Bug ID: 6762791 race condition found in ipsecah during ipsec-persock test

Bug ID	6762791
Synopsis	race condition found in ipsecah during ipsec-persock test
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	network:ipsec
Keywords
Responsible Engineer	Dan Mcdonald
Reported Against	snv_101
Duplicate Of
Introduced In	solaris_9
Commit to Fix	snv_104
Fixed In	snv_104
Release Fixed	solaris_nevada(snv_104) , solaris_10u7(s10u7_04) (Bug ID:2169914)
Related Bugs	6774365 , 6801336
Submit Date	23-October-2008
Last Update Date	4-December-2008
Description	While running the ipsec-persock test suites on our project bits, we met a panic with the following stack: panic[cpu2]/thread=ffffff0007d98c80: assertion failed: ipsa->ipsa_state == 0, file: ../../common/inet/ip/sadb.c, line: 6857 ffffff0007d98660 genunix:assfail+7e () ffffff0007d986b0 ipsecah:sadb_set_lpkt+a6 () ffffff0007d986f0 unix:stubs_common_code+51 () ffffff0007d98770 ip:ipsec_inbound_ah_sa+213 () ffffff0007d98870 ip:ip_proto_input+c57 () ffffff0007d98980 ip:ip_input+c18 () ffffff0007d98a50 dls:i_dls_link_rx+2d5 () ffffff0007d98ad0 mac:mac_do_rx+ba () ffffff0007d98b00 mac:mac_rx+1f () ffffff0007d98b30 nge:nge_receive+44 () ffffff0007d98b70 nge:nge_intr_handle+10a () ffffff0007d98bc0 nge:nge_chip_intr+dd () ffffff0007d98c20 unix:av_dispatch_autovect+8f () ffffff0007d98c60 unix:dispatch_hardint+33 () ffffff0007d62aa0 unix:switch_sp_and_call+13 () ffffff0007d62b00 unix:do_interrupt+e4 () ffffff0007d62b10 unix:cmnint+1ec () ffffff0007d62c00 unix:mach_cpu_idle+b () ffffff0007d62c40 unix:cpu_idle+e5 () ffffff0007d62c60 unix:idle+114 () ffffff0007d62c70 unix:thread_start+8 () Looking at the code, ipsec_inbound_ah_sa() always calls sadb_set_lpkt() after checking the ipsa_state, so it's possible there is a race condition in this code path.
Work Around	Disable the assertion in sadb_set_lpkt().
Comments	N/A

OpenSolaris