Remove net lock from DIOCGETTIMEOUT

'pfctl -s timeouts' values are only used inside of pf, entirely protected
by the pf lock through the ioctl interface;  the net lock is useless.

Previous attempts to remove net lock usage showed that the pf lock cannot
yet entirely replace it, so start with small pieces like this one.

Contrary to IPv4/6 read-only ioctls, some pf ioctls without FWRITE flag do
modify internal pf state, which is not entirely obvious when approached
from the ioctl layer.

OK sashan dlg

diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 8045a81..b427365 100644 (file)
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: pf_ioctl.c,v 1.398 2023/04/26 19:54:35 mvs Exp $ */
+/*     $OpenBSD: pf_ioctl.c,v 1.399 2023/04/27 12:10:30 kn Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -2047,11 +2047,9 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
                        error = EINVAL;
                        goto fail;
                }
-               NET_LOCK();
                PF_LOCK();
                pt->seconds = pf_default_rule.timeout[pt->timeout];
                PF_UNLOCK();
-               NET_UNLOCK();
                break;
        }