upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

inpcb: use locked variant of prison_check_ip*()

Browse source 
The pcb lookup always happens in the network epoch and in SMR section.
We can't block on a mutex due to the latter.  Right now this patch opens
up a race.  But soon that will be addressed by D33339.

Reviewed by:		markj, jamie
Differential revision:	https://reviews.freebsd.org/D33340
Fixes:			de2d47842e
This commit is contained in:
Gleb Smirnoff 2021-12-14 09:38:52 -08:00
parent 0e6b06d5c8
commit 185e659c40
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/netinet/in_pcb.c
View file

@ -2330,8 +2330,8 @@ in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr,
injail = prison_flag(inp->inp_cred, PR_IP4);
if (injail) {
if (prison_check_ip4(inp->inp_cred,
&laddr) != 0)
if (prison_check_ip4_locked(
inp->inp_cred->cr_prison, &laddr) != 0)
continue;
} else {
if (local_exact != NULL)

4
sys/netinet6/in6_pcb.c
View file

@ -1079,8 +1079,8 @@ in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
injail = prison_flag(inp->inp_cred, PR_IP6);
if (injail) {
if (prison_check_ip6(inp->inp_cred,
laddr) != 0)
if (prison_check_ip6_locked(
inp->inp_cred->cr_prison, laddr) != 0)
continue;
} else {
if (local_exact != NULL)