On Thu, Nov 10, 2022 at 10:55:19AM +0000, Klemens Nanni wrote:
> so->so_state is already read without kernel lock inside soo_ioctl()
> which calls pru_control() aka in6_control() and in_control().
>
> This leaves individual ioctl cases to unlock/push into.
>
> Feedback? OK?
Now with the netinet6 bits included.
---
sys/netinet/in.c | 8 ++++----
sys/netinet6/in6.c | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 990aaf84c8a..c44de17d502 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -202,8 +202,6 @@ in_control(struct socket *so, u_long cmd, caddr_t data,
struct ifnet *ifp)
int privileged;
int error;
- KERNEL_LOCK();
-
privileged = 0;
if ((so->so_state & SS_PRIV) != 0)
privileged++;
@@ -212,16 +210,18 @@ in_control(struct socket *so, u_long cmd, caddr_t data,
struct ifnet *ifp)
#ifdef MROUTING
case SIOCGETVIFCNT:
case SIOCGETSGCNT:
+ KERNEL_LOCK();
error = mrt_ioctl(so, cmd, data);
+ KERNEL_UNLOCK();
break;
#endif /* MROUTING */
default:
+ KERNEL_LOCK();
error = in_ioctl(cmd, data, ifp, privileged);
+ KERNEL_UNLOCK();
break;
}
- KERNEL_UNLOCK();
-
return error;
}
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index a51ca2fa5a4..1d9c2c49162 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -199,8 +199,6 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
struct ifnet *ifp)
int privileged;
int error;
- KERNEL_LOCK();
-
privileged = 0;
if ((so->so_state & SS_PRIV) != 0)
privileged++;
@@ -209,16 +207,18 @@ in6_control(struct socket *so, u_long cmd, caddr_t data,
struct ifnet *ifp)
#ifdef MROUTING
case SIOCGETSGCNT_IN6:
case SIOCGETMIFCNT_IN6:
+ KERNEL_LOCK();
error = mrt6_ioctl(so, cmd, data);
+ KERNEL_UNLOCK();
break;
#endif /* MROUTING */
default:
+ KERNEL_LOCK();
error = in6_ioctl(cmd, data, ifp, privileged);
+ KERNEL_UNLOCK();
break;
}
- KERNEL_UNLOCK();
-
return error;
}
--
2.38.1
