From a14465e1b9a53d6abf58f42e113c1888ffeebe42 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Tue, 14 Jun 2022 11:27:38 -0400 Subject: [PATCH] rip6: Fix a lock order reversal in rip6_bind() See also commit 71a1539e3783. Reported by: syzbot+9b461b6a07a83cc10daa@syzkaller.appspotmail.com Reported by: syzbot+b6ce0aec16f5fdab3282@syzkaller.appspotmail.com Reviewed by: glebius MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D35472 --- sys/netinet6/raw_ip6.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index 04137a8ed0a..be7c57a52cf 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -760,11 +760,11 @@ rip6_bind(struct socket *so, struct sockaddr *nam, struct thread *td) return (EADDRNOTAVAIL); } NET_EPOCH_EXIT(et); - INP_INFO_WLOCK(&V_ripcbinfo); INP_WLOCK(inp); + INP_INFO_WLOCK(&V_ripcbinfo); inp->in6p_laddr = addr->sin6_addr; - INP_WUNLOCK(inp); INP_INFO_WUNLOCK(&V_ripcbinfo); + INP_WUNLOCK(inp); return (0); }