Subject: Re: Racoon (or UVM?) problem with -current
To: Bill Studenmund <>
From: None <>
List: current-users
Date: 02/14/2002 07:38:43
>> On Tue, Feb 12, 2002 at 10:20:08AM -0800, Bill Studenmund wrote:
>> >
>> > Another solution is, do the freers check to see if the value is NULL
>> > before freeing? If so, have the pointer set to NULL after it is freed.
>> > Then it gets freed only once.
>> Looking over the code, I kinda doubt that key_freesp() is being called
>> twice on the same entry outside of the cache.  I'm pretty sure that it's
>> the cache that's doing it.  Also, the pointers to the entry appear to be
>> copied all over, not just in the cache code.  I don't know that it would
>> be possible to set all of the pointer to NULL, let alone know where they
>> all are.
>Then we might need to start doing refcounting.

	we do reference-count struct inpcbpolicy.  also, I couldn't find the
	problem described in earlier email (pcbsp->cache[x] freed twice).
	key_freesp() is called in ipsec_invalpcbcache(), however, after calling
	key_freesp() pcbsp->cache[x] is set to NULL.