From ceecbd6ed952aba0f487b32c05dbfbeb763ce812 Mon Sep 17 00:00:00 2001
From: kn <kn@openbsd.org>
Date: Sat, 19 Nov 2022 14:26:39 +0000
Subject: [PATCH] Push kernel lock into pru_control() aka. in6_control() /
 in_control()

so->so_state is already read without kernel lock inside soo_ioctl()
which calls pru_control() aka in6_control() and in_control().

OK mvs
---
 sys/kern/sys_socket.c | 4 +---
 sys/netinet/in.c      | 6 +++++-
 sys/netinet6/in6.c    | 6 +++++-
 3 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c
index b07119b71cd..a74125459be 100644
--- a/sys/kern/sys_socket.c
+++ b/sys/kern/sys_socket.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sys_socket.c,v 1.55 2022/11/08 11:25:01 kn Exp $	*/
+/*	$OpenBSD: sys_socket.c,v 1.56 2022/11/19 14:26:39 kn Exp $	*/
 /*	$NetBSD: sys_socket.c,v 1.13 1995/08/12 23:59:09 mycroft Exp $	*/
 
 /*
@@ -134,9 +134,7 @@ soo_ioctl(struct file *fp, u_long cmd, caddr_t data, struct proc *p)
 		}
 		if (IOCGROUP(cmd) == 'r')
 			return (EOPNOTSUPP);
-		KERNEL_LOCK();
 		error = pru_control(so, cmd, data, NULL);
-		KERNEL_UNLOCK();
 		break;
 	}
 
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index cd8289d2e89..0a59d708dfb 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in.c,v 1.177 2022/09/08 10:22:06 kn Exp $	*/
+/*	$OpenBSD: in.c,v 1.178 2022/11/19 14:26:40 kn Exp $	*/
 /*	$NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $	*/
 
 /*
@@ -210,11 +210,15 @@ in_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
 #ifdef MROUTING
 	case SIOCGETVIFCNT:
 	case SIOCGETSGCNT:
+		KERNEL_LOCK();
 		error = mrt_ioctl(so, cmd, data);
+		KERNEL_UNLOCK();
 		break;
 #endif /* MROUTING */
 	default:
+		KERNEL_LOCK();
 		error = in_ioctl(cmd, data, ifp, privileged);
+		KERNEL_UNLOCK();
 		break;
 	}
 
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 3805c070fe8..89f81b7929d 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: in6.c,v 1.250 2022/11/12 16:36:07 kn Exp $	*/
+/*	$OpenBSD: in6.c,v 1.251 2022/11/19 14:26:40 kn Exp $	*/
 /*	$KAME: in6.c,v 1.372 2004/06/14 08:14:21 itojun Exp $	*/
 
 /*
@@ -207,11 +207,15 @@ in6_control(struct socket *so, u_long cmd, caddr_t data, struct ifnet *ifp)
 #ifdef MROUTING
 	case SIOCGETSGCNT_IN6:
 	case SIOCGETMIFCNT_IN6:
+		KERNEL_LOCK();
 		error = mrt6_ioctl(so, cmd, data);
+		KERNEL_UNLOCK();
 		break;
 #endif /* MROUTING */
 	default:
+		KERNEL_LOCK();
 		error = in6_ioctl(cmd, data, ifp, privileged);
+		KERNEL_UNLOCK();
 		break;
 	}
 
-- 
2.20.1