diff --git a/sys/netinet/ip_divert.c b/sys/netinet/ip_divert.c index 9e7f0621917..a2caef54a30 100644 --- a/sys/netinet/ip_divert.c +++ b/sys/netinet/ip_divert.c @@ -653,11 +653,13 @@ div_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_divcbinfo); for (inp = LIST_FIRST(V_divcbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && - cr_canseeinpcb(req->td->td_ucred, inp) == 0) + cr_canseeinpcb(req->td->td_ucred, inp) == 0) { + in_pcbref(inp); inp_list[i++] = inp; - INP_RUNLOCK(inp); + } + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_divcbinfo); n = i; @@ -679,6 +681,15 @@ div_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_divcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_divcbinfo); + if (!error) { /* * Give the user an updated idea of our state. diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 9341cf29bbe..6b3ca8b6d19 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -1025,13 +1025,13 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_ripcbinfo); for (inp = LIST_FIRST(V_ripcbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && cr_canseeinpcb(req->td->td_ucred, inp) == 0) { - /* XXX held references? */ + in_pcbref(inp); inp_list[i++] = inp; } - INP_RUNLOCK(inp); + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_ripcbinfo); n = i; @@ -1054,6 +1054,15 @@ rip_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_ripcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_ripcbinfo); + if (!error) { /* * Give the user an updated idea of our state. If the diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index a784f367498..2fc1468d00d 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -1102,7 +1102,7 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_tcbinfo); for (inp = LIST_FIRST(V_tcbinfo.ipi_listhead), i = 0; inp != NULL && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt) { /* * XXX: This use of cr_cansee(), introduced with @@ -1117,10 +1117,12 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) error = EINVAL; /* Skip this inp. */ } else error = cr_canseeinpcb(req->td->td_ucred, inp); - if (error == 0) + if (error == 0) { + in_pcbref(inp); inp_list[i++] = inp; + } } - INP_RUNLOCK(inp); + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_tcbinfo); n = i; @@ -1156,8 +1158,16 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS) error = SYSCTL_OUT(req, &xt, sizeof xt); } else INP_RUNLOCK(inp); - } + INP_INFO_WLOCK(&V_tcbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_tcbinfo); + if (!error) { /* * Give the user an updated idea of our state. diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index b5846c36c43..a349d387b5f 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -766,11 +766,13 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) INP_INFO_RLOCK(&V_udbinfo); for (inp = LIST_FIRST(V_udbinfo.ipi_listhead), i = 0; inp && i < n; inp = LIST_NEXT(inp, inp_list)) { - INP_RLOCK(inp); + INP_WLOCK(inp); if (inp->inp_gencnt <= gencnt && - cr_canseeinpcb(req->td->td_ucred, inp) == 0) + cr_canseeinpcb(req->td->td_ucred, inp) == 0) { + in_pcbref(inp); inp_list[i++] = inp; - INP_RUNLOCK(inp); + } + INP_WUNLOCK(inp); } INP_INFO_RUNLOCK(&V_udbinfo); n = i; @@ -781,6 +783,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) INP_RLOCK(inp); if (inp->inp_gencnt <= gencnt) { struct xinpcb xi; + bzero(&xi, sizeof(xi)); xi.xi_len = sizeof xi; /* XXX should avoid extra copy */ @@ -793,6 +796,15 @@ udp_pcblist(SYSCTL_HANDLER_ARGS) } else INP_RUNLOCK(inp); } + INP_INFO_WLOCK(&V_udbinfo); + for (i = 0; i < n; i++) { + inp = inp_list[i]; + INP_WLOCK(inp); + if (!in_pcbrele(inp)) + INP_WUNLOCK(inp); + } + INP_INFO_WUNLOCK(&V_udbinfo); + if (!error) { /* * Give the user an updated idea of our state. If the