From owner-svn-src-head@FreeBSD.ORG  Tue Nov 17 16:00:42 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 092971065676;
	Tue, 17 Nov 2009 16:00:42 +0000 (UTC)
	(envelope-from vanhu@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id EBE848FC19;
	Tue, 17 Nov 2009 16:00:41 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id nAHG0fEW019710;
	Tue, 17 Nov 2009 16:00:41 GMT (envelope-from vanhu@svn.freebsd.org)
Received: (from vanhu@localhost)
	by svn.freebsd.org (8.14.3/8.14.3/Submit) id nAHG0f2e019707;
	Tue, 17 Nov 2009 16:00:41 GMT (envelope-from vanhu@svn.freebsd.org)
Message-Id: <200911171600.nAHG0f2e019707@svn.freebsd.org>
From: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
Date: Tue, 17 Nov 2009 16:00:41 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r199398 - head/sys/netipsec
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2009 16:00:42 -0000

Author: vanhu
Date: Tue Nov 17 16:00:41 2009
New Revision: 199398
URL: http://svn.freebsd.org/changeset/base/199398

Log:
  fixed two race conditions when inserting/removing SAs via PFKey,
  which can both lead to a kernel panic when adding/removing quickly
  a lot of SAs.
  
  Obtained from:	NETASQ
  MFC after:	2w (MFC on 8 before 8.0 release ???)

Modified:
  head/sys/netipsec/key.c

Modified: head/sys/netipsec/key.c
==============================================================================
--- head/sys/netipsec/key.c	Tue Nov 17 15:59:26 2009	(r199397)
+++ head/sys/netipsec/key.c	Tue Nov 17 16:00:41 2009	(r199398)
@@ -2852,9 +2852,10 @@ key_newsav(m, mhp, sah, errp, where, tag
 	sa_initref(newsav);
 	newsav->state = SADB_SASTATE_LARVAL;
 
-	/* XXX locking??? */
+	SAHTREE_LOCK();
 	LIST_INSERT_TAIL(&sah->savtree[SADB_SASTATE_LARVAL], newsav,
 			secasvar, chain);
+	SAHTREE_UNLOCK();
 done:
 	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
 		printf("DP %s from %s:%u return SP:%p\n", __func__,
@@ -5698,8 +5699,8 @@ key_delete(so, m, mhp)
 	}
 
 	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-	SAHTREE_UNLOCK();
 	KEY_FREESAV(&sav);
+	SAHTREE_UNLOCK();
 
     {
 	struct mbuf *n;