From 606c58db25ac58ad62d53be6f48bd7635cd7d561 Mon Sep 17 00:00:00 2001
From: Randall Stewart <rrs@FreeBSD.org>
Date: Fri, 2 Jul 2010 09:53:26 +0000
Subject: [PATCH] Fix a bug that WILL cause a panic.  Basically a read-lock is
 being called to check the vtag-timewait cache. Then in two cases (where a
 vtag is bad i.e. in the time-wait state) the write-unlock is called NOT the
 read-unlock. Under conditions where lots of associations are coming and going
 this will cause the system to panic at some point.

MFC after:	3 days
---
 sys/netinet/sctp_pcb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netinet/sctp_pcb.c b/sys/netinet/sctp_pcb.c
index ef4e88bb7c6..559938adec4 100644
--- a/sys/netinet/sctp_pcb.c
+++ b/sys/netinet/sctp_pcb.c
@@ -6499,7 +6499,7 @@ sctp_is_vtag_good(struct sctp_inpcb *inp, uint32_t tag, uint16_t lport, uint16_t
 				continue;
 			}
 			/* Its a used tag set */
-			SCTP_INP_INFO_WUNLOCK();
+			SCTP_INP_INFO_RUNLOCK();
 			return (0);
 		}
 	}
@@ -6528,7 +6528,7 @@ skip_vtag_check:
 					    (twait_block->vtag_block[i].lport == lport) &&
 				    (twait_block->vtag_block[i].rport == rport)) {
 					/* Bad tag, sorry :< */
-					SCTP_INP_INFO_WUNLOCK();
+					SCTP_INP_INFO_RUNLOCK();
 					return (0);
 				}
 			}