Print this page
8381 Convert ipsec_alg_lock from mutex to rwlock
@@ -296,16 +296,16 @@
netstack_rele(ns);
return (-1);
}
ekp = (esp_kstats_t *)kp->ks_data;
- mutex_enter(&ipss->ipsec_alg_lock);
+ rw_enter(&ipss->ipsec_alg_lock, RW_READER);
ekp->esp_stat_num_aalgs.value.ui64 =
ipss->ipsec_nalgs[IPSEC_ALG_AUTH];
ekp->esp_stat_num_ealgs.value.ui64 =
ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
netstack_rele(ns);
return (0);
}
@@ -1193,11 +1193,11 @@
ipsec_action_t *ap;
ipsec_prot_t *prot;
ipsecesp_stack_t *espstack = ns->netstack_ipsecesp;
ipsec_stack_t *ipss = ns->netstack_ipsec;
- ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
+ ASSERT(RW_READ_HELD(&ipss->ipsec_alg_lock));
prop->sadb_prop_exttype = SADB_EXT_PROPOSAL;
prop->sadb_prop_len = SADB_8TO64(sizeof (sadb_prop_t));
*(uint32_t *)(&prop->sadb_prop_replay) = 0; /* Quick zero-out! */
@@ -1323,11 +1323,11 @@
if (pfkeymp == NULL) {
esp0dbg(("sadb_setup_acquire failed.\n"));
mutex_exit(&acqrec->ipsacq_lock);
return;
}
- ASSERT(MUTEX_HELD(&ipss->ipsec_alg_lock));
+ ASSERT(RW_READ_HELD(&ipss->ipsec_alg_lock));
combs = ipss->ipsec_nalgs[IPSEC_ALG_AUTH] *
ipss->ipsec_nalgs[IPSEC_ALG_ENCR];
msgmp = pfkeymp->b_cont;
samsg = (sadb_msg_t *)(msgmp->b_rptr);
@@ -1336,11 +1336,11 @@
prop = (sadb_prop_t *)(((uint64_t *)samsg) + samsg->sadb_msg_len);
esp_insert_prop(prop, acqrec, combs, ns);
samsg->sadb_msg_len += prop->sadb_prop_len;
msgmp->b_wptr += SADB_64TO8(samsg->sadb_msg_len);
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
/*
* Must mutex_exit() before sending PF_KEY message up, in
* order to avoid recursive mutex_enter() if there are no registered
* listeners.
@@ -3041,11 +3041,11 @@
/*
* Allocate the PF_KEY message that follows KEYSOCK_OUT.
*/
- mutex_enter(&ipss->ipsec_alg_lock);
+ rw_enter(&ipss->ipsec_alg_lock, RW_READER);
/*
* Fill SADB_REGISTER message's algorithm descriptors. Hold
* down the lock while filling it.
*
* Return only valid algorithms, so the number of algorithms
@@ -3070,11 +3070,11 @@
allocsize += (num_ealgs * sizeof (*saalg));
allocsize += sizeof (*sasupp_encr);
}
keysock_out_mp->b_cont = allocb(allocsize, BPRI_HI);
if (keysock_out_mp->b_cont == NULL) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
freemsg(keysock_out_mp);
return (B_FALSE);
}
pfkey_msg_mp = keysock_out_mp->b_cont;
pfkey_msg_mp->b_wptr += allocsize;
@@ -3164,11 +3164,11 @@
}
current_aalgs = num_aalgs;
current_ealgs = num_ealgs;
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
if (sens_tsl != NULL) {
sens = (sadb_sens_t *)nextext;
sadb_sens_from_label(sens, SADB_EXT_SENSITIVITY,
sens_tsl, sens_len);
@@ -3689,11 +3689,11 @@
* XXX Policy : I'm not checking identities at this time,
* but if I did, I'd do them here, before I sent
* the weak key check up to the algorithm.
*/
- mutex_enter(&ipss->ipsec_alg_lock);
+ rw_enter(&ipss->ipsec_alg_lock, RW_READER);
/*
* First locate the authentication algorithm.
*/
#ifdef IPSEC_LATENCY_TEST
@@ -3704,11 +3704,11 @@
ipsec_alginfo_t *aalg;
aalg = ipss->ipsec_alglists[IPSEC_ALG_AUTH]
[assoc->sadb_sa_auth];
if (aalg == NULL || !ALG_VALID(aalg)) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
esp1dbg(espstack, ("Couldn't find auth alg #%d.\n",
assoc->sadb_sa_auth));
*diagnostic = SADB_X_DIAGNOSTIC_BAD_AALG;
return (EINVAL);
}
@@ -3719,20 +3719,20 @@
* this auth_alg is not defined with ALG_FLAG_VALID. If this
* ever changes, the same check for SADB_AALG_NONE and
* a auth_key != NULL should be made here ( see below).
*/
if (!ipsec_valid_key_size(akey->sadb_key_bits, aalg)) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
*diagnostic = SADB_X_DIAGNOSTIC_BAD_AKEYBITS;
return (EINVAL);
}
ASSERT(aalg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
/* check key and fix parity if needed */
if (ipsec_check_key(aalg->alg_mech_type, akey, B_TRUE,
diagnostic) != 0) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
return (EINVAL);
}
}
/*
@@ -3743,11 +3743,11 @@
ipsec_alginfo_t *ealg;
ealg = ipss->ipsec_alglists[IPSEC_ALG_ENCR]
[assoc->sadb_sa_encrypt];
if (ealg == NULL || !ALG_VALID(ealg)) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
esp1dbg(espstack, ("Couldn't find encr alg #%d.\n",
assoc->sadb_sa_encrypt));
*diagnostic = SADB_X_DIAGNOSTIC_BAD_EALG;
return (EINVAL);
}
@@ -3764,24 +3764,24 @@
keybits = ekey->sadb_key_bits;
keybits -= ekey->sadb_key_reserved;
keybits -= SADB_8TO1(ealg->alg_saltlen);
if ((assoc->sadb_sa_encrypt == SADB_EALG_NULL) ||
(!ipsec_valid_key_size(keybits, ealg))) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
*diagnostic = SADB_X_DIAGNOSTIC_BAD_EKEYBITS;
return (EINVAL);
}
ASSERT(ealg->alg_mech_type != CRYPTO_MECHANISM_INVALID);
/* check key */
if (ipsec_check_key(ealg->alg_mech_type, ekey, B_FALSE,
diagnostic) != 0) {
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
return (EINVAL);
}
}
- mutex_exit(&ipss->ipsec_alg_lock);
+ rw_exit(&ipss->ipsec_alg_lock);
return (esp_add_sa_finish(mp, (sadb_msg_t *)mp->b_cont->b_rptr, ksi,
diagnostic, espstack));
}