ikev2: fix race condition in child_sa update

author Benoît Ganne <bganne@cisco.com>

Wed, 8 Jul 2020 15:51:23 +0000 (17:51 +0200)

committer Damjan Marion <dmarion@me.com>

Thu, 16 Jul 2020 13:21:55 +0000 (13:21 +0000)
author Benoît Ganne <bganne@cisco.com>
Wed, 8 Jul 2020 15:51:23 +0000 (17:51 +0200)
committer Damjan Marion <dmarion@me.com>
Thu, 16 Jul 2020 13:21:55 +0000 (13:21 +0000)
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c

index c11bd0f..173323b 100644 (file)
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -4120,6 +4120,7 @@ ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa,
           csa->time_to_expiration = 0;
           ikev2_delete_child_sa_internal (vm, sa, csa);
           res |= 1;
+         return res;
         }
      }
  
@@ -4161,8 +4162,10 @@ ikev2_mngr_process_child_sa (ikev2_sa_t * sa, ikev2_child_sa_t * csa,
  
        u32 *sas_in = NULL;
        vec_add1 (sas_in, csa->remote_sa_id);
+      vlib_worker_thread_barrier_sync (vm);
        ipsec_tun_protect_update (sw_if_index, NULL, csa->local_sa_id, sas_in);
        ipsec_sa_unlock_id (ikev2_flip_alternate_sa_bit (csa->remote_sa_id));
+      vlib_worker_thread_barrier_release (vm);
      }
  
    return res;
author	Benoît Ganne <bganne@cisco.com>
	Wed, 8 Jul 2020 15:51:23 +0000 (17:51 +0200)
committer	Damjan Marion <dmarion@me.com>
	Thu, 16 Jul 2020 13:21:55 +0000 (13:21 +0000)