On Sat, May 27, 2017 at 07:45:49PM +0200, Alexander Bluhm wrote:
> On Sat, May 27, 2017 at 06:37:48PM +0200, Claudio Jeker wrote:
> > Similar to the routing socket the pfkey socket only needs the
> > netlock further down (in pfkeyv2_send()). With this all users of
> > raw_usrreq are now not using the NET_LOCK which should simplify to push
> > the NET_LOCK down.
>
> In sorflush() we have
> sa_family_t af = pr->pr_domain->dom_family;
> sblock(sb, M_WAITOK,
> (af != PF_LOCAL && af != PF_ROUTE) ? &netlock : NULL);
>
> I think you should keep that in sync and add PF_KEY here.
>
Agreed, new diff
--
:wq Claudio
Index: kern/uipc_socket.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.184
diff -u -p -r1.184 uipc_socket.c
--- kern/uipc_socket.c 15 May 2017 13:00:10 -0000 1.184
+++ kern/uipc_socket.c 27 May 2017 18:27:05 -0000
@@ -1043,7 +1043,8 @@ sorflush(struct socket *so)
sb->sb_flags |= SB_NOINTR;
sblock(sb, M_WAITOK,
- (af != PF_LOCAL && af != PF_ROUTE) ? &netlock : NULL);
+ (af != PF_LOCAL && af != PF_ROUTE && af != PF_KEY) ?
+ &netlock : NULL);
socantrcvmore(so);
sbunlock(sb);
asb = *sb;
Index: kern/uipc_socket2.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.76
diff -u -p -r1.76 uipc_socket2.c
--- kern/uipc_socket2.c 15 May 2017 12:26:00 -0000 1.76
+++ kern/uipc_socket2.c 27 May 2017 14:04:34 -0000
@@ -273,7 +273,8 @@ solock(struct socket *so)
int s;
if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) &&
- (so->so_proto->pr_domain->dom_family != PF_ROUTE))
+ (so->so_proto->pr_domain->dom_family != PF_ROUTE) &&
+ (so->so_proto->pr_domain->dom_family != PF_KEY))
NET_LOCK(s);
else
s = -42;
@@ -292,7 +293,8 @@ void
soassertlocked(struct socket *so)
{
if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) &&
- (so->so_proto->pr_domain->dom_family != PF_ROUTE))
+ (so->so_proto->pr_domain->dom_family != PF_ROUTE) &&
+ (so->so_proto->pr_domain->dom_family != PF_KEY))
NET_ASSERT_LOCKED();
}
@@ -300,7 +302,8 @@ int
sosleep(struct socket *so, void *ident, int prio, const char *wmesg, int timo)
{
if ((so->so_proto->pr_domain->dom_family != PF_LOCAL) &&
- (so->so_proto->pr_domain->dom_family != PF_ROUTE)) {
+ (so->so_proto->pr_domain->dom_family != PF_ROUTE) &&
+ (so->so_proto->pr_domain->dom_family != PF_KEY)) {
return rwsleep(ident, &netlock, prio, wmesg, timo);
} else
return tsleep(ident, prio, wmesg, timo);
Index: net/pfkeyv2.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.156
diff -u -p -r1.156 pfkeyv2.c
--- net/pfkeyv2.c 26 May 2017 19:11:20 -0000 1.156
+++ net/pfkeyv2.c 27 May 2017 16:24:37 -0000
@@ -795,7 +795,7 @@ pfkeyv2_get_proto_alg(u_int8_t satype, u
int
pfkeyv2_send(struct socket *socket, void *message, int len)
{
- int i, j, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST;
+ int i, j, s, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST;
int delflag = 0;
struct sockaddr_encap encapdst, encapnetmask;
struct ipsec_policy *ipo, *tmpipo;
@@ -820,7 +820,7 @@ pfkeyv2_send(struct socket *socket, void
u_int rdomain;
- NET_ASSERT_LOCKED();
+ NET_LOCK(s);
/* Verify that we received this over a legitimate pfkeyv2 socket */
bzero(headers, sizeof(headers));
@@ -1356,7 +1356,6 @@ pfkeyv2_send(struct socket *socket, void
rval = tdb_walk(rdomain, pfkeyv2_dump_walker, &dump_state);
if (!rval)
goto realret;
-
if ((rval == ENOMEM) || (rval == ENOBUFS))
rval = 0;
}
@@ -1690,6 +1689,8 @@ ret:
rval = pfkeyv2_sendmessage(headers, mode, socket, 0, 0, rdomain);
realret:
+ NET_UNLOCK(s);
+
if (freeme)
free(freeme, M_PFKEY, 0);
