Subject: Re: Racoon (or UVM?) problem with -current
To: Bill Studenmund <email@example.com>
From: None <firstname.lastname@example.org>
Date: 02/14/2002 07:38:43
>> On Tue, Feb 12, 2002 at 10:20:08AM -0800, Bill Studenmund wrote:
>> > Another solution is, do the freers check to see if the value is NULL
>> > before freeing? If so, have the pointer set to NULL after it is freed.
>> > Then it gets freed only once.
>> Looking over the code, I kinda doubt that key_freesp() is being called
>> twice on the same entry outside of the cache. I'm pretty sure that it's
>> the cache that's doing it. Also, the pointers to the entry appear to be
>> copied all over, not just in the cache code. I don't know that it would
>> be possible to set all of the pointer to NULL, let alone know where they
>> all are.
>Then we might need to start doing refcounting.
we do reference-count struct inpcbpolicy. also, I couldn't find the
problem described in earlier email (pcbsp->cache[x] freed twice).
key_freesp() is called in ipsec_invalpcbcache(), however, after calling
key_freesp() pcbsp->cache[x] is set to NULL.