @@ int sosleep(struct socket *so, void *ident, int prio, const char *wmesg, int timo) { if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) && - (so->so_proto->pr_domain->dom_family != PF_ROUTE)) { + (so->so_proto->pr_domain->dom_family != PF_ROUTE) && + (so->so_proto->pr_domain->dom_family != PF_KEY)) { return rwsleep(ident, &netlock, prio, wmesg, timo); } else return tsleep(ident, prio, wmesg, timo); Index: net/pfkeyv2.c =================================================================== RCS file: /cvs/src/sys/net/pfkeyv2.c,v retrieving revision 1.156 diff -u -p -r1.156 pfkeyv2.c --- net/pfkeyv2.c 26 May 2017 19:11:20 -0000 1.156 +++ net/pfkeyv2.c 27 May 2017 16:24:37 -0000 @@ -795,7 +795,7 @@ pfkeyv2_get_proto_alg(u_int8_t satype, u int pfkeyv2_send(struct socket *socket, void *message, int len) { - int i, j, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST; + int i, j, s, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST; int delflag = 0; struct sockaddr_encap encapdst, encapnetmask; struct ipsec_policy *ipo, *tmpipo; @@ -820,7 +820,7 @@ pfkeyv2_send(struct socket *socket, void u_int rdomain; - NET_ASSERT_LOCKED(); + NET_LOCK(s); /* Verify that we received this over a legitimate pfkeyv2 socket */ bzero(headers, sizeof(headers)); @@ -1356,7 +1356,6 @@ pfkeyv2_send(struct socket *socket, void rval = tdb_walk(rdomain, pfkeyv2_dump_walker, &dump_state); if (!rval) goto realret; - if ((rval == ENOMEM) || (rval == ENOBUFS)) rval = 0; } @@ -1690,6 +1689,8 @@ ret: rval = pfkeyv2_sendmessage(headers, mode, socket, 0, 0, rdomain); realret: + NET_UNLOCK(s); + if (freeme) free(freeme, M_PFKEY, 0);