From f9a0c1a6378a904bcfda8b3ff89a25f74a8382fd Mon Sep 17 00:00:00 2001 From: patrick Date: Fri, 12 Feb 2021 16:16:10 +0000 Subject: [PATCH] pf_remove_divert_state() is an entry point into pf, modifying the pf state table. Hence we have to grab both the pf lock and the pf state lock. Found by dlg@ ok bluhm@ sashan@ --- sys/net/pf.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index be76937ce86..80174ecc6d4 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.1109 2021/02/12 13:48:31 bluhm Exp $ */ +/* $OpenBSD: pf.c,v 1.1110 2021/02/12 16:16:10 patrick Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -1404,6 +1404,10 @@ pf_remove_divert_state(struct pf_state_key *sk) { struct pf_state_item *si; + PF_ASSERT_UNLOCKED(); + + PF_LOCK(); + PF_STATE_ENTER_WRITE(); TAILQ_FOREACH(si, &sk->states, entry) { if (sk == si->s->key[PF_SK_STACK] && si->s->rule.ptr && (si->s->rule.ptr->divert.type == PF_DIVERT_TO || @@ -1412,6 +1416,8 @@ pf_remove_divert_state(struct pf_state_key *sk) break; } } + PF_STATE_EXIT_WRITE(); + PF_UNLOCK(); } void -- 2.20.1