Wed Aug 2 03:45:57 2017 UTC ()
Don't use KEY_NEWSP for dummy SP entries

By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.


(ozaki-r)
diff -r1.113 -r1.114 src/sys/netipsec/ipsec.c
diff -r1.199 -r1.200 src/sys/netipsec/key.c
cvs diff -r1.113 -r1.114 src/sys/netipsec/ipsec.c (expand / switch to unified diff)

--- src/sys/netipsec/ipsec.c 2017/08/02 01:28:03 1.113
+++ src/sys/netipsec/ipsec.c 2017/08/02 03:45:57 1.114
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: ipsec.c,v 1.113 2017/08/02 01:28:03 ozaki-r Exp $ */ 1/* $NetBSD: ipsec.c,v 1.114 2017/08/02 03:45:57 ozaki-r Exp $ */
2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ 2/* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ 3/* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.113 2017/08/02 01:28:03 ozaki-r Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.114 2017/08/02 03:45:57 ozaki-r Exp $");
36 36
37/* 37/*
38 * IPsec controller part. 38 * IPsec controller part.
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#endif 44#endif
45 45
46#include <sys/param.h> 46#include <sys/param.h>
47#include <sys/systm.h> 47#include <sys/systm.h>
48#include <sys/mbuf.h> 48#include <sys/mbuf.h>
@@ -1243,36 +1243,38 @@ ipsec_init_policy(struct socket *so, str @@ -1243,36 +1243,38 @@ ipsec_init_policy(struct socket *so, str
1243 IPSECLOG(LOG_DEBUG, "No more memory.\n"); 1243 IPSECLOG(LOG_DEBUG, "No more memory.\n");
1244 return ENOBUFS; 1244 return ENOBUFS;
1245 } 1245 }
1246 1246
1247 if (IPSEC_PRIVILEGED_SO(so)) 1247 if (IPSEC_PRIVILEGED_SO(so))
1248 new->priv = 1; 1248 new->priv = 1;
1249 else 1249 else
1250 new->priv = 0; 1250 new->priv = 0;
1251 1251
1252 /* 1252 /*
1253 * These SPs are dummy. Never be used because the policy 1253 * These SPs are dummy. Never be used because the policy
1254 * is ENTRUST. See ipsec_getpolicybysock. 1254 * is ENTRUST. See ipsec_getpolicybysock.
1255 */ 1255 */
1256 if ((new->sp_in = KEY_NEWSP()) == NULL) { 1256 new->sp_in = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
 1257 if (new->sp_in == NULL) {
1257 ipsec_delpcbpolicy(new); 1258 ipsec_delpcbpolicy(new);
1258 return ENOBUFS; 1259 return ENOBUFS;
1259 } 1260 }
1260 new->sp_in->state = IPSEC_SPSTATE_ALIVE; 1261 new->sp_in->state = IPSEC_SPSTATE_ALIVE;
1261 new->sp_in->policy = IPSEC_POLICY_ENTRUST; 1262 new->sp_in->policy = IPSEC_POLICY_ENTRUST;
1262 new->sp_in->created = 0; /* Indicates dummy */ 1263 new->sp_in->created = 0; /* Indicates dummy */
1263 1264
1264 if ((new->sp_out = KEY_NEWSP()) == NULL) { 1265 new->sp_out = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
1265 KEY_SP_UNREF(&new->sp_in); 1266 if (new->sp_out == NULL) {
 1267 kmem_intr_free(new->sp_in, sizeof(struct secpolicy));
1266 ipsec_delpcbpolicy(new); 1268 ipsec_delpcbpolicy(new);
1267 return ENOBUFS; 1269 return ENOBUFS;
1268 } 1270 }
1269 new->sp_out->state = IPSEC_SPSTATE_ALIVE; 1271 new->sp_out->state = IPSEC_SPSTATE_ALIVE;
1270 new->sp_out->policy = IPSEC_POLICY_ENTRUST; 1272 new->sp_out->policy = IPSEC_POLICY_ENTRUST;
1271 new->sp_out->created = 0; /* Indicates dummy */ 1273 new->sp_out->created = 0; /* Indicates dummy */
1272 1274
1273 *policy = new; 1275 *policy = new;
1274 1276
1275 return 0; 1277 return 0;
1276} 1278}
1277 1279
1278/* copy old ipsec policy into new */ 1280/* copy old ipsec policy into new */
@@ -1341,27 +1343,27 @@ ipsec_deepcopy_policy(const struct secpo @@ -1341,27 +1343,27 @@ ipsec_deepcopy_policy(const struct secpo
1341 dst->state = src->state; 1343 dst->state = src->state;
1342 dst->policy = src->policy; 1344 dst->policy = src->policy;
1343 /* do not touch the refcnt fields */ 1345 /* do not touch the refcnt fields */
1344 1346
1345 return dst; 1347 return dst;
1346} 1348}
1347 1349
1348static void 1350static void
1349ipsec_destroy_policy(struct secpolicy *sp) 1351ipsec_destroy_policy(struct secpolicy *sp)
1350{ 1352{
1351 1353
1352 if (sp->created == 0) 1354 if (sp->created == 0)
1353 /* It's dummy. We can simply free it */ 1355 /* It's dummy. We can simply free it */
1354 key_free_sp(sp); 1356 kmem_intr_free(sp, sizeof(*sp));
1355 else { 1357 else {
1356 /* 1358 /*
1357 * We cannot destroy here because it can be called in 1359 * We cannot destroy here because it can be called in
1358 * softint. So mark the SP as DEAD and let the timer 1360 * softint. So mark the SP as DEAD and let the timer
1359 * destroy it. See key_timehandler_spd. 1361 * destroy it. See key_timehandler_spd.
1360 */ 1362 */
1361 sp->state = IPSEC_SPSTATE_DEAD; 1363 sp->state = IPSEC_SPSTATE_DEAD;
1362 } 1364 }
1363} 1365}
1364 1366
1365/* set policy and ipsec request if present. */ 1367/* set policy and ipsec request if present. */
1366static int 1368static int
1367ipsec_set_policy( 1369ipsec_set_policy(
cvs diff -r1.199 -r1.200 src/sys/netipsec/key.c (expand / switch to unified diff)

--- src/sys/netipsec/key.c 2017/08/02 02:12:42 1.199
+++ src/sys/netipsec/key.c 2017/08/02 03:45:57 1.200
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1/* $NetBSD: key.c,v 1.199 2017/08/02 02:12:42 ozaki-r Exp $ */ 1/* $NetBSD: key.c,v 1.200 2017/08/02 03:45:57 ozaki-r Exp $ */
2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ 2/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ 3/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
4 4
5/* 5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved. 7 * All rights reserved.
8 * 8 *
9 * Redistribution and use in source and binary forms, with or without 9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions 10 * modification, are permitted provided that the following conditions
11 * are met: 11 * are met:
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright 14 * 2. Redistributions in binary form must reproduce the above copyright
@@ -22,27 +22,27 @@ @@ -22,27 +22,27 @@
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE. 31 * SUCH DAMAGE.
32 */ 32 */
33 33
34#include <sys/cdefs.h> 34#include <sys/cdefs.h>
35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.199 2017/08/02 02:12:42 ozaki-r Exp $"); 35__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.200 2017/08/02 03:45:57 ozaki-r Exp $");
36 36
37/* 37/*
38 * This code is referd to RFC 2367 38 * This code is referd to RFC 2367
39 */ 39 */
40 40
41#if defined(_KERNEL_OPT) 41#if defined(_KERNEL_OPT)
42#include "opt_inet.h" 42#include "opt_inet.h"
43#include "opt_ipsec.h" 43#include "opt_ipsec.h"
44#include "opt_gateway.h" 44#include "opt_gateway.h"
45#include "opt_net_mpsafe.h" 45#include "opt_net_mpsafe.h"
46#endif 46#endif
47 47
48#include <sys/types.h> 48#include <sys/types.h>
@@ -1366,31 +1366,31 @@ key_destroy_sp(struct secpolicy *sp) @@ -1366,31 +1366,31 @@ key_destroy_sp(struct secpolicy *sp)
1366 1366
1367 key_free_sp(sp); 1367 key_free_sp(sp);
1368 1368
1369 key_update_used(); 1369 key_update_used();
1370} 1370}
1371 1371
1372void 1372void
1373key_free_sp(struct secpolicy *sp) 1373key_free_sp(struct secpolicy *sp)
1374{ 1374{
1375 struct ipsecrequest *isr = sp->req, *nextisr; 1375 struct ipsecrequest *isr = sp->req, *nextisr;
1376 1376
1377 while (isr != NULL) { 1377 while (isr != NULL) {
1378 nextisr = isr->next; 1378 nextisr = isr->next;
1379 kmem_intr_free(isr, sizeof(*isr)); 1379 kmem_free(isr, sizeof(*isr));
1380 isr = nextisr; 1380 isr = nextisr;
1381 } 1381 }
1382 1382
1383 kmem_intr_free(sp, sizeof(*sp)); 1383 kmem_free(sp, sizeof(*sp));
1384} 1384}
1385 1385
1386void 1386void
1387key_socksplist_add(struct secpolicy *sp) 1387key_socksplist_add(struct secpolicy *sp)
1388{ 1388{
1389 1389
1390 mutex_enter(&key_sp_mtx); 1390 mutex_enter(&key_sp_mtx);
1391 PSLIST_WRITER_INSERT_HEAD(&key_socksplist, sp, pslist_entry); 1391 PSLIST_WRITER_INSERT_HEAD(&key_socksplist, sp, pslist_entry);
1392 mutex_exit(&key_sp_mtx); 1392 mutex_exit(&key_sp_mtx);
1393 1393
1394 key_update_used(); 1394 key_update_used();
1395} 1395}
1396 1396
@@ -1506,27 +1506,27 @@ key_lookupbyid_and_remove_sp(u_int32_t i @@ -1506,27 +1506,27 @@ key_lookupbyid_and_remove_sp(u_int32_t i
1506 } 1506 }
1507out: 1507out:
1508 if (sp != NULL) 1508 if (sp != NULL)
1509 key_unlink_sp(sp); 1509 key_unlink_sp(sp);
1510 mutex_exit(&key_sp_mtx); 1510 mutex_exit(&key_sp_mtx);
1511 return sp; 1511 return sp;
1512} 1512}
1513 1513
1514struct secpolicy * 1514struct secpolicy *
1515key_newsp(const char* where, int tag) 1515key_newsp(const char* where, int tag)
1516{ 1516{
1517 struct secpolicy *newsp = NULL; 1517 struct secpolicy *newsp = NULL;
1518 1518
1519 newsp = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP); 1519 newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP);
1520 1520
1521 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP, 1521 KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
1522 "DP from %s:%u return SP:%p\n", where, tag, newsp); 1522 "DP from %s:%u return SP:%p\n", where, tag, newsp);
1523 return newsp; 1523 return newsp;
1524} 1524}
1525 1525
1526/* 1526/*
1527 * create secpolicy structure from sadb_x_policy structure. 1527 * create secpolicy structure from sadb_x_policy structure.
1528 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set, 1528 * NOTE: `state', `secpolicyindex' in secpolicy structure are not set,
1529 * so must be set properly later. 1529 * so must be set properly later.
1530 */ 1530 */
1531struct secpolicy * 1531struct secpolicy *
1532key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error) 1532key_msg2sp(const struct sadb_x_policy *xpl0, size_t len, int *error)