Date: Tue, 27 Dec 2016 11:31:17 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310632 - projects/ipsec/sys/netipsec Message-ID: <201612271131.uBRBVH8p055875@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Tue Dec 27 11:31:17 2016 New Revision: 310632 URL: https://svnweb.freebsd.org/changeset/base/310632 Log: INPCB SP cache can hold cached pointer to default security policy. Bump SPDB generation id each time, when default security policy is initialized. This will prevent access to invalid cached pointers, when ipsec.ko module loaded/unloaded several times. Modified: projects/ipsec/sys/netipsec/ipsec.c projects/ipsec/sys/netipsec/key.c projects/ipsec/sys/netipsec/key.h Modified: projects/ipsec/sys/netipsec/ipsec.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec.c Tue Dec 27 10:26:58 2016 (r310631) +++ projects/ipsec/sys/netipsec/ipsec.c Tue Dec 27 11:31:17 2016 (r310632) @@ -1381,6 +1381,9 @@ def_policy_init(const void *unused __unu bzero(&V_def_policy, sizeof(struct secpolicy)); V_def_policy.policy = IPSEC_POLICY_NONE; V_def_policy.refcnt = 1; + + /* Force INPCB SP cache invalidation */ + key_bumpspgen(); } VNET_SYSINIT(def_policy_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_FIRST, def_policy_init, NULL); Modified: projects/ipsec/sys/netipsec/key.c ============================================================================== --- projects/ipsec/sys/netipsec/key.c Tue Dec 27 10:26:58 2016 (r310631) +++ projects/ipsec/sys/netipsec/key.c Tue Dec 27 11:31:17 2016 (r310632) @@ -747,6 +747,13 @@ key_getspgen(void) return (V_sp_genid); } +void +key_bumpspgen(void) +{ + + V_sp_genid++; +} + static int key_checksockaddrs(struct sockaddr *src, struct sockaddr *dst) { Modified: projects/ipsec/sys/netipsec/key.h ============================================================================== --- projects/ipsec/sys/netipsec/key.h Tue Dec 27 10:26:58 2016 (r310631) +++ projects/ipsec/sys/netipsec/key.h Tue Dec 27 11:31:17 2016 (r310632) @@ -53,6 +53,7 @@ void key_addref(struct secpolicy *); void key_freesp(struct secpolicy **); int key_spdacquire(struct secpolicy *); int key_havesp(u_int); +void key_bumpspgen(void); uint32_t key_getspgen(void); uint32_t key_newreqid(void);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612271131.uBRBVH8p055875>