From: bluhm Date: Wed, 21 Jul 2021 11:11:41 +0000 (+0000) Subject: Propagate errors from crypto_invoke() and count them in IPsec. They X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0f717407742e1f961a919be29cbb9f276638c5b5;p=openbsd Propagate errors from crypto_invoke() and count them in IPsec. They should not happen, but always check error conditions. tq is never NULL, remove the check. tdb->tdb_odrops++ is not MP safe, but will be addressed separately in ipsec_output_cb(). OK mvs@ --- diff --git a/sys/crypto/crypto.c b/sys/crypto/crypto.c index e6bac747ee5..4f3f1f85509 100644 --- a/sys/crypto/crypto.c +++ b/sys/crypto/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.83 2021/06/30 12:21:02 bluhm Exp $ */ +/* $OpenBSD: crypto.c,v 1.84 2021/07/21 11:11:41 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -388,7 +388,7 @@ int crypto_dispatch(struct cryptop *crp) { struct taskq *tq = crypto_taskq; - int s; + int error = 0, s; u_int32_t hid; s = splvm(); @@ -399,14 +399,14 @@ crypto_dispatch(struct cryptop *crp) } splx(s); - if (tq && !(crp->crp_flags & CRYPTO_F_NOQUEUE)) { + if ((crp->crp_flags & CRYPTO_F_NOQUEUE) == 0) { task_set(&crp->crp_task, (void (*))crypto_invoke, crp); task_add(tq, &crp->crp_task); } else { - crypto_invoke(crp); + error = crypto_invoke(crp); } - return 0; + return error; } /* diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index a1f1616addd..9f39a532930 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.82 2021/07/08 15:13:14 bluhm Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.83 2021/07/21 11:11:41 bluhm Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -418,7 +418,12 @@ ipsec_output_cb(struct cryptop *crp) if (tdb->tdb_cryptoid != 0) tdb->tdb_cryptoid = crp->crp_sid; NET_UNLOCK(); - crypto_dispatch(crp); + error = crypto_dispatch(crp); + if (error) { + DPRINTF("crypto dispatch error %d", error); + ipsecstat_inc(ipsec_odrops); + tdb->tdb_odrops++; + } return; } DPRINTF("crypto error %d", crp->crp_etype);