[src/trunk]: src/sys/netipsec Hold a reference to an SP during opencrypto pro...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/sys/netipsec Hold a reference to an SP during opencrypto pro...
From: ozaki-r <ozaki-r%NetBSD.org@localhost>
Date: Tue, 07 Apr 2020 08:29:26 +0000

details:   https://anonhg.NetBSD.org/src/rev/12f14968b11f
branches:  trunk
changeset: 825519:12f14968b11f
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Wed Jul 19 10:26:09 2017 +0000

description:
Hold a reference to an SP during opencrypto processing

An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.

We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.

In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.

diffstat:

 sys/netipsec/xform_ah.c     |  15 +++++++++++++--
 sys/netipsec/xform_esp.c    |  15 +++++++++++++--
 sys/netipsec/xform_ipcomp.c |  15 +++++++++++++--
 3 files changed, 39 insertions(+), 6 deletions(-)

diffs (168 lines):

diff -r a9c2b281674f -r 12f14968b11f sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c   Wed Jul 19 09:38:57 2017 +0000
+++ b/sys/netipsec/xform_ah.c   Wed Jul 19 10:26:09 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_ah.c,v 1.64 2017/07/19 09:38:57 ozaki-r Exp $    */
+/*     $NetBSD: xform_ah.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $    */
 /*     $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $   */
 /*     $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.64 2017/07/19 09:38:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -1144,6 +1144,7 @@
 
        /* These are passed as-is to the callback. */
        tc->tc_isr = isr;
+       KEY_SP_REF(isr->sp);
        tc->tc_spi = sav->spi;
        tc->tc_dst = sav->sah->saidx.dst;
        tc->tc_proto = sav->sah->saidx.proto;
@@ -1184,6 +1185,14 @@
 
        isr = tc->tc_isr;
        sav = tc->tc_sav;
+       if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
+               AH_STATINC(AH_STAT_NOTDB);
+               IPSECLOG(LOG_DEBUG,
+                   "SP is being destroyed while in crypto (id=%u)\n",
+                   isr->sp->id);
+               error = ENOENT;
+               goto bad;
+       }
        if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
                KEY_FREESAV(&sav);
                sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
@@ -1241,12 +1250,14 @@
        /* NB: m is reclaimed by ipsec_process_done. */
        err = ipsec_process_done(m, isr, sav);
        KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        return err;
 bad:
        if (sav)
                KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        if (m)
diff -r a9c2b281674f -r 12f14968b11f sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c  Wed Jul 19 09:38:57 2017 +0000
+++ b/sys/netipsec/xform_esp.c  Wed Jul 19 10:26:09 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_esp.c,v 1.64 2017/07/19 09:38:57 ozaki-r Exp $   */
+/*     $NetBSD: xform_esp.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $   */
 /*     $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $  */
 /*     $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.64 2017/07/19 09:38:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -895,6 +895,7 @@
 
        /* Callback parameters */
        tc->tc_isr = isr;
+       KEY_SP_REF(isr->sp);
        tc->tc_spi = sav->spi;
        tc->tc_dst = saidx->dst;
        tc->tc_proto = saidx->proto;
@@ -958,6 +959,14 @@
 
        isr = tc->tc_isr;
        sav = tc->tc_sav;
+       if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
+               ESP_STATINC(ESP_STAT_NOTDB);
+               IPSECLOG(LOG_DEBUG,
+                   "SP is being destroyed while in crypto (id=%u)\n",
+                   isr->sp->id);
+               error = ENOENT;
+               goto bad;
+       }
        if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
                KEY_FREESAV(&sav);
                sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
@@ -1020,12 +1029,14 @@
        /* NB: m is reclaimed by ipsec_process_done. */
        err = ipsec_process_done(m, isr, sav);
        KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        return err;
 bad:
        if (sav)
                KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        if (m)
diff -r a9c2b281674f -r 12f14968b11f sys/netipsec/xform_ipcomp.c
--- a/sys/netipsec/xform_ipcomp.c       Wed Jul 19 09:38:57 2017 +0000
+++ b/sys/netipsec/xform_ipcomp.c       Wed Jul 19 10:26:09 2017 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xform_ipcomp.c,v 1.45 2017/07/19 09:38:57 ozaki-r Exp $        */
+/*     $NetBSD: xform_ipcomp.c,v 1.46 2017/07/19 10:26:09 ozaki-r Exp $        */
 /*     $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $       */
 /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
 
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.45 2017/07/19 09:38:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.46 2017/07/19 10:26:09 ozaki-r Exp $");
 
 /* IP payload compression protocol (IPComp), see RFC 2393 */
 #if defined(_KERNEL_OPT)
@@ -480,6 +480,7 @@
        }
 
        tc->tc_isr = isr;
+       KEY_SP_REF(isr->sp);
        tc->tc_spi = sav->spi;
        tc->tc_dst = sav->sah->saidx.dst;
        tc->tc_proto = sav->sah->saidx.proto;
@@ -530,6 +531,14 @@
 
        isr = tc->tc_isr;
        sav = tc->tc_sav;
+       if (__predict_false(isr->sp->state == IPSEC_SPSTATE_DEAD)) {
+               IPCOMP_STATINC(IPCOMP_STAT_NOTDB);
+               IPSECLOG(LOG_DEBUG,
+                   "SP is being destroyed while in crypto (id=%u)\n",
+                   isr->sp->id);
+               error = ENOENT;
+               goto bad;
+       }
        if (__predict_false(!SADB_SASTATE_USABLE_P(sav))) {
                KEY_FREESAV(&sav);
                sav = KEY_LOOKUP_SA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0);
@@ -638,12 +647,14 @@
        /* NB: m is reclaimed by ipsec_process_done. */
        error = ipsec_process_done(m, isr, sav);
        KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        return error;
 bad:
        if (sav)
                KEY_FREESAV(&sav);
+       KEY_FREESP(&isr->sp);
        mutex_exit(softnet_lock);
        splx(s);
        if (m)

Prev by Date: [src/trunk]: src/external/gpl3/gcc/dist/gcc/config PR 51266, PR 52326: Fix GC...
Next by Date: [src/trunk]: src/usr.sbin/inetd Rework previous (and the text it modified) fo...
Previous by Thread: [src/trunk]: src/external/gpl3/gcc/dist/gcc/config PR 51266, PR 52326: Fix GC...
Next by Thread: [src/trunk]: src/usr.sbin/inetd Rework previous (and the text it modified) fo...
Indexes:

Home | Main Index | Thread Index | Old Index