HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS285289

address an issue where consumers, like IPsec, can reuse the same
rS285289
Actions

Description

address an issue where consumers, like IPsec, can reuse the same
session in multiple threads w/o locking.. There was a single fpu
context shared per session, if multiple threads were using the session,
and both migrated away, they could corrupt each other's fpu context...

This patch adds a per cpu context and a lock to protect it...

It also tries to better address unloading of the aesni module...
The pause will be removed once the OpenCrypto Framework provides a
better method for draining callers into _newsession...

I first discovered the fpu context sharing issue w/ a flood ping over
an IPsec tunnel between two bhyve machines... The patch in D3015
was used to verify that this fix does fix the issue...

Reviewed by: gnn, kib (both earlier versions)
Differential Revision: https://reviews.freebsd.org/D3016

Details

Provenance
jmgAuthored on
Reviewer
gnn
Differential Revision
D3016: Add proper locking to the fpu_ctx allocated by aesni..
Parents
rS285288: Address review.
Branches
Unknown
Tags
Unknown

Changes (2)

PathSize
head/
sys/
crypto/
aesni/

rS285289

View Options

head/sys/crypto/aesni/aesni.c

Loading...
View Options

head/sys/crypto/aesni/aesni.h

Loading...