Hi,
ip_deliver() has been called without kernel lock from ip_ours() and
ip6_ours() for a long time. It looks like these two callers in ip6
input were forgotten to be unlocked.
ok?
bluhm
Index: netinet6/ip6_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.237
diff -u -p -r1.237 ip6_input.c
--- netinet6/ip6_input.c 3 Jun 2021 04:47:54 -0000 1.237
+++ netinet6/ip6_input.c 24 Dec 2021 14:18:08 -0000
@@ -404,12 +404,9 @@ ip6_input_if(struct mbuf **mp, int *offp
}
if (ours) {
- if (af == AF_UNSPEC) {
- KERNEL_LOCK();
+ if (af == AF_UNSPEC)
nxt = ip_deliver(mp, offp, nxt,
AF_INET6);
- KERNEL_UNLOCK();
- }
goto out;
}
goto bad;
@@ -508,11 +505,8 @@ ip6_input_if(struct mbuf **mp, int *offp
goto out;
if (ours) {
- if (af == AF_UNSPEC) {
- KERNEL_LOCK();
+ if (af == AF_UNSPEC)
nxt = ip_deliver(mp, offp, nxt, AF_INET6);
- KERNEL_UNLOCK();
- }
goto out;
}
