NetBSD Problem Report #41659

From root@nagler-company.com  Wed Jul  1 14:33:59 2009
Return-Path: <root@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 92DD363B883
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  1 Jul 2009 14:33:59 +0000 (UTC)
Message-Id: <20090701143355.74CD84EA9FE@s012.nagler-company.com>
Date: Wed,  1 Jul 2009 16:33:55 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: missing splx(s) in ip_output in FAST_IPSEC code
X-Send-Pr-Version: 3.95

>Number:         41659
>Category:       kern
>Synopsis:       missing splx(s) in ip_output in FAST_IPSEC code
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 01 14:35:00 +0000 2009
>Closed-Date:    Thu Jul 09 19:55:01 +0000 2009
>Last-Modified:  Thu Jul 09 19:55:01 +0000 2009
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 5.0
>Organization:
Dr. Nagler & Company GmbH

>Environment:


System: NetBSD s012 4.0 NetBSD 4.0 (NSW-S012) #9: Fri Mar 13 12:31:52 CET 2009 wgstuken@s012:/usr/src/sys/arch/amd64/compile/NSW-S012 amd64
Architecture: x86_64
Machine: amd64
>Description:
	In output processing for FAST_IPSEC the spl-level is raised to splsoftnet(), but not lowered in one case again.
>How-To-Repeat:
	not relevant
>Fix:
	just apply the following fix:

*** ip_output.c	Sun Oct 12 13:15:54 2008
--- /tmp/ip_output.c-fixed	Wed Jul  1 16:28:46 2009
***************
*** 671,678 ****
  	if (!ipsec_outdone(m)) {
  		s = splsoftnet();
  		if (inp != NULL &&
! 				IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND))
  			goto spd_done;
  		sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags,
  				&error, inp);
  		/*
--- 671,680 ----
  	if (!ipsec_outdone(m)) {
  		s = splsoftnet();
  		if (inp != NULL &&
! 				IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, IPSEC_DIR_OUTBOUND)) {
! 			splx(s);
  			goto spd_done;
+ 		}
  		sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags,
  				&error, inp);
  		/*


>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->pending-pullups
State-Changed-By: martin@NetBSD.org
State-Changed-When: Wed, 01 Jul 2009 14:54:08 +0000
State-Changed-Why:
waiting on [pullup-5 #847]


From: Martin Husemann <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41659 CVS commit: src/sys/netinet
Date: Wed, 1 Jul 2009 14:47:55 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Wed Jul  1 14:47:55 UTC 2009

 Modified Files:
 	src/sys/netinet: ip_output.c

 Log Message:
 From Wolfgang Stukenbrock in PR kern/41659: add missing splx().


 To generate a diff of this commit:
 cvs rdiff -u -r1.202 -r1.203 src/sys/netinet/ip_output.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41659 CVS commit: [netbsd-5-0] src/sys/netinet
Date: Thu, 9 Jul 2009 19:35:56 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Thu Jul  9 19:35:56 UTC 2009

 Modified Files:
 	src/sys/netinet [netbsd-5-0]: ip_output.c

 Log Message:
 Pull up following revision(s) (requested by martin in ticket #847):
 	sys/netinet/ip_output.c: revision 1.203
 From Wolfgang Stukenbrock in PR kern/41659: add missing splx().


 To generate a diff of this commit:
 cvs rdiff -u -r1.200 -r1.200.10.1 src/sys/netinet/ip_output.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/41659 CVS commit: [netbsd-5] src/sys/netinet
Date: Thu, 9 Jul 2009 19:38:27 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Thu Jul  9 19:38:27 UTC 2009

 Modified Files:
 	src/sys/netinet [netbsd-5]: ip_output.c

 Log Message:
 Pull up following revision(s) (requested by martin in ticket #847):
 	sys/netinet/ip_output.c: revision 1.203
 From Wolfgang Stukenbrock in PR kern/41659: add missing splx().


 To generate a diff of this commit:
 cvs rdiff -u -r1.200 -r1.200.4.1 src/sys/netinet/ip_output.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Thu, 09 Jul 2009 19:55:01 +0000
State-Changed-Why:
All done - thanks for the report!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.