From 9b2bb5af946738b048fac663558bf1eb4cd48cf2 Mon Sep 17 00:00:00 2001
From: ozaki-r <ozaki-r@NetBSD.org>
Date: Wed, 2 Aug 2017 03:45:57 +0000
Subject: [PATCH] Don't use KEY_NEWSP for dummy SP entries

By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.
---
 sys/netipsec/ipsec.c | 14 ++++++++------
 sys/netipsec/key.c   | 10 +++++-----
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c
index 3d6765518ba5..93d6b6998886 100644
--- a/sys/netipsec/ipsec.c
+++ b/sys/netipsec/ipsec.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec.c,v 1.113 2017/08/02 01:28:03 ozaki-r Exp $	*/
+/*	$NetBSD: ipsec.c,v 1.114 2017/08/02 03:45:57 ozaki-r Exp $	*/
 /*	$FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $	*/
 /*	$KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.113 2017/08/02 01:28:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.114 2017/08/02 03:45:57 ozaki-r Exp $");
 
 /*
  * IPsec controller part.
@@ -1253,7 +1253,8 @@ ipsec_init_policy(struct socket *so, struct inpcbpolicy **policy)
 	 * These SPs are dummy. Never be used because the policy
 	 * is ENTRUST. See ipsec_getpolicybysock.
 	 */
-	if ((new->sp_in = KEY_NEWSP()) == NULL) {
+	new->sp_in = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
+	if (new->sp_in == NULL) {
 		ipsec_delpcbpolicy(new);
 		return ENOBUFS;
 	}
@@ -1261,8 +1262,9 @@ ipsec_init_policy(struct socket *so, struct inpcbpolicy **policy)
 	new->sp_in->policy = IPSEC_POLICY_ENTRUST;
 	new->sp_in->created = 0; /* Indicates dummy */
 
-	if ((new->sp_out = KEY_NEWSP()) == NULL) {
-		KEY_SP_UNREF(&new->sp_in);
+	new->sp_out = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
+	if (new->sp_out == NULL) {
+		kmem_intr_free(new->sp_in, sizeof(struct secpolicy));
 		ipsec_delpcbpolicy(new);
 		return ENOBUFS;
 	}
@@ -1351,7 +1353,7 @@ ipsec_destroy_policy(struct secpolicy *sp)
 
 	if (sp->created == 0)
 		/* It's dummy. We can simply free it */
-		key_free_sp(sp);
+		kmem_intr_free(sp, sizeof(*sp));
 	else {
 		/*
 		 * We cannot destroy here because it can be called in
diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c
index 98a1c9db7881..9d7f5b2fc7b9 100644
--- a/sys/netipsec/key.c
+++ b/sys/netipsec/key.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.199 2017/08/02 02:12:42 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.200 2017/08/02 03:45:57 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.199 2017/08/02 02:12:42 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.200 2017/08/02 03:45:57 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -1376,11 +1376,11 @@ key_free_sp(struct secpolicy *sp)
 
 	while (isr != NULL) {
 		nextisr = isr->next;
-		kmem_intr_free(isr, sizeof(*isr));
+		kmem_free(isr, sizeof(*isr));
 		isr = nextisr;
 	}
 
-	kmem_intr_free(sp, sizeof(*sp));
+	kmem_free(sp, sizeof(*sp));
 }
 
 void
@@ -1516,7 +1516,7 @@ key_newsp(const char* where, int tag)
 {
 	struct secpolicy *newsp = NULL;
 
-	newsp = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP);
+	newsp = kmem_zalloc(sizeof(struct secpolicy), KM_SLEEP);
 
 	KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
 	    "DP from %s:%u return SP:%p\n", where, tag, newsp);