From 28309d818643211cd39f3e10fe6449e8ac142d48 Mon Sep 17 00:00:00 2001
From: bz <bz@FreeBSD.org>
Date: Mon, 6 Jun 2016 13:17:25 +0000
Subject: [PATCH] In if_purgeaddrs() we cannot hold the lock over the entire
 loop due to called functions (as in other parts of the stack, leave a
 comment). Put around a lock the removal of the ifa from the list however to
 reduce the possible race with other places.

Obtained from:	projects/vnet
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
---
 sys/net/if.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys/net/if.c b/sys/net/if.c
index 6845bbf7ee0d..bd505e291c84 100644
--- a/sys/net/if.c
+++ b/sys/net/if.c
@@ -848,6 +848,7 @@ if_purgeaddrs(struct ifnet *ifp)
 {
 	struct ifaddr *ifa, *next;
 
+	/* XXX cannot hold IF_ADDR_WLOCK over called functions. */
 	TAILQ_FOREACH_SAFE(ifa, &ifp->if_addrhead, ifa_link, next) {
 		if (ifa->ifa_addr->sa_family == AF_LINK)
 			continue;
@@ -872,7 +873,9 @@ if_purgeaddrs(struct ifnet *ifp)
 			continue;
 		}
 #endif /* INET6 */
+		IF_ADDR_WLOCK(ifp);
 		TAILQ_REMOVE(&ifp->if_addrhead, ifa, ifa_link);
+		IF_ADDR_WUNLOCK(ifp);
 		ifa_free(ifa);
 	}
 }