sys/netipsec: ensure sah stability during input callback processing
Needs ReviewPublic
Actions

Authored by kib on Sat, Dec 20, 12:06 PM.

Details

Reviewers

Summary

Reported by:    ae
Tested by:      ae, Daniel Dubnikov <ddaniel@nvidia.com>
Reviewed by:    Ariel Ehrenberg <aehrenberg@nvidia.com>
Sponsored by:   NVidia networking

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

kib created this revision.Sat, Dec 20, 12:06 PM

Herald added subscribers: glebius, melifaro, imp. · View Herald TranscriptSat, Dec 20, 12:06 PM

I have to keep sah tree rlocked much deeper, right until the if_input is called finally, but drop it right before going up to stack. Otherwise, we might recurse on the sah tree lock, since input sometimes needs to send packet, which also enters the ipsec for output. Also, the same problem exists for all ESP/AH/IPCOMP processing callbacks.