pfsync_state_import() must not be called with the pf state lock held,

since the actual modification of the state table is done by a call to pf_state_insert(), which takes the pf state lock itself. Other calls to pfsync_state_import() also only have the pf lock. Reported-by: syzbot+d6ea8620b43dc69ecbc6@syzkaller.appspotmail.com ok bluhm@
author: patrick <patrick@openbsd.org> 2021-02-09 23:37:54 +0000
committer: patrick <patrick@openbsd.org> 2021-02-09 23:37:54 +0000
commit: d7220220b7edab0576584f12b36dc5556e577b7d (patch)
tree: 0f399b542124a7ba394af48069535e8e4e1ac227
parent: sync (diff)
download: wireguard-openbsd-d7220220b7edab0576584f12b36dc5556e577b7d.tar.xz
wireguard-openbsd-d7220220b7edab0576584f12b36dc5556e577b7d.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c
index 10ada909601..ae7bb008351 100644
--- a/sys/net/pf_ioctl.c
+++ b/sys/net/pf_ioctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pf_ioctl.c,v 1.362 2021/02/09 14:06:19 patrick Exp $ */
+/*	$OpenBSD: pf_ioctl.c,v 1.363 2021/02/09 23:37:54 patrick Exp $ */
 
 /*
  * Copyright (c) 2001 Daniel Hartmeier
@@ -1725,9 +1725,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		}
 		NET_LOCK();
 		PF_LOCK();
-		PF_STATE_ENTER_WRITE();
 		error = pfsync_state_import(sp, PFSYNC_SI_IOCTL);
-		PF_STATE_EXIT_WRITE();
 		PF_UNLOCK();
 		NET_UNLOCK();
 		break;
author	patrick <patrick@openbsd.org>	2021-02-09 23:37:54 +0000
committer	patrick <patrick@openbsd.org>	2021-02-09 23:37:54 +0000
commit	d7220220b7edab0576584f12b36dc5556e577b7d (patch)
tree	0f399b542124a7ba394af48069535e8e4e1ac227
parent	sync (diff)
download	wireguard-openbsd-d7220220b7edab0576584f12b36dc5556e577b7d.tar.xz wireguard-openbsd-d7220220b7edab0576584f12b36dc5556e577b7d.zip