On Wed, Jul 07, 2021 at 08:38:23PM +0300, Vitaliy Makkoveev wrote:
> The second panic occured because ipsp_acquire_sa() does
> `ipsec_acquire_pool' initialization in runtime so parallel execution
> breaks it. It's easy to fix.
>
> Could you try the diff below? It moves `ipsec_acquire_pool'
> initialization to pfkey_init() just after `ipsec_policy_pool'
> initialization. This should fix the second panic.
This makes sense anyway.
OK bluhm@
> Index: sys/net/pfkeyv2.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.216
> diff -u -p -r1.216 pfkeyv2.c
> --- sys/net/pfkeyv2.c 5 Jul 2021 12:01:20 -0000 1.216
> +++ sys/net/pfkeyv2.c 7 Jul 2021 17:35:32 -0000
> @@ -249,6 +249,8 @@ pfkey_init(void)
> IPL_SOFTNET, PR_WAITOK, "pkpcb", NULL);
> pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy), 0,
> IPL_SOFTNET, 0, "ipsec policy", NULL);
> + pool_init(&ipsec_acquire_pool, sizeof(struct ipsec_acquire), 0,
> + IPL_SOFTNET, 0, "ipsec acquire", NULL);
> }
>
>
> Index: sys/net/pfkeyv2.h
> ===================================================================
> RCS file: /cvs/src/sys/net/pfkeyv2.h,v
> retrieving revision 1.88
> diff -u -p -r1.88 pfkeyv2.h
> --- sys/net/pfkeyv2.h 5 Jul 2021 12:01:20 -0000 1.88
> +++ sys/net/pfkeyv2.h 7 Jul 2021 17:35:32 -0000
> @@ -449,6 +449,7 @@ extern const uint64_t sadb_exts_allowed_
> extern const uint64_t sadb_exts_required_out[SADB_MAX+1];
>
> extern struct pool ipsec_policy_pool;
> +extern struct pool ipsec_acquire_pool;
> #endif /* _KERNEL */
>
> #endif /* _NET_PFKEY_V2_H_ */
> Index: sys/netinet/ip_spd.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_spd.c,v
> retrieving revision 1.103
> diff -u -p -r1.103 ip_spd.c
> --- sys/netinet/ip_spd.c 4 May 2021 09:28:04 -0000 1.103
> +++ sys/netinet/ip_spd.c 7 Jul 2021 17:35:32 -0000
> @@ -52,7 +52,6 @@ struct pool ipsec_policy_pool;
> struct pool ipsec_acquire_pool;
>
> /* Protected by the NET_LOCK(). */
> -int ipsec_acquire_pool_initialized = 0;
> struct radix_node_head **spd_tables;
> unsigned int spd_table_max;
> TAILQ_HEAD(ipsec_acquire_head, ipsec_acquire) ipsec_acquire_head =
> @@ -719,12 +718,6 @@ ipsp_acquire_sa(struct ipsec_policy *ipo
> return 0;
>
> /* Add request in cache and proceed. */
> - if (ipsec_acquire_pool_initialized == 0) {
> - ipsec_acquire_pool_initialized = 1;
> - pool_init(&ipsec_acquire_pool, sizeof(struct ipsec_acquire),
> - 0, IPL_SOFTNET, 0, "ipsec acquire", NULL);
> - }
> -
> ipa = pool_get(&ipsec_acquire_pool, PR_NOWAIT|PR_ZERO);
> if (ipa == NULL)
> return ENOMEM;
