kern/41659: missing splx(s) in ip_output in FAST_IPSEC code

[Wolfgang.Stukenbrock%nagler-company.com@localhost]

>Number:         41659
>Category:       kern
>Synopsis:       missing splx(s) in ip_output in FAST_IPSEC code
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 01 14:35:00 +0000 2009
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 5.0
>Organization:
Dr. Nagler & Company GmbH
        
>Environment:
        
        
System: NetBSD s012 4.0 NetBSD 4.0 (NSW-S012) #9: Fri Mar 13 12:31:52 CET 2009 
wgstuken@s012:/usr/src/sys/arch/amd64/compile/NSW-S012 amd64
Architecture: x86_64
Machine: amd64
>Description:
        In output processing for FAST_IPSEC the spl-level is raised to 
splsoftnet(), but not lowered in one case again.
>How-To-Repeat:
        not relevant
>Fix:
        just apply the following fix:

*** ip_output.c Sun Oct 12 13:15:54 2008
--- /tmp/ip_output.c-fixed      Wed Jul  1 16:28:46 2009
***************
*** 671,678 ****
        if (!ipsec_outdone(m)) {
                s = splsoftnet();
                if (inp != NULL &&
!                               IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, 
IPSEC_DIR_OUTBOUND))
                        goto spd_done;
                sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags,
                                &error, inp);
                /*
--- 671,680 ----
        if (!ipsec_outdone(m)) {
                s = splsoftnet();
                if (inp != NULL &&
!                               IPSEC_PCB_SKIP_IPSEC(inp->inp_sp, 
IPSEC_DIR_OUTBOUND)) {
!                       splx(s);
                        goto spd_done;
+               }
                sp = ipsec4_checkpolicy(m, IPSEC_DIR_OUTBOUND, flags,
                                &error, inp);
                /*
        

>Unformatted: