On Thu, Nov 10, 2022 at 10:55:19AM +0000, Klemens Nanni wrote: > so->so_state is already read without kernel lock inside soo_ioctl() > which calls pru_control() aka in6_control() and in_control(). > > This leaves individual ioctl cases to unlock/push into. > > Feedback? OK?
Now with the netinet6 bits included. --- sys/netinet/in.c | 8 ++++---- sys/netinet6/in6.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 990aaf84c8a..c44de17d502 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -202,8 +202,6 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) int privileged; int error; - KERNEL_LOCK(); - privileged = 0; if ((so->so_state & SS_PRIV) != 0) privileged++; @@ -212,16 +210,18 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) #ifdef MROUTING case SIOCGETVIFCNT: case SIOCGETSGCNT: + KERNEL_LOCK(); error = mrt_ioctl(so, cmd, data); + KERNEL_UNLOCK(); break; #endif /* MROUTING */ default: + KERNEL_LOCK(); error = in_ioctl(cmd, data, ifp, privileged); + KERNEL_UNLOCK(); break; } - KERNEL_UNLOCK(); - return error; } diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index a51ca2fa5a4..1d9c2c49162 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -199,8 +199,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) int privileged; int error; - KERNEL_LOCK(); - privileged = 0; if ((so->so_state & SS_PRIV) != 0) privileged++; @@ -209,16 +207,18 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp) #ifdef MROUTING case SIOCGETSGCNT_IN6: case SIOCGETMIFCNT_IN6: + KERNEL_LOCK(); error = mrt6_ioctl(so, cmd, data); + KERNEL_UNLOCK(); break; #endif /* MROUTING */ default: + KERNEL_LOCK(); error = in6_ioctl(cmd, data, ifp, privileged); + KERNEL_UNLOCK(); break; } - KERNEL_UNLOCK(); - return error; } -- 2.38.1