Hi,
I made a little mistake when adding acquire refcount. The timeout
does not decrement the counter to 0 properly.
We have one reference count for the lists, and one for the timeout
handler. When the timout fires, it has to decrement the referenc
to itself. Then the ipa is removed from the lists and decremented
again.
ok?
bluhm
Index: netinet/ip_spd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_spd.c,v
retrieving revision 1.116
diff -u -p -r1.116 ip_spd.c
--- netinet/ip_spd.c 4 May 2022 15:29:58 -0000 1.116
+++ netinet/ip_spd.c 14 Jun 2022 12:08:37 -0000
@@ -714,7 +714,10 @@ ipsp_delete_acquire_timer(void *v)
{
struct ipsec_acquire *ipa = v;
- ipsp_delete_acquire(ipa);
+ mtx_enter(&ipsec_acquire_mtx);
+ refcnt_rele(&ipa->ipa_refcnt);
+ ipsp_delete_acquire_locked(ipa);
+ mtx_leave(&ipsec_acquire_mtx);
}
/*
