Print this page
Bayard's initial drop, needs finishing, or at least testing.
*** 18,27 ****
--- 18,28 ----
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
*/
#include <sys/param.h>
#include <sys/types.h>
#include <sys/stream.h>
*** 2266,2276 ****
struct spd_ext_actions *act;
struct spd_attribute *attr;
spdsock_t *ss = (spdsock_t *)q->q_ptr;
ipsec_stack_t *ipss = ss->spdsock_spds->spds_netstack->netstack_ipsec;
! mutex_enter(&ipss->ipsec_alg_lock);
/*
* The SPD client expects to receive separate entries for
* AH authentication and ESP authentication supported algorithms.
*
* Don't return the "any" algorithms, if defined, as no
--- 2267,2277 ----
struct spd_ext_actions *act;
struct spd_attribute *attr;
spdsock_t *ss = (spdsock_t *)q->q_ptr;
ipsec_stack_t *ipss = ss->spdsock_spds->spds_netstack->netstack_ipsec;
! rw_enter(&ipss->ipsec_alg_lock, RW_READER);
/*
* The SPD client expects to receive separate entries for
* AH authentication and ESP authentication supported algorithms.
*
* Don't return the "any" algorithms, if defined, as no
*** 2294,2304 ****
ASSERT(ALIGNED64(size));
m = allocb(size, BPRI_HI);
if (m == NULL) {
! mutex_exit(&ipss->ipsec_alg_lock);
spdsock_error(q, mp, ENOMEM, 0);
return;
}
m->b_wptr = m->b_rptr + size;
--- 2295,2305 ----
ASSERT(ALIGNED64(size));
m = allocb(size, BPRI_HI);
if (m == NULL) {
! rw_exit(&ipss->ipsec_alg_lock);
spdsock_error(q, mp, ENOMEM, 0);
return;
}
m->b_wptr = m->b_rptr + size;
*** 2365,2375 ****
EMITALGATTRS(SPDSOCK_ESP_ENCR);
}
}
}
! mutex_exit(&ipss->ipsec_alg_lock);
#undef EMITALGATTRS
#undef EMIT
#undef ATTRPERALG
--- 2366,2376 ----
EMITALGATTRS(SPDSOCK_ESP_ENCR);
}
}
}
! rw_exit(&ipss->ipsec_alg_lock);
#undef EMITALGATTRS
#undef EMIT
#undef ATTRPERALG
*** 2402,2412 ****
uint_t i;
uint_t alg_size;
spdsock_t *ss = (spdsock_t *)q->q_ptr;
ipsec_stack_t *ipss = ss->spdsock_spds->spds_netstack->netstack_ipsec;
! mutex_enter(&ipss->ipsec_alg_lock);
/*
* For each algorithm, we encode:
* ALG / MINBITS / MAXBITS / DEFBITS / INCRBITS / {END, NEXT}
*
--- 2403,2413 ----
uint_t i;
uint_t alg_size;
spdsock_t *ss = (spdsock_t *)q->q_ptr;
ipsec_stack_t *ipss = ss->spdsock_spds->spds_netstack->netstack_ipsec;
! rw_enter(&ipss->ipsec_alg_lock, RW_READER);
/*
* For each algorithm, we encode:
* ALG / MINBITS / MAXBITS / DEFBITS / INCRBITS / {END, NEXT}
*
*** 2435,2445 ****
ASSERT(ALIGNED64(size));
m = allocb(size, BPRI_HI);
if (m == NULL) {
! mutex_exit(&ipss->ipsec_alg_lock);
spdsock_error(q, mp, ENOMEM, 0);
return;
}
m->b_wptr = m->b_rptr + size;
--- 2436,2446 ----
ASSERT(ALIGNED64(size));
m = allocb(size, BPRI_HI);
if (m == NULL) {
! rw_exit(&ipss->ipsec_alg_lock);
spdsock_error(q, mp, ENOMEM, 0);
return;
}
m->b_wptr = m->b_rptr + size;
*** 2469,2479 ****
* If there aren't any algorithms registered, return an empty message.
* spdsock_get_ext() knows how to deal with this.
*/
if (act->spd_actions_count == 0) {
act->spd_actions_len = 0;
! mutex_exit(&ipss->ipsec_alg_lock);
goto error;
}
attr = (struct spd_attribute *)cur;
--- 2470,2480 ----
* If there aren't any algorithms registered, return an empty message.
* spdsock_get_ext() knows how to deal with this.
*/
if (act->spd_actions_count == 0) {
act->spd_actions_len = 0;
! rw_exit(&ipss->ipsec_alg_lock);
goto error;
}
attr = (struct spd_attribute *)cur;
*** 2521,2531 ****
EMIT(SPD_ATTR_NEXT, 0);
}
}
! mutex_exit(&ipss->ipsec_alg_lock);
#undef EMITALGATTRS
#undef EMIT
#undef ATTRPERALG
--- 2522,2532 ----
EMIT(SPD_ATTR_NEXT, 0);
}
}
! rw_exit(&ipss->ipsec_alg_lock);
#undef EMITALGATTRS
#undef EMIT
#undef ATTRPERALG
*** 3682,3692 ****
alg->alg_mech_type = mt;
alg->alg_flags |= algflags;
}
}
! mutex_enter(&ipss->ipsec_alg_lock);
/*
* For each algorithm currently defined, check if it is
* present in the new tables created from the SPD_UPDATEALGS
* message received from user-space.
--- 3683,3693 ----
alg->alg_mech_type = mt;
alg->alg_flags |= algflags;
}
}
! rw_enter(&ipss->ipsec_alg_lock, RW_WRITER);
/*
* For each algorithm currently defined, check if it is
* present in the new tables created from the SPD_UPDATEALGS
* message received from user-space.
*** 3738,3748 ****
for (algtype = 0; algtype < IPSEC_NALGTYPES; algtype++) {
ipss->ipsec_algs_exec_mode[algtype] =
spds->spds_algs_exec_mode[algtype];
}
! mutex_exit(&ipss->ipsec_alg_lock);
crypto_free_mech_list(mechs, mech_count);
ipsecah_algs_changed(ns);
ipsecesp_algs_changed(ns);
--- 3739,3749 ----
for (algtype = 0; algtype < IPSEC_NALGTYPES; algtype++) {
ipss->ipsec_algs_exec_mode[algtype] =
spds->spds_algs_exec_mode[algtype];
}
! rw_exit(&ipss->ipsec_alg_lock);
crypto_free_mech_list(mechs, mech_count);
ipsecah_algs_changed(ns);
ipsecesp_algs_changed(ns);