From d7220220b7edab0576584f12b36dc5556e577b7d Mon Sep 17 00:00:00 2001 From: patrick Date: Tue, 9 Feb 2021 23:37:54 +0000 Subject: [PATCH] pfsync_state_import() must not be called with the pf state lock held, since the actual modification of the state table is done by a call to pf_state_insert(), which takes the pf state lock itself. Other calls to pfsync_state_import() also only have the pf lock. Reported-by: syzbot+d6ea8620b43dc69ecbc6@syzkaller.appspotmail.com ok bluhm@ --- sys/net/pf_ioctl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 10ada909601..ae7bb008351 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.362 2021/02/09 14:06:19 patrick Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.363 2021/02/09 23:37:54 patrick Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1725,9 +1725,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p) } NET_LOCK(); PF_LOCK(); - PF_STATE_ENTER_WRITE(); error = pfsync_state_import(sp, PFSYNC_SI_IOCTL); - PF_STATE_EXIT_WRITE(); PF_UNLOCK(); NET_UNLOCK(); break; -- 2.20.1