> On 24 Dec 2014, at 18:34 , Andrey V. Elsukov <a...@freebsd.org> wrote: > > Author: ae > Date: Wed Dec 24 18:34:56 2014 > New Revision: 276188 > URL: https://svnweb.freebsd.org/changeset/base/276188 > > Log: > Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and > IPv6. Initialize it only once in def_policy_init(). Remove its > initialization from key_init() and make it static. > > Remove several fields from struct secpolicy: > * lock - it isn't so useful having mutex in the structure, but the only > thing we do with it is initialization and destroying. > * state - it has only two values - DEAD and ALIVE. Instead of take a lock > and change the state to DEAD, then take lock again in GC function and > delete policy from the chain - keep in the chain only ALIVE policies. > * scangen - it was used in GC function to protect from sending several > SADB_SPDEXPIRE messages for one SPD entry. Now we don't keep DEAD entries > in the chain and there is no need to have scangen variable. > > Use TAILQ to implement SPD entries chain. Use rmlock to protect access > to SPD entries chain. Protect all SP lookup with RLOCK, and use WLOCK > when we are inserting (or removing) SP entry in the chain. > > Instead of using pattern "LOCK(); refcnt++; UNLOCK();", use refcount(9) > API to implement refcounting in SPD. Merge code from key_delsp() and > _key_delsp() into _key_freesp(). And use KEY_FREESP() macro in all cases > when we want to release reference or just delete SP entry. > > Obtained from: Yandex LLC > Sponsored by: Yandex LLC > > Modified: > head/sys/netipsec/ipsec.c > head/sys/netipsec/ipsec.h > head/sys/netipsec/key.c > head/sys/netipsec/key_debug.c
This broke VIMAGE kernel builds. And I’ll repeat what I said before: I appreciate all your work but at the same time I remain massively worried by major change commits to security subsystems without any Reviewed by: lines. Please use appropriate ways to get extra pairs of eyes. Happy holidays! Bjoern — Bjoern A. Zeeb Charles Haddon Spurgeon: "Friendship is one of the sweetest joys of life. Many might have failed beneath the bitterness of their trial had they not found a friend." _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
