It does read-olny access to tetlock protected data, so the radix tree
will not be modified during spd_table_walk() run.
The second spd_table_walk() call in PF_KEY layer can't be performed with
shared netlock, because pfkeyv2_policy_flush() modifies tree and the
following tdb_walk() requires exclusive netlock.
ok?
Index: sys/net/pfkeyv2.c
===================================================================
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.255
diff -u -p -r1.255 pfkeyv2.c
--- sys/net/pfkeyv2.c 8 Jan 2023 10:26:36 -0000 1.255
+++ sys/net/pfkeyv2.c 21 Apr 2023 11:08:13 -0000
@@ -2711,10 +2711,10 @@ pfkeyv2_sysctl(int *name, u_int namelen,
break;
case NET_KEY_SPD_DUMP:
- NET_LOCK();
+ NET_LOCK_SHARED();
error = spd_table_walk(rdomain,
pfkeyv2_sysctl_policydumper, &w);
- NET_UNLOCK();
+ NET_UNLOCK_SHARED();
if (oldp)
*oldlenp = w.w_where - oldp;
else
