From cd4a1797b08186a4855f52f82ecd6b235310aae1 Mon Sep 17 00:00:00 2001 From: Mateusz Guzik Date: Sat, 22 Aug 2020 16:57:45 +0000 Subject: [PATCH] fd: pwd_drop after releasing filedesc lock Fixes a potential LOR against vnode lock. --- sys/kern/kern_descrip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 7533802d716..aba538ba81c 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -3957,7 +3957,6 @@ kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, vrefact(pwd->pwd_jdir); export_vnode_to_sb(pwd->pwd_jdir, KF_FD_TYPE_JAIL, FREAD, efbuf); } - pwd_drop(pwd); } lastfile = fdlastfile(fdp); for (i = 0; fdp->fd_refcnt > 0 && i <= lastfile; i++) { @@ -3979,6 +3978,8 @@ kern_proc_filedesc_out(struct proc *p, struct sbuf *sb, ssize_t maxlen, break; } FILEDESC_SUNLOCK(fdp); + if (pwd != NULL) + pwd_drop(pwd); fddrop(fdp); fail: free(efbuf, M_TEMP); @@ -4100,7 +4101,6 @@ sysctl_kern_proc_ofiledesc(SYSCTL_HANDLER_ARGS) if (pwd->pwd_jdir != NULL) export_vnode_for_osysctl(pwd->pwd_jdir, KF_FD_TYPE_JAIL, kif, okif, fdp, req); - pwd_drop(pwd); } lastfile = fdlastfile(fdp); for (i = 0; fdp->fd_refcnt > 0 && i <= lastfile; i++) { @@ -4116,6 +4116,8 @@ sysctl_kern_proc_ofiledesc(SYSCTL_HANDLER_ARGS) break; } FILEDESC_SUNLOCK(fdp); + if (pwd != NULL) + pwd_drop(pwd); fddrop(fdp); free(kif, M_TEMP); free(okif, M_TEMP);