[src/netbsd-8]: src/sys/netipsec Pull up following revision(s) (requested by ...

[martin <martin%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d8cef6e6b1fe
branches:  netbsd-8
changeset: 940508:d8cef6e6b1fe
user:      martin <martin%NetBSD.org@localhost>
date:      Thu Oct 08 17:50:11 2020 +0000

description:
Pull up following revision(s) (requested by knakahara in ticket #1612):

        sys/netipsec/xform_esp.c: revision 1.101

Make sequence number of esp header MP-safe for IPsec Tx side. reviewed by ozaki-r@n.o

In IPsec Tx side, one Security Association can be used by multiple CPUs.
On the other hand, in IPsec Rx side, one Security Association is used
by only one CPU.

XXX pullup-{8,9}

diffstat:

 sys/netipsec/xform_esp.c |  11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diffs (34 lines):

diff -r 105aef5c7637 -r d8cef6e6b1fe sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c  Thu Oct 08 16:55:22 2020 +0000
+++ b/sys/netipsec/xform_esp.c  Thu Oct 08 17:50:11 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_esp.c,v 1.55.2.3 2018/03/30 11:53:13 martin Exp $        */
+/*     $NetBSD: xform_esp.c,v 1.55.2.4 2020/10/08 17:50:11 martin Exp $        */
 /*     $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $  */
 /*     $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.55.2.3 2018/03/30 11:53:13 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.55.2.4 2020/10/08 17:50:11 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -804,11 +804,12 @@
 
 #ifdef IPSEC_DEBUG
                /* Emulate replay attack when ipsec_replay is TRUE. */
-               if (!ipsec_replay)
+               if (ipsec_replay)
+                       replay = htonl(sav->replay->count);
+               else
 #endif
-                       sav->replay->count++;
+                       replay = htonl(atomic_inc_32_nv(&sav->replay->count));
 
-               replay = htonl(sav->replay->count);
                memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), &replay,
                    sizeof(uint32_t));
        }