From b1e0f0ff9d35913f6c1dbedcf3a7f5d63eed682c Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Tue, 9 Jul 2024 20:41:52 +0200
Subject: [PATCH] pf: fix state locking issue when dumping by id

We forgot to unlock the state after dumping it. Do so now.

Sponsored by:	Orange Business Services
---
 sys/netpfil/pf/pf_nl.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index 615a9229b3f3..401baddde948 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -148,6 +148,8 @@ dump_state(struct nlpcb *nlp, const struct nlmsghdr *hdr, struct pf_kstate *s,
 	int af;
 	struct pf_state_key *key;
 
+	PF_STATE_LOCK_ASSERT(s);
+
 	if (!nlmsg_reply(nw, hdr, sizeof(struct genlmsghdr)))
 		goto enomem;
 
@@ -282,10 +284,16 @@ static int
 handle_getstate(struct nlpcb *nlp, struct nl_parsed_state *attrs,
     struct nlmsghdr *hdr, struct nl_pstate *npt)
 {
-	struct pf_kstate *s = pf_find_state_byid(attrs->id, attrs->creatorid);
+	struct pf_kstate *s;
+	int ret;
+
+	s = pf_find_state_byid(attrs->id, attrs->creatorid);
 	if (s == NULL)
 		return (ENOENT);
-	return (dump_state(nlp, hdr, s, npt));
+	ret = dump_state(nlp, hdr, s, npt);
+	PF_STATE_UNLOCK(s);
+
+	return (ret);
 }
 
 static int