inpcb: use locked variant of prison_check_ip*()

The pcb lookup always happens in the network epoch and in SMR section.
We can't block on a mutex due to the latter.  Right now this patch opens
up a race.  But soon that will be addressed by D33339.

Reviewed by:		markj, jamie
Differential revision:	https://reviews.freebsd.org/D33340
Fixes:			de2d47842e8

2 files changed, 4 insertions, 4 deletions

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index ffcc93553c22..4dc3c737b914 100644
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -2330,8 +2330,8 @@ in_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in_addr faddr,
 
 			injail = prison_flag(inp->inp_cred, PR_IP4);
 			if (injail) {
-				if (prison_check_ip4(inp->inp_cred,
-				    &laddr) != 0)
+				if (prison_check_ip4_locked(
+				    inp->inp_cred->cr_prison, &laddr) != 0)
 					continue;
 			} else {
 				if (local_exact != NULL)
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c
index d6c6593f2adf..f86c72958a9e 100644
--- a/sys/netinet6/in6_pcb.c
+++ b/sys/netinet6/in6_pcb.c
@@ -1079,8 +1079,8 @@ in6_pcblookup_hash_locked(struct inpcbinfo *pcbinfo, struct in6_addr *faddr,
 
 			injail = prison_flag(inp->inp_cred, PR_IP6);
 			if (injail) {
-				if (prison_check_ip6(inp->inp_cred,
-				    laddr) != 0)
+				if (prison_check_ip6_locked(
+				    inp->inp_cred->cr_prison, laddr) != 0)
 					continue;
 			} else {
 				if (local_exact != NULL)