In sysctl_file() splnet() is no longer what we want. Arguably the
KERNEL_LOCK() should be enough, but since pf(4) is messing with these
tables, and nobody turned this part of pf(4) MP, let's require the
NET_LOCK().
ok?
Index: kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.321
diff -u -p -r1.321 kern_sysctl.c
--- kern/kern_sysctl.c 21 Jan 2017 05:42:03 -0000 1.321
+++ kern/kern_sysctl.c 6 Mar 2017 11:08:41 -0000
@@ -1284,7 +1284,7 @@ sysctl_file(int *name, u_int namelen, ch
struct inpcb *inp;
int s;
- s = splnet();
+ NET_LOCK(s);
TAILQ_FOREACH(inp, &tcbtable.inpt_queue, inp_queue)
FILLSO(inp->inp_socket);
TAILQ_FOREACH(inp, &udbtable.inpt_queue, inp_queue)
@@ -1296,7 +1296,7 @@ sysctl_file(int *name, u_int namelen, ch
inp_queue)
FILLSO(inp->inp_socket);
#endif
- splx(s);
+ NET_UNLOCK(s);
}
fp = LIST_FIRST(&filehead);
/* don't FREF when f_count == 0 to avoid race in fdrop() */
Index: net/pf.c
===================================================================
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.1015
diff -u -p -r1.1015 pf.c
--- net/pf.c 9 Feb 2017 15:19:32 -0000 1.1015
+++ net/pf.c 6 Mar 2017 11:08:18 -0000
@@ -3143,11 +3143,13 @@ pf_socket_lookup(struct pf_pdesc *pd)
case IPPROTO_TCP:
sport = pd->hdr.tcp.th_sport;
dport = pd->hdr.tcp.th_dport;
+ NET_ASSERT_LOCKED();
tb = &tcbtable;
break;
case IPPROTO_UDP:
sport = pd->hdr.udp.uh_sport;
dport = pd->hdr.udp.uh_dport;
+ NET_ASSERT_LOCKED();
tb = &udbtable;
break;
default:
