From: mvs <mvs@openbsd.org>
Date: Thu, 8 Jul 2021 16:39:55 +0000 (+0000)
Subject: Initialize `ipsec_acquire_pool' pool (9) within pfkey_init() instead of
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8bd2aa041c896f441fcd14aaa4e7abb8e4552b7b;p=openbsd

Initialize `ipsec_acquire_pool' pool (9) within pfkey_init() instead of
doing that in runtime within ipsp_acquire_sa().

ok bluhm@
---

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 66ab56eb624..d81d9e0e525 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.216 2021/07/05 12:01:20 tobhe Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.217 2021/07/08 16:39:55 mvs Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -249,6 +249,8 @@ pfkey_init(void)
 	    IPL_SOFTNET, PR_WAITOK, "pkpcb", NULL);
 	pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy), 0,
 	    IPL_SOFTNET, 0, "ipsec policy", NULL);
+	pool_init(&ipsec_acquire_pool, sizeof(struct ipsec_acquire), 0,
+	    IPL_SOFTNET, 0, "ipsec acquire", NULL);
 }
 
 
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 3326ae8b385..2c68cb2d863 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.88 2021/07/05 12:01:20 tobhe Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.89 2021/07/08 16:39:55 mvs Exp $ */
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) January 1998
  *
@@ -449,6 +449,7 @@ extern const uint64_t sadb_exts_allowed_out[SADB_MAX+1];
 extern const uint64_t sadb_exts_required_out[SADB_MAX+1];
 
 extern struct pool ipsec_policy_pool;
+extern struct pool ipsec_acquire_pool;
 #endif /* _KERNEL */
 
 #endif /* _NET_PFKEY_V2_H_ */
diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c
index 844621dac7e..afd7586cb1e 100644
--- a/sys/netinet/ip_spd.c
+++ b/sys/netinet/ip_spd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ip_spd.c,v 1.103 2021/05/04 09:28:04 mvs Exp $ */
+/* $OpenBSD: ip_spd.c,v 1.104 2021/07/08 16:39:55 mvs Exp $ */
 /*
  * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
  *
@@ -52,7 +52,6 @@ struct pool ipsec_policy_pool;
 struct pool ipsec_acquire_pool;
 
 /* Protected by the NET_LOCK(). */
-int ipsec_acquire_pool_initialized = 0;
 struct radix_node_head **spd_tables;
 unsigned int spd_table_max;
 TAILQ_HEAD(ipsec_acquire_head, ipsec_acquire) ipsec_acquire_head =
@@ -719,12 +718,6 @@ ipsp_acquire_sa(struct ipsec_policy *ipo, union sockaddr_union *gw,
 		return 0;
 
 	/* Add request in cache and proceed. */
-	if (ipsec_acquire_pool_initialized == 0) {
-		ipsec_acquire_pool_initialized = 1;
-		pool_init(&ipsec_acquire_pool, sizeof(struct ipsec_acquire),
-		    0, IPL_SOFTNET, 0, "ipsec acquire", NULL);
-	}
-
 	ipa = pool_get(&ipsec_acquire_pool, PR_NOWAIT|PR_ZERO);
 	if (ipa == NULL)
 		return ENOMEM;