From 15d5d4fb259837e703f830d0299f98ff08709f66 Mon Sep 17 00:00:00 2001
From: Eugene Grosbein <eugen@FreeBSD.org>
Date: Mon, 26 Nov 2018 11:17:12 +0000
Subject: [PATCH] MFC r339806: Prevent stf(4) from panicing due to unprotected
 access to INADDR_HASH.

PR:			220078
Differential Revision:	https://reviews.freebsd.org/D12457
Tested-by:		Cassiano Peixoto and others
---
 sys/net/if_stf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c
index 6ed846bc0955..36cdc81252df 100644
--- a/sys/net/if_stf.c
+++ b/sys/net/if_stf.c
@@ -372,6 +372,7 @@ stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
 static int
 stf_getsrcifa6(struct ifnet *ifp, struct in6_addr *addr, struct in6_addr *mask)
 {
+	struct rm_priotracker in_ifa_tracker;
 	struct ifaddr *ia;
 	struct in_ifaddr *ia4;
 	struct in6_ifaddr *ia6;
@@ -387,9 +388,11 @@ stf_getsrcifa6(struct ifnet *ifp, struct in6_addr *addr, struct in6_addr *mask)
 			continue;
 
 		bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in));
+		IN_IFADDR_RLOCK(&in_ifa_tracker);
 		LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash)
 			if (ia4->ia_addr.sin_addr.s_addr == in.s_addr)
 				break;
+		IN_IFADDR_RUNLOCK(&in_ifa_tracker);
 		if (ia4 == NULL)
 			continue;