On SADB_UPDATE a target sav was updated directly, which was unsafe.
Instead allocate another sav, copy variables of the old sav to
the new one and replace the old one with the new one.
By doing so we can easily distinguish them from other utility functions.
And so we can easily know that they are all called from key_parse and
applied assumptions that the arguments are always non-NULL and they
are always called from userland, i.e., never called from interrupt
context (softint). As a result, we can omit some tedious assertions
in the functions.
Using atomic opeartions isn't optimal and should be optimized somehow
in the future though, the change allows a kernel with NET_MPSAFE to
run out a benchmark, which is useful to know performance improvement
and degradation by code changes.
Function names with cmp are expected to return the order of two comparees
like memcmp and strcmp. The functions in question just answer if matched
or not, so don't use cmp and use match instead.
Consistently return 1 on matched and 0 otherwise.
The stuffs are used only if sp->policy == IPSEC_POLICY_IPSEC
&& sp->req == NULL (see ipsec{4,6}_checkpolicy). However, in the
current implementation, sp->req never be NULL (except for the
moments of SP allocation and deallocation) if sp->policy is
IPSEC_POLICY_IPSEC.
It seems that the facility was partially implemented in the KAME
era and wasn't completed. Make it clear that the facility is
unused for now by #ifdef notyet. Eventually we should complete
the implementation or remove it entirely.
We shouldn't relpy on the band-aid and instead use a lock or
refcnt to maintain chains properly. Before removing them,
replace conditionals with KASSERTs and see what will happen.
key_setsaval NULL-clears member variables of sav at the beginning
of the function regardless of the states of the variables. When
key_setsaval is called by key_update, member variables sav->replay,
sav->key_* and sav->lft_* may have data allocated by malloc. In
that case they will leak. Free them before NULL-clear to avoid
memory leaks.
panic: kernel diagnostic assertion "!cpu_softintr_p()" failed: file "../../../../netipsec/ipsec.c", line 1277
cpu7: Begin traceback...
vpanic() at netbsd:vpanic+0x140
ch_voltag_convert_in() at netbsd:ch_voltag_convert_in
ipsec_init_policy() at netbsd:ipsec_init_policy+0x149
in_pcballoc() at netbsd:in_pcballoc+0x1c5
tcp_attach_wrapper() at netbsd:tcp_attach_wrapper+0x1e1
sonewconn() at netbsd:sonewconn+0x1ea
syn_cache_get() at netbsd:syn_cache_get+0x15f
tcp_input() at netbsd:tcp_input+0x1689
ipintr() at netbsd:ipintr+0xa88
softint_dispatch() at netbsd:softint_dispatch+0xd3
DDB lost frame for netbsd:Xsoftintr+0x4f, trying 0xfffffe811d337ff0
Xsoftintr() at netbsd:Xsoftintr+0x4f
Reported by msaitoh@
Some of non-sleepable allocations can be replaced with sleepable ones.
To make it clear that the replacements are possible, some assertions
are addded.
