It does read-olny access to tetlock protected data, so the radix tree will not be modified during spd_table_walk() run.
The second spd_table_walk() call in PF_KEY layer can't be performed with shared netlock, because pfkeyv2_policy_flush() modifies tree and the following tdb_walk() requires exclusive netlock. ok? Index: sys/net/pfkeyv2.c =================================================================== RCS file: /cvs/src/sys/net/pfkeyv2.c,v retrieving revision 1.255 diff -u -p -r1.255 pfkeyv2.c --- sys/net/pfkeyv2.c 8 Jan 2023 10:26:36 -0000 1.255 +++ sys/net/pfkeyv2.c 21 Apr 2023 11:08:13 -0000 @@ -2711,10 +2711,10 @@ pfkeyv2_sysctl(int *name, u_int namelen, break; case NET_KEY_SPD_DUMP: - NET_LOCK(); + NET_LOCK_SHARED(); error = spd_table_walk(rdomain, pfkeyv2_sysctl_policydumper, &w); - NET_UNLOCK(); + NET_UNLOCK_SHARED(); if (oldp) *oldlenp = w.w_where - oldp; else