On Fri, Oct 30, 2009 at 11:06:09AM +0100, Steffen Klassert wrote: > > If we use tunnel mode, xfrm_input() calls netif_rx() which is certainly > wrong if we are in thread context, we need to call netif_rx_ni() instead. Since this is all happening through a crypto completion call, it needs to be done with BH off since that's a requirement for crypto completion functions. So netif_rx will work correctly as when BH is reenabled it'll pick up the packets. > Also xfrm_input() uses bare spinlocks to protect the xfrm_state, this is > not appropriate in this case. We probaply need to switch off the bottom > halves, if we allow to return from the cypto-layer in softirq and thread > context. This too should be fine with BH off. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
