svn commit: r276188 - head/sys/netipsec

Bjoern A. Zeeb bz at FreeBSD.org
Thu Dec 25 10:25:04 UTC 2014


> On 24 Dec 2014, at 18:34 , Andrey V. Elsukov <ae at FreeBSD.org> wrote:
> 
> Author: ae
> Date: Wed Dec 24 18:34:56 2014
> New Revision: 276188
> URL: https://svnweb.freebsd.org/changeset/base/276188
> 
> Log:
>  Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and
>  IPv6. Initialize it only once in def_policy_init(). Remove its
>  initialization from key_init() and make it static.
> 
>  Remove several fields from struct secpolicy:
>  * lock - it isn't so useful having mutex in the structure, but the only
>    thing we do with it is initialization and destroying.
>  * state - it has only two values - DEAD and ALIVE. Instead of take a lock
>    and change the state to DEAD, then take lock again in GC function and
>    delete policy from the chain - keep in the chain only ALIVE policies.
>  * scangen - it was used in GC function to protect from sending several
>    SADB_SPDEXPIRE messages for one SPD entry. Now we don't keep DEAD entries
>    in the chain and there is no need to have scangen variable.
> 
>  Use TAILQ to implement SPD entries chain. Use rmlock to protect access
>  to SPD entries chain. Protect all SP lookup with RLOCK, and use WLOCK
>  when we are inserting (or removing) SP entry in the chain.
> 
>  Instead of using pattern "LOCK(); refcnt++; UNLOCK();", use refcount(9)
>  API to implement refcounting in SPD. Merge code from key_delsp() and
>  _key_delsp() into _key_freesp(). And use KEY_FREESP() macro in all cases
>  when we want to release reference or just delete SP entry.
> 
>  Obtained from:	Yandex LLC
>  Sponsored by:	Yandex LLC
> 
> Modified:
>  head/sys/netipsec/ipsec.c
>  head/sys/netipsec/ipsec.h
>  head/sys/netipsec/key.c
>  head/sys/netipsec/key_debug.c

This broke VIMAGE kernel builds.

And I’ll repeat what I said before:  I appreciate all your work but at the same time I remain massively worried by major change commits to security subsystems without any Reviewed by: lines.  Please use appropriate ways to get extra pairs of eyes.

Happy holidays!

Bjoern

— 
Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life.  Many might have failed
 beneath the bitterness of their trial  had they not found a friend."



More information about the svn-src-all mailing list