key_start_timehandler(void)
{
/* must be called while locked */
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
if (key_timehandler_running == 0) {
key_timehandler_running = 1;
(void)timeout((void *)key_timehandler, (void *)0, hz);
struct secpolicy *sp;
struct timeval tv;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (spidx == NULL)
panic("key_allocsp: NULL pointer is passed.\n");
if (interface == NULL)
return NULL;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sah, &sahtree, chain) {
+ if (sah->state == SADB_SASTATE_DEAD) {
+ continue;
+ }
if (sah->ipsec_if == interface &&
(family == AF_INET6 || family == AF_INET) &&
sah->dir == IPSEC_DIR_OUTBOUND) {
int error;
struct sockaddr_in *sin;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
*sav = NULL;
{
struct secasvar *sav, *nextsav, *candidate, *natt_candidate, *no_natt_candidate, *d;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* initialize */
candidate = NULL;
caddr_t dst,
u_int proto,
u_int32_t spi)
+{
+ return key_allocsa_extended(family, src, dst, proto, spi, NULL);
+}
+
+struct secasvar *
+key_allocsa_extended(u_int family,
+ caddr_t src,
+ caddr_t dst,
+ u_int proto,
+ u_int32_t spi,
+ ifnet_t interface)
{
struct secasvar *sav, *match;
u_int stateidx, state, tmpidx, matchidx;
const u_int *saorder_state_valid;
int arraysize;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (src == NULL || dst == NULL)
LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
if (sav->spi != spi)
continue;
+ if (interface != NULL &&
+ sav->sah->ipsec_if != interface) {
+ continue;
+ }
if (proto != sav->sah->saidx.proto)
continue;
if (family != sav->sah->saidx.src.ss_family ||
struct secasvar *currsav, *nextsav, *candidate;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* initilize */
candidate = NULL;
if (!locked)
lck_mtx_lock(sadb_mutex);
else
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sp->refcnt--;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP freesp cause refcnt--:%d SP:0x%llx\n",
if (!locked)
lck_mtx_lock(sadb_mutex);
else
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sav->refcnt--;
KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
printf("DP freesav cause refcnt--:%d SA:0x%llx SPI %u\n",
if (sp == NULL)
panic("key_delsp: NULL pointer is passed.\n");
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sp->state = IPSEC_SPSTATE_DEAD;
if (sp->refcnt > 0)
{
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (spidx == NULL)
{
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
lck_mtx_lock(sadb_mutex);
sp = __key_getspbyid(id);
{
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
LIST_FOREACH(sp, &sptree[IPSEC_DIR_INBOUND], chain) {
if (sp->state == IPSEC_SPSTATE_DEAD)
{
struct secpolicy *newsp = NULL;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
newsp = keydb_newsecpolicy();
if (!newsp)
return newsp;
{
struct secpolicy *newsp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (xpl0 == NULL)
xisr = (struct sadb_x_ipsecrequest *)(xpl0 + 1);
while (tlen > 0) {
+ if (tlen < sizeof(*xisr)) {
+ ipseclog((LOG_DEBUG, "key_msg2sp: "
+ "invalid ipsecrequest.\n"));
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
+ *error = EINVAL;
+ return NULL;
+ }
/* length check */
if (xisr->sadb_x_ipsecrequest_len < sizeof(*xisr)) {
/* set IP addresses if there */
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
struct sockaddr *paddr;
+
+ if (tlen < xisr->sadb_x_ipsecrequest_len) {
+ ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
+ "address length.\n"));
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
+ *error = EINVAL;
+ return NULL;
+ }
paddr = (struct sockaddr *)(xisr + 1);
+ uint8_t src_len = paddr->sa_len;
+
+ if (xisr->sadb_x_ipsecrequest_len < src_len) {
+ ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
+ "invalid source address length.\n"));
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
+ *error = EINVAL;
+ return NULL;
+ }
/* validity check */
if (paddr->sa_len
*error = EINVAL;
return NULL;
}
+
bcopy(paddr, &(*p_isr)->saidx.src,
- paddr->sa_len);
+ MIN(paddr->sa_len, sizeof((*p_isr)->saidx.src)));
- paddr = (struct sockaddr *)((caddr_t)paddr
- + paddr->sa_len);
+ paddr = (struct sockaddr *)((caddr_t)paddr + paddr->sa_len);
+ uint8_t dst_len = paddr->sa_len;
+
+ if (xisr->sadb_x_ipsecrequest_len < (src_len + dst_len)) {
+ ipseclog((LOG_DEBUG, "key_msg2sp: invalid request "
+ "invalid dest address length.\n"));
+ key_freesp(newsp, KEY_SADB_UNLOCKED);
+ *error = EINVAL;
+ return NULL;
+ }
/* validity check */
if (paddr->sa_len
*error = EINVAL;
return NULL;
}
+
bcopy(paddr, &(*p_isr)->saidx.dst,
- paddr->sa_len);
+ MIN(paddr->sa_len, sizeof((*p_isr)->saidx.dst)));
}
(*p_isr)->sp = newsp;
struct mbuf *m,
const struct sadb_msghdr *mhp)
{
- struct sadb_address *src0, *dst0, *src1, *dst1;
+ struct sadb_address *src0, *dst0, *src1 = NULL, *dst1 = NULL;
struct sadb_x_policy *xpl0, *xpl;
struct sadb_lifetime *lft = NULL;
struct secpolicyindex spidx;
int init_disabled = 0;
int address_family, address_len;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct mbuf *m,
const struct sadb_msghdr *mhp)
{
- struct sadb_address *src0, *dst0, *src1, *dst1;
+ struct sadb_address *src0, *dst0, *src1 = NULL, *dst1 = NULL;
struct sadb_x_policy *xpl0;
struct secpolicyindex spidx;
struct secpolicy *sp;
int use_src_range = 0;
int use_dst_range = 0;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
u_int32_t id;
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
u_int32_t id;
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
u_int32_t id;
struct secpolicy *sp;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secpolicy *sp;
struct mbuf *n;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secspacq *newspacq;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (sp == NULL)
int error = EINVAL;
struct sadb_lifetime *lt;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (sp == NULL)
u_int stateidx, state;
int zombie = 0;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sah == NULL)
struct secasvar *newsav;
const struct sadb_sa *xsa;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (m == NULL || mhp == NULL || mhp->msg == NULL || sah == NULL)
{
struct secasvar *newsav;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sah == NULL)
struct secasvar *sav)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sav == NULL)
{
struct secashead *sah;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
LIST_FOREACH(sah, &sahtree, chain) {
if (sah->state == SADB_SASTATE_DEAD)
{
struct secashead *sah;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sah = key_getsah(saidx);
if (!sah) {
struct secasvar *sav;
u_int stateidx, state;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* check address family */
if (saidx->src.ss_family != saidx->dst.ss_family) {
struct secasvar *sav,
u_int32_t spi)
{
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
sav->spi = spi;
if (sav->spihash.le_prev || sav->spihash.le_next)
LIST_REMOVE(sav, spihash);
struct secasvar *sav, *match;
u_int stateidx, state, matchidx;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
match = NULL;
matchidx = _ARRAYLEN(saorder_state_alive);
LIST_FOREACH(sav, &spihash[SPIHASH(spi)], spihash) {
int error = 0;
struct timeval tv;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (m == NULL || mhp == NULL || mhp->msg == NULL)
int error = 0;
struct timeval tv;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* initialization */
sav->replay = NULL;
mature = 0;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* check SPI value */
switch (sav->sah->saidx.proto) {
{
caddr_t new;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
KMALLOC_NOWAIT(new, caddr_t, len);
if (new == NULL) {
lck_mtx_unlock(sadb_mutex);
u_int32_t reqid;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
u_int32_t spi;
struct secasindex saidx;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* XXX boundary check against sa_len */
KEY_SETSECASIDX(proto, mode, reqid, src, dst, 0, &saidx);
u_int32_t keymin, keymax;
int count = key_spi_trycnt;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* set spi range to allocate */
if (spirange != NULL) {
u_int16_t flags2;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secasvar *sav = NULL;
u_int16_t proto;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secasvar *sav;
u_int state;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
state = SADB_SASTATE_LARVAL;
u_int32_t reqid;
int error;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
const struct sadb_ident *idsrc, *iddst;
int idsrclen, iddstlen;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
/* sanity check */
if (sah == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secasvar *sav = NULL;
u_int16_t proto;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
struct secasvar *sav, *nextsav;
u_int stateidx, state;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
struct secasvar *sav = NULL;
u_int16_t proto;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
int error = -1;
u_int32_t seq;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (saidx == NULL)
{
struct secacq *acq;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
LIST_FOREACH(acq, &acqtree, chain) {
if (key_cmpsaidx(saidx, &acq->saidx, CMP_EXACTLY))
{
struct secacq *acq;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
LIST_FOREACH(acq, &acqtree, chain) {
if (acq->seq == seq)
{
struct secspacq *acq;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
LIST_FOREACH(acq, &spacqtree, chain) {
if (key_cmpspidx_exactly(spidx, &acq->spidx))
int error = -1;
struct sadb_lifetime *lt;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (sav == NULL)
struct mbuf *n;
int error = 0;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (so == NULL || m == NULL || mhp == NULL || mhp->msg == NULL)
int target;
Boolean keyAligned = FALSE;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
/* sanity check */
if (m == NULL || so == NULL)
{
struct sadb_msg *msg;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
if (m->m_len < sizeof(struct sadb_msg))
panic("invalid mbuf passed to key_senderror");
{
struct sockaddr *sa;
enum { NONE, ADDR } checktype = NONE;
- int baselen;
+ int baselen = 0;
const int sal = offsetof(struct sockaddr, sa_len) + sizeof(sa->sa_len);
if (len != PFKEY_UNUNIT64(ext->sadb_ext_len))
lck_mtx_lock(sadb_mutex);
LIST_FOREACH(sah, &sahtree, chain) {
- ro = &sah->sa_route;
+ ro = (struct route *)&sah->sa_route;
if (ro->ro_rt && dst->sa_len == ro->ro_dst.sa_len
&& bcmp(dst, &ro->ro_dst, dst->sa_len) == 0) {
ROUTE_RELEASE(ro);
if (sav->state == state)
return;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_OWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_OWNED);
if (__LIST_CHAINED(sav))
LIST_REMOVE(sav, chain);
return key_senderror(so, m, EINVAL);
}
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
// exit early if there are no active SAs
if (ipsec_sav_count <= 0) {
if (ipsec_if == NULL)
return;
- lck_mtx_assert(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
+ LCK_MTX_ASSERT(sadb_mutex, LCK_MTX_ASSERT_NOTOWNED);
lck_mtx_lock(sadb_mutex);
projects / apple / xnu.git / blobdiff