o Correct an error made in revision 1.65: In readv(), if uap->iovcnt is

out-of-range, drop the file reference before returning.  (This error
   also exists in the RELENG_4 branch.)
 o Eliminate the acquisition and release of Giant in readv()
   now that malloc() and free() are callable without Giant.

sys/kern/sys_generic.c

@@ -232,29 +232,28 @@ readv(td, uap)
 	struct iovec *iov;
 	struct iovec *needfree;
 	struct iovec aiov[UIO_SMALLIOV];
-	long i, cnt, error = 0;
+	long i, cnt;
+	int error;
 	u_int iovlen;
 #ifdef KTRACE
 	struct iovec *ktriov = NULL;
 	struct uio ktruio;
 #endif
-	mtx_lock(&Giant);
 
 	if ((error = fget_read(td, uap->fd, &fp)) != 0)
-		goto done2;
+		return (error);
+	needfree = NULL;
 	/* note: can't use iovlen until iovcnt is validated */
 	iovlen = uap->iovcnt * sizeof (struct iovec);
 	if (uap->iovcnt > UIO_SMALLIOV) {
 		if (uap->iovcnt > UIO_MAXIOV) {
 			error = EINVAL;
-			goto done2;
+			goto done;
 		}
 		MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
 		needfree = iov;
-	} else {
+	} else
 		iov = aiov;
-		needfree = NULL;
-	}
 	auio.uio_iov = iov;
 	auio.uio_iovcnt = uap->iovcnt;
 	auio.uio_rw = UIO_READ;
@@ -305,8 +304,6 @@ readv(td, uap)
 	fdrop(fp, td);
 	if (needfree)
 		FREE(needfree, M_IOV);
-done2:
-	mtx_unlock(&Giant);
 	return (error);
 }