so->so_state is already read without kernel lock inside soo_ioctl() which calls pru_control() aka in6_control() and in_control().
This leaves individual ioctl cases to unlock/push into. Feedback? OK? --- sys/netinet/in.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 990aaf84c8a..c44de17d502 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -202,8 +202,6 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) int privileged; int error; - KERNEL_LOCK(); - privileged = 0; if ((so->so_state & SS_PRIV) != 0) privileged++; @@ -212,16 +210,18 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) #ifdef MROUTING case SIOCGETVIFCNT: case SIOCGETSGCNT: + KERNEL_LOCK(); error = mrt_ioctl(so, cmd, data); + KERNEL_UNLOCK(); break; #endif /* MROUTING */ default: + KERNEL_LOCK(); error = in_ioctl(cmd, data, ifp, privileged); + KERNEL_UNLOCK(); break; } - KERNEL_UNLOCK(); - return error; } -- 2.38.1