svn commit: r276188 - head/sys/netipsec
Bjoern A. Zeeb
bz at FreeBSD.org
Thu Dec 25 10:25:04 UTC 2014
> On 24 Dec 2014, at 18:34 , Andrey V. Elsukov <ae at FreeBSD.org> wrote:
>
> Author: ae
> Date: Wed Dec 24 18:34:56 2014
> New Revision: 276188
> URL: https://svnweb.freebsd.org/changeset/base/276188
>
> Log:
> Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and
> IPv6. Initialize it only once in def_policy_init(). Remove its
> initialization from key_init() and make it static.
>
> Remove several fields from struct secpolicy:
> * lock - it isn't so useful having mutex in the structure, but the only
> thing we do with it is initialization and destroying.
> * state - it has only two values - DEAD and ALIVE. Instead of take a lock
> and change the state to DEAD, then take lock again in GC function and
> delete policy from the chain - keep in the chain only ALIVE policies.
> * scangen - it was used in GC function to protect from sending several
> SADB_SPDEXPIRE messages for one SPD entry. Now we don't keep DEAD entries
> in the chain and there is no need to have scangen variable.
>
> Use TAILQ to implement SPD entries chain. Use rmlock to protect access
> to SPD entries chain. Protect all SP lookup with RLOCK, and use WLOCK
> when we are inserting (or removing) SP entry in the chain.
>
> Instead of using pattern "LOCK(); refcnt++; UNLOCK();", use refcount(9)
> API to implement refcounting in SPD. Merge code from key_delsp() and
> _key_delsp() into _key_freesp(). And use KEY_FREESP() macro in all cases
> when we want to release reference or just delete SP entry.
>
> Obtained from: Yandex LLC
> Sponsored by: Yandex LLC
>
> Modified:
> head/sys/netipsec/ipsec.c
> head/sys/netipsec/ipsec.h
> head/sys/netipsec/key.c
> head/sys/netipsec/key_debug.c
This broke VIMAGE kernel builds.
And I’ll repeat what I said before: I appreciate all your work but at the same time I remain massively worried by major change commits to security subsystems without any Reviewed by: lines. Please use appropriate ways to get extra pairs of eyes.
Happy holidays!
Bjoern
—
Bjoern A. Zeeb Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life. Many might have failed
beneath the bitterness of their trial had they not found a friend."
More information about the svn-src-all
mailing list