Tue May 16 07:25:57 2017 UTC ()
Fix diagnostic assertion failure in ipsec_init_policy

  panic: kernel diagnostic assertion "!cpu_softintr_p()" failed: file "../../../../netipsec/ipsec.c", line 1277
  cpu7: Begin traceback...
  vpanic() at netbsd:vpanic+0x140
  ch_voltag_convert_in() at netbsd:ch_voltag_convert_in
  ipsec_init_policy() at netbsd:ipsec_init_policy+0x149
  in_pcballoc() at netbsd:in_pcballoc+0x1c5
  tcp_attach_wrapper() at netbsd:tcp_attach_wrapper+0x1e1
  sonewconn() at netbsd:sonewconn+0x1ea
  syn_cache_get() at netbsd:syn_cache_get+0x15f
  tcp_input() at netbsd:tcp_input+0x1689
  ipintr() at netbsd:ipintr+0xa88
  softint_dispatch() at netbsd:softint_dispatch+0xd3
  DDB lost frame for netbsd:Xsoftintr+0x4f, trying 0xfffffe811d337ff0
  Xsoftintr() at netbsd:Xsoftintr+0x4f

Reported by msaitoh@


(ozaki-r)
diff -r1.90 -r1.91 src/sys/netipsec/ipsec.c
diff -r1.127 -r1.128 src/sys/netipsec/key.c
cvs diff -r1.90 -r1.91 src/sys/netipsec/ipsec.c (expand / switch to unified diff)

--- src/sys/netipsec/ipsec.c 2017/05/16 03:05:28 1.90
+++ src/sys/netipsec/ipsec.c 2017/05/16 07:25:57 1.91
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ipsec.c,v 1.90 2017/05/16 03:05:28 ozaki-r Exp $ */ 1/* $NetBSD: ipsec.c,v 1.91 2017/05/16 07:25:57 ozaki-r Exp $ */
2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ 2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ 3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.90 2017/05/16 03:05:28 ozaki-r Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.91 2017/05/16 07:25:57 ozaki-r Exp $");
36 36
37/* 37/*
38 * IPsec controller part. 38 * IPsec controller part.
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#endif 44#endif
45 45
46#include <sys/param.h> 46#include <sys/param.h>
47#include <sys/systm.h> 47#include <sys/systm.h>
48#include <sys/mbuf.h> 48#include <sys/mbuf.h>
@@ -1255,40 +1255,43 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s @@ -1255,40 +1255,43 @@ ipsec6_setspidx_ipaddr(struct mbuf *m, s
1255 sin6->sin6_addr.s6_addr16[1] = 0; 1255 sin6->sin6_addr.s6_addr16[1] = 0;
1256 sin6->sin6_scope_id = ntohs(ip6->ip6_dst.s6_addr16[1]); 1256 sin6->sin6_scope_id = ntohs(ip6->ip6_dst.s6_addr16[1]);
1257 } 1257 }
1258 spidx->prefd = sizeof(struct in6_addr) << 3; 1258 spidx->prefd = sizeof(struct in6_addr) << 3;
1259 1259
1260 return 0; 1260 return 0;
1261} 1261}
1262#endif 1262#endif
1263 1263
1264static void 1264static void
1265ipsec_delpcbpolicy(struct inpcbpolicy *p) 1265ipsec_delpcbpolicy(struct inpcbpolicy *p)
1266{ 1266{
1267 1267
1268 kmem_free(p, sizeof(*p)); 1268 kmem_intr_free(p, sizeof(*p));
1269} 1269}
1270 1270
1271/* initialize policy in PCB */ 1271/* initialize policy in PCB */
1272int 1272int
1273ipsec_init_policy(struct socket *so, struct inpcbpolicy **policy) 1273ipsec_init_policy(struct socket *so, struct inpcbpolicy **policy)
1274{ 1274{
1275 struct inpcbpolicy *new; 1275 struct inpcbpolicy *new;
1276 1276
1277 KASSERT(!cpu_softintr_p()); 
1278 KASSERT(so != NULL); 1277 KASSERT(so != NULL);
1279 KASSERT(policy != NULL); 1278 KASSERT(policy != NULL);
1280 1279
1281 new = kmem_zalloc(sizeof(*new), KM_SLEEP); 1280 new = kmem_intr_zalloc(sizeof(*new), KM_NOSLEEP);
 1281 if (new == NULL) {
 1282 ipseclog((LOG_DEBUG, "%s: No more memory.\n", __func__));
 1283 return ENOBUFS;
 1284 }
1282 1285
1283 if (IPSEC_PRIVILEGED_SO(so)) 1286 if (IPSEC_PRIVILEGED_SO(so))
1284 new->priv = 1; 1287 new->priv = 1;
1285 else 1288 else
1286 new->priv = 0; 1289 new->priv = 0;
1287 1290
1288 if ((new->sp_in = KEY_NEWSP()) == NULL) { 1291 if ((new->sp_in = KEY_NEWSP()) == NULL) {
1289 ipsec_delpcbpolicy(new); 1292 ipsec_delpcbpolicy(new);
1290 return ENOBUFS; 1293 return ENOBUFS;
1291 } 1294 }
1292 new->sp_in->state = IPSEC_SPSTATE_ALIVE; 1295 new->sp_in->state = IPSEC_SPSTATE_ALIVE;
1293 new->sp_in->policy = IPSEC_POLICY_ENTRUST; 1296 new->sp_in->policy = IPSEC_POLICY_ENTRUST;
1294 1297
cvs diff -r1.127 -r1.128 src/sys/netipsec/key.c (expand / switch to unified diff)

--- src/sys/netipsec/key.c 2017/05/16 03:05:28 1.127
+++ src/sys/netipsec/key.c 2017/05/16 07:25:57 1.128
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: key.c,v 1.127 2017/05/16 03:05:28 ozaki-r Exp $ */ 1/* $NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $ */
2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.127 2017/05/16 03:05:28 ozaki-r Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.128 2017/05/16 07:25:57 ozaki-r Exp $");
36 36
37/* 37/*
38 * This code is referd to RFC 2367 38 * This code is referd to RFC 2367
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#include "opt_gateway.h" 44#include "opt_gateway.h"
45#endif 45#endif
46 46
47#include <sys/types.h> 47#include <sys/types.h>
48#include <sys/param.h> 48#include <sys/param.h>
@@ -1449,28 +1449,29 @@ key_getspbyid(u_int32_t id) @@ -1449,28 +1449,29 @@ key_getspbyid(u_int32_t id)
1449 SP_ADDREF(sp); 1449 SP_ADDREF(sp);
1450 return sp; 1450 return sp;
1451 } 1451 }
1452 } 1452 }
1453 1453
1454 return NULL; 1454 return NULL;
1455} 1455}
1456 1456
1457struct secpolicy * 1457struct secpolicy *
1458key_newsp(const char* where, int tag) 1458key_newsp(const char* where, int tag)
1459{ 1459{
1460 struct secpolicy *newsp = NULL; 1460 struct secpolicy *newsp = NULL;
1461 1461
1462 newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP); 1462 newsp = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
1463 newsp->refcnt = 1; 1463 if (newsp != NULL)
 1464 newsp->refcnt = 1;
1464 1465
1465 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1466 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1466 "DP from %s:%u return SP:%p\n", where, tag, newsp); 1467 "DP from %s:%u return SP:%p\n", where, tag, newsp);
1467 return newsp; 1468 return newsp;
1468} 1469}
1469 1470
1470/* 1471/*
1471 * create secpolicy structure from sadb_x_policy structure. 1472 * create secpolicy structure from sadb_x_policy structure.
1472 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1473 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1473 * so must be set properly later. 1474 * so must be set properly later.
1474 */ 1475 */
1475struct secpolicy * 1476struct secpolicy *
1476key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) 1477key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error)