Received: by mail.netbsd.org (Postfix, from userid 605) id D201E84EC2; Fri, 1 Dec 2017 09:21:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 42CB284D35 for ; Fri, 1 Dec 2017 09:21:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id ukg16djkXat7 for ; Fri, 1 Dec 2017 09:21:15 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id D73A884EB0 for ; Fri, 1 Dec 2017 09:21:15 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D0B42FB40; Fri, 1 Dec 2017 09:21:15 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Fri, 1 Dec 2017 09:21:15 +0000 From: "Martin Husemann" Subject: CVS commit: [netbsd-8] src/sys/netipsec To: source-changes@NetBSD.org X-Mailer: log_accum Message-Id: <20171201092115.D0B42FB40@cvs.NetBSD.org> Sender: source-changes-owner@NetBSD.org List-Id: source-changes.NetBSD.org Precedence: bulk Reply-To: source-changes-d@NetBSD.org Mail-Reply-To: "Martin Husemann" Mail-Followup-To: source-changes-d@NetBSD.org List-Unsubscribe: Module Name: src Committed By: martin Date: Fri Dec 1 09:21:15 UTC 2017 Modified Files: src/sys/netipsec [netbsd-8]: key.c Log Message: Pull up following revision(s) (requested by christos in ticket #415): sys/netipsec/key.c: revision 1.244 sys/netipsec/key.c: revision 1.245 Use KDASSERT for mutex_ownable Because mutex_ownable is not cheap. Fix a deadlock happening if !NET_MPSAFE If NET_MPSAFE isn't set, key_timehandler_work is executed with holding softnet_lock. This means that localcount_drain can be called with holding softnet_lock resulting in a deadlock that localcount_drain waits for packet processing to release a reference to SP/SA while network processing is prevented by softnet_lock. Fix the deadlock by not taking softnet_lock in key_timehandler_work. It's okay because IPsec is MP-safe even if !NET_MPSAFE. Note that the change also needs to enable pserialize_perform because the IPsec code can be run in parallel now. Reported by christos@ To generate a diff of this commit: cvs rdiff -u -r1.163.2.4 -r1.163.2.5 src/sys/netipsec/key.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.