git: 91c35dd76508 - main - ipsec: extend vnet coverage in esp_input/output_cb
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 19 Feb 2022 13:11:16 UTC
The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=91c35dd765087622cb0f2a03874bef18bc39d850 commit 91c35dd765087622cb0f2a03874bef18bc39d850 Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2022-02-17 16:50:13 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2022-02-19 13:10:21 +0000 ipsec: extend vnet coverage in esp_input/output_cb key_delsav used to conditionally dereference vnet, leading to panics as it was getting unset too early. While the particular condition was removed, it makes sense to handle all operations of the sort with correct vnet set so change it. Reviewed by: ae Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D34313 --- sys/netipsec/xform_esp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 7d489b69e9c2..ee363a7c911a 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -657,7 +657,6 @@ esp_input_cb(struct cryptop *crp) CURVNET_RESTORE(); return error; bad: - CURVNET_RESTORE(); if (sav != NULL) key_freesav(&sav); if (m != NULL) @@ -668,6 +667,7 @@ bad: free(crp->crp_aad, M_ESP); crypto_freereq(crp); } + CURVNET_RESTORE(); return error; } /* @@ -1043,12 +1043,12 @@ esp_output_cb(struct cryptop *crp) CURVNET_RESTORE(); return (error); bad: - CURVNET_RESTORE(); free(xd, M_ESP); free(crp->crp_aad, M_ESP); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); + CURVNET_RESTORE(); return (error); }