Fix some LORs between vnode locks and filedescriptor table locks.

- Don't grab the filedesc lock just to read fd_cmask.
- Drop vnode locks earlier when mounting the root filesystem and before
  sanitizing stdin/out/err file descriptors during execve().

Submitted by:	kib
Approved by:	re (rwatson)
MFC after:	1 week

sys/fs/unionfs/union_subr.c

@@ -486,9 +486,7 @@ unionfs_create_uppervattr_core(struct unionfs_mount *ump,
 		}
 		break;
 	default:		/* UNIONFS_TRADITIONAL */
-		FILEDESC_SLOCK(td->td_proc->p_fd);
 		uva->va_mode = 0777 & ~td->td_proc->p_fd->fd_cmask;
-		FILEDESC_SUNLOCK(td->td_proc->p_fd);
 		uva->va_uid = ump->um_uid;
 		uva->va_gid = ump->um_gid;
 		break;

sys/kern/kern_exec.c

@@ -673,8 +673,8 @@ do_execve(td, args, mac_p)
 		 * allocate memory, so temporarily drop the process lock.
 		 */
 		PROC_UNLOCK(p);
-		setugidsafety(td);
 		VOP_UNLOCK(imgp->vp, 0);
+		setugidsafety(td);
 		error = fdcheckstd(td);
 		vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
 		if (error != 0)

sys/kern/vfs_mount.c

@@ -1069,9 +1069,10 @@ vfs_domount(
 		vfs_event_signal(NULL, VQ_MOUNT, 0);
 		if (VFS_ROOT(mp, LK_EXCLUSIVE, &newdp))
 			panic("mount: lost mount");
-		mountcheckdirs(vp, newdp);
-		vput(newdp);
+		VOP_UNLOCK(newdp, 0);
 		VOP_UNLOCK(vp, 0);
+		mountcheckdirs(vp, newdp);
+		vrele(newdp);
 		if ((mp->mnt_flag & MNT_RDONLY) == 0)
 			error = vfs_allocate_syncvnode(mp);
 		vfs_unbusy(mp);
@@ -1480,6 +1481,8 @@ set_rootvnode()
 	if (VFS_ROOT(TAILQ_FIRST(&mountlist), LK_EXCLUSIVE, &rootvnode))
 		panic("Cannot find root vnode");
 
+	VOP_UNLOCK(rootvnode, 0);
+
 	p = curthread->td_proc;
 	FILEDESC_XLOCK(p->p_fd);
 
@@ -1495,8 +1498,6 @@ set_rootvnode()
 
 	FILEDESC_XUNLOCK(p->p_fd);
 
-	VOP_UNLOCK(rootvnode, 0);
-
 	EVENTHANDLER_INVOKE(mountroot);
 }
 

sys/kern/vfs_syscalls.c

@@ -1307,10 +1307,8 @@ kern_mknodat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
 		return (EEXIST);
 	} else {
 		VATTR_NULL(&vattr);
-		FILEDESC_SLOCK(td->td_proc->p_fd);
 		vattr.va_mode = (mode & ALLPERMS) &
 		    ~td->td_proc->p_fd->fd_cmask;
-		FILEDESC_SUNLOCK(td->td_proc->p_fd);
 		vattr.va_rdev = dev;
 		whiteout = 0;
 
@@ -1442,9 +1440,7 @@ kern_mkfifoat(struct thread *td, int fd, char *path, enum uio_seg pathseg,
 	}
 	VATTR_NULL(&vattr);
 	vattr.va_type = VFIFO;
-	FILEDESC_SLOCK(td->td_proc->p_fd);
 	vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask;
-	FILEDESC_SUNLOCK(td->td_proc->p_fd);
 #ifdef MAC
 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
 	    &vattr);
@@ -1705,9 +1701,7 @@ kern_symlinkat(struct thread *td, char *path1, int fd, char *path2,
 		goto restart;
 	}
 	VATTR_NULL(&vattr);
-	FILEDESC_SLOCK(td->td_proc->p_fd);
 	vattr.va_mode = ACCESSPERMS &~ td->td_proc->p_fd->fd_cmask;
-	FILEDESC_SUNLOCK(td->td_proc->p_fd);
 #ifdef MAC
 	vattr.va_type = VLNK;
 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
@@ -3773,9 +3767,7 @@ kern_mkdirat(struct thread *td, int fd, char *path, enum uio_seg segflg,
 	}
 	VATTR_NULL(&vattr);
 	vattr.va_type = VDIR;
-	FILEDESC_SLOCK(td->td_proc->p_fd);
 	vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask;
-	FILEDESC_SUNLOCK(td->td_proc->p_fd);
 #ifdef MAC
 	error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
 	    &vattr);