From c760f44bcb7483af53a4435aa248b0ddd2dd9f43 Mon Sep 17 00:00:00 2001 From: bluhm Date: Wed, 27 Oct 2021 16:58:44 +0000 Subject: [PATCH] The crypto layer needs the kernel lock. ah_zeroize() takes it when called from tdb_walk(). tdb_walk() needs mutex tdb_sadb_mtx to protect the loop traversal. First take the kernel lock in tdb_walk() to preserve lock order. found by witness OK tobhe@ mvs@ --- sys/netinet/ip_ipsp.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index 25801a57df1..05b3987ee39 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.248 2021/10/25 18:25:01 bluhm Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.249 2021/10/27 16:58:44 bluhm Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -540,6 +540,11 @@ tdb_walk(u_int rdomain, int (*walker)(struct tdb *, void *, int), void *arg) int i, rval = 0; struct tdb *tdbp, *next; + /* + * The walker may aquire the kernel lock. Grab it here to keep + * the lock order. + */ + KERNEL_LOCK(); mtx_enter(&tdb_sadb_mtx); for (i = 0; i <= tdb_hashmask; i++) { for (tdbp = tdbh[i]; rval == 0 && tdbp != NULL; tdbp = next) { @@ -555,6 +560,7 @@ tdb_walk(u_int rdomain, int (*walker)(struct tdb *, void *, int), void *arg) } } mtx_leave(&tdb_sadb_mtx); + KERNEL_UNLOCK(); return rval; } -- 2.20.1