Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Dec 2016 11:31:17 +0000 (UTC)
From:      "Andrey V. Elsukov" <ae@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject:   svn commit: r310632 - projects/ipsec/sys/netipsec
Message-ID:  <201612271131.uBRBVH8p055875@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: ae
Date: Tue Dec 27 11:31:17 2016
New Revision: 310632
URL: https://svnweb.freebsd.org/changeset/base/310632

Log:
  INPCB SP cache can hold cached pointer to default security policy.
  Bump SPDB generation id each time, when default security policy is
  initialized. This will prevent access to invalid cached pointers,
  when ipsec.ko module loaded/unloaded several times.

Modified:
  projects/ipsec/sys/netipsec/ipsec.c
  projects/ipsec/sys/netipsec/key.c
  projects/ipsec/sys/netipsec/key.h

Modified: projects/ipsec/sys/netipsec/ipsec.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.c	Tue Dec 27 10:26:58 2016	(r310631)
+++ projects/ipsec/sys/netipsec/ipsec.c	Tue Dec 27 11:31:17 2016	(r310632)
@@ -1381,6 +1381,9 @@ def_policy_init(const void *unused __unu
 	bzero(&V_def_policy, sizeof(struct secpolicy));
 	V_def_policy.policy = IPSEC_POLICY_NONE;
 	V_def_policy.refcnt = 1;
+
+	/* Force INPCB SP cache invalidation */
+	key_bumpspgen();
 }
 VNET_SYSINIT(def_policy_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST,
     def_policy_init, NULL);

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================
--- projects/ipsec/sys/netipsec/key.c	Tue Dec 27 10:26:58 2016	(r310631)
+++ projects/ipsec/sys/netipsec/key.c	Tue Dec 27 11:31:17 2016	(r310632)
@@ -747,6 +747,13 @@ key_getspgen(void)
 	return (V_sp_genid);
 }
 
+void
+key_bumpspgen(void)
+{
+
+	V_sp_genid++;
+}
+
 static int
 key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst)
 {

Modified: projects/ipsec/sys/netipsec/key.h
==============================================================================
--- projects/ipsec/sys/netipsec/key.h	Tue Dec 27 10:26:58 2016	(r310631)
+++ projects/ipsec/sys/netipsec/key.h	Tue Dec 27 11:31:17 2016	(r310632)
@@ -53,6 +53,7 @@ void key_addref(struct secpolicy *);
 void key_freesp(struct secpolicy **);
 int key_spdacquire(struct secpolicy *);
 int key_havesp(u_int);
+void key_bumpspgen(void);
 uint32_t key_getspgen(void);
 uint32_t key_newreqid(void);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612271131.uBRBVH8p055875>