From owner-svn-src-head@FreeBSD.ORG  Thu Dec 13 12:48:58 2012
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 56A48511;
 Thu, 13 Dec 2012 12:48:58 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 397F28FC14;
 Thu, 13 Dec 2012 12:48:58 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qBDCmwe1034918;
 Thu, 13 Dec 2012 12:48:58 GMT (envelope-from glebius@svn.freebsd.org)
Received: (from glebius@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id qBDCmw26034917;
 Thu, 13 Dec 2012 12:48:58 GMT (envelope-from glebius@svn.freebsd.org)
Message-Id: <201212131248.qBDCmw26034917@svn.freebsd.org>
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Thu, 13 Dec 2012 12:48:58 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r244184 - head/sys/netpfil/pf
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 12:48:58 -0000

Author: glebius
Date: Thu Dec 13 12:48:57 2012
New Revision: 244184
URL: http://svnweb.freebsd.org/changeset/base/244184

Log:
    Initialize state id prior to attaching state to key hash. Otherwise a
  race can happen, when pf_find_state() finds state via key hash, and locks
  id hash slot 0 instead of appropriate to state id slot.

Modified:
  head/sys/netpfil/pf/pf.c

Modified: head/sys/netpfil/pf/pf.c
==============================================================================
--- head/sys/netpfil/pf/pf.c	Thu Dec 13 11:11:15 2012	(r244183)
+++ head/sys/netpfil/pf/pf.c	Thu Dec 13 12:48:57 2012	(r244184)
@@ -1080,9 +1080,6 @@ pf_state_insert(struct pfi_kif *kif, str
 
 	s->kif = kif;
 
-	if (pf_state_key_attach(skw, sks, s))
-		return (-1);
-
 	if (s->id == 0 && s->creatorid == 0) {
 		/* XXX: should be atomic, but probability of collision low */
 		if ((s->id = V_pf_stateid[curcpu]++) == PFID_MAXID)
@@ -1092,6 +1089,9 @@ pf_state_insert(struct pfi_kif *kif, str
 		s->creatorid = V_pf_status.hostid;
 	}
 
+	if (pf_state_key_attach(skw, sks, s))
+		return (-1);
+
 	ih = &V_pf_idhash[PF_IDHASH(s)];
 	PF_HASHROW_LOCK(ih);
 	LIST_FOREACH(cur, &ih->states, entry)