svn commit: r244184 - head/sys/netpfil/pf

Thu Dec 13 12:48:58 UTC 2012

Author: glebius
Date: Thu Dec 13 12:48:57 2012
New Revision: 244184
URL: http://svnweb.freebsd.org/changeset/base/244184

Log:
    Initialize state id prior to attaching state to key hash. Otherwise a
  race can happen, when pf_find_state() finds state via key hash, and locks
  id hash slot 0 instead of appropriate to state id slot.

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================

--- head/sys/netpfil/pf/pf.c	Thu Dec 13 11:11:15 2012	(r244183)
+++ head/sys/netpfil/pf/pf.c	Thu Dec 13 12:48:57 2012	(r244184)
@@ -1080,9 +1080,6 @@ pf_state_insert(struct pfi_kif *kif, str
 
 	s->kif = kif;
 
-	if (pf_state_key_attach(skw, sks, s))
-		return (-1);
-
 	if (s->id == 0 && s->creatorid == 0) {
 		/* XXX: should be atomic, but probability of collision low */
 		if ((s->id = V_pf_stateid[curcpu]++) == PFID_MAXID)
@@ -1092,6 +1089,9 @@ pf_state_insert(struct pfi_kif *kif, str
 		s->creatorid = V_pf_status.hostid;
 	}
 
+	if (pf_state_key_attach(skw, sks, s))
+		return (-1);
+
 	ih = &V_pf_idhash[PF_IDHASH(s)];
 	PF_HASHROW_LOCK(ih);
 	LIST_FOREACH(cur, &ih->states, entry)
