From nobody Wed Nov 03 19:51:45 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 6C69E1845C97; Wed, 3 Nov 2021 19:51:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hky8L1xj6z3DMh; Wed, 3 Nov 2021 19:51:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0A69B1E55E; Wed, 3 Nov 2021 19:51:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1A3JpjCs089775; Wed, 3 Nov 2021 19:51:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1A3JpjSC089774; Wed, 3 Nov 2021 19:51:45 GMT (envelope-from git) Date: Wed, 3 Nov 2021 19:51:45 GMT Message-Id: <202111031951.1A3JpjSC089774@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Guzik Subject: git: 10ea195fa269 - main - ipsec: add a lock encompassing SPI allocation List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 10ea195fa269888d362f548279f3d3fa252662d7 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=10ea195fa269888d362f548279f3d3fa252662d7 commit 10ea195fa269888d362f548279f3d3fa252662d7 Author: Mateusz Guzik AuthorDate: 2021-11-03 13:10:34 +0000 Commit: Mateusz Guzik CommitDate: 2021-11-03 19:51:40 +0000 ipsec: add a lock encompassing SPI allocation SPIs get allocated and inserted in separate steps. Prior to the change there was nothing preventing 2 differnet threads from ending up with the same one. PR: 258849 Reported by: Herbie.Robinson@stratus.com Reviewed by: ae Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D32826 --- sys/netipsec/key.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/sys/netipsec/key.c b/sys/netipsec/key.c index 48de29305b3c..9a810fa49931 100644 --- a/sys/netipsec/key.c +++ b/sys/netipsec/key.c @@ -216,6 +216,13 @@ VNET_DEFINE_STATIC(struct mtx *, spdcache_lock); #define SPDCACHE_LOCK(a) mtx_lock(&V_spdcache_lock[a]); #define SPDCACHE_UNLOCK(a) mtx_unlock(&V_spdcache_lock[a]); +static struct sx spi_alloc_lock; +#define SPI_ALLOC_LOCK_INIT() sx_init(&spi_alloc_lock, "spialloc") +#define SPI_ALLOC_LOCK_DESTROY() sx_destroy(&spi_alloc_lock) +#define SPI_ALLOC_LOCK() sx_xlock(&spi_alloc_lock) +#define SPI_ALLOC_UNLOCK() sx_unlock(&spi_alloc_lock) +#define SPI_ALLOC_LOCK_ASSERT() sx_assert(&spi_alloc_lock, SA_XLOCKED) + /* SAD */ TAILQ_HEAD(secashead_queue, secashead); LIST_HEAD(secashead_list, secashead); @@ -4902,6 +4909,7 @@ key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) KEY_SETSECASIDX(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx); /* SPI allocation */ + SPI_ALLOC_LOCK(); spi = key_do_getnewspi( (struct sadb_spirange *)mhp->ext[SADB_EXT_SPIRANGE], &saidx); if (spi == 0) { @@ -4909,10 +4917,12 @@ key_getspi(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) * Requested SPI or SPI range is not available or * already used. */ + SPI_ALLOC_UNLOCK(); error = EEXIST; goto fail; } sav = key_newsav(mhp, &saidx, spi, &error); + SPI_ALLOC_UNLOCK(); if (sav == NULL) goto fail; @@ -5021,6 +5031,8 @@ key_do_getnewspi(struct sadb_spirange *spirange, struct secasindex *saidx) uint32_t min, max, newspi, t; int tries, limit; + SPI_ALLOC_LOCK_ASSERT(); + /* set spi range to allocate */ if (spirange != NULL) { min = spirange->sadb_spirange_min; @@ -5629,9 +5641,11 @@ key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) * secasindex. * XXXAE: IPComp seems also doesn't use SPI. */ + SPI_ALLOC_LOCK(); if (proto == IPPROTO_TCP) { sav = key_getsav_tcpmd5(&saidx, &spi); if (sav == NULL && spi == 0) { + SPI_ALLOC_UNLOCK(); /* Failed to allocate SPI */ ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); @@ -5643,12 +5657,14 @@ key_add(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) sav = key_getsavbyspi(spi); } if (sav != NULL) { + SPI_ALLOC_UNLOCK(); key_freesav(&sav); ipseclog((LOG_DEBUG, "%s: SA already exists.\n", __func__)); return key_senderror(so, m, EEXIST); } sav = key_newsav(mhp, &saidx, spi, &error); + SPI_ALLOC_UNLOCK(); if (sav == NULL) return key_senderror(so, m, error); KEYDBG(KEY_STAMP, @@ -6023,10 +6039,12 @@ key_delete(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) return (key_senderror(so, m, EINVAL)); } sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA]; + SPI_ALLOC_LOCK(); if (proto == IPPROTO_TCP) sav = key_getsav_tcpmd5(&saidx, NULL); else sav = key_getsavbyspi(sa0->sadb_sa_spi); + SPI_ALLOC_UNLOCK(); if (sav == NULL) { ipseclog((LOG_DEBUG, "%s: no SA found for SPI %u.\n", __func__, ntohl(sa0->sadb_sa_spi))); @@ -6235,10 +6253,12 @@ key_get(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp) } KEY_SETSECASIDX(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1, &saidx); + SPI_ALLOC_LOCK(); if (proto == IPPROTO_TCP) sav = key_getsav_tcpmd5(&saidx, NULL); else sav = key_getsavbyspi(sa0->sadb_sa_spi); + SPI_ALLOC_UNLOCK(); if (sav == NULL) { ipseclog((LOG_DEBUG, "%s: no SA found.\n", __func__)); return key_senderror(so, m, ESRCH); @@ -8318,6 +8338,7 @@ key_init(void) SAHTREE_LOCK_INIT(); ACQ_LOCK_INIT(); SPACQ_LOCK_INIT(); + SPI_ALLOC_LOCK_INIT(); #ifndef IPSEC_DEBUG2 callout_init(&key_timer, 1); @@ -8442,6 +8463,7 @@ key_destroy(void) SAHTREE_LOCK_DESTROY(); ACQ_LOCK_DESTROY(); SPACQ_LOCK_DESTROY(); + SPI_ALLOC_LOCK_DESTROY(); } #endif