Fix the lock order reversal between the sigio lock and a process/pgrp lock in

funsetownlst() by locking the sigio lock across funsetownlst().

sys/kern/kern_descrip.c

@@ -571,6 +571,8 @@ funsetownlst(sigiolst)
 	struct proc *p;
 	struct pgrp *pg;
 
+	SIGIO_ASSERT(MA_OWNED);
+
 	sigio = SLIST_FIRST(sigiolst);
 	if (sigio == NULL)
 		return;
@@ -591,28 +593,30 @@ funsetownlst(sigiolst)
 	}
 
 	while ((sigio = SLIST_FIRST(sigiolst)) != NULL) {
-		SIGIO_LOCK();
 		*(sigio->sio_myref) = NULL;
-		SIGIO_UNLOCK();
 		if (pg != NULL) {
 			KASSERT(sigio->sio_pgid < 0, ("Proc sigio in pgrp sigio list"));
 			KASSERT(sigio->sio_pgrp == pg, ("Bogus pgrp in sigio list"));
 			SLIST_REMOVE(&pg->pg_sigiolst, sigio, sigio, sio_pgsigio);
 			PGRP_UNLOCK(pg);
+			SIGIO_UNLOCK();
 			crfree(sigio->sio_ucred);
 			mtx_lock(&Giant);
 			FREE(sigio, M_SIGIO);
 			mtx_unlock(&Giant);
+			SIGIO_LOCK();
 			PGRP_LOCK(pg);
 		} else /* if (p != NULL) */ {
 			KASSERT(sigio->sio_pgid > 0, ("Pgrp sigio in proc sigio list"));
 			KASSERT(sigio->sio_proc == p, ("Bogus proc in sigio list"));
 			SLIST_REMOVE(&p->p_sigiolst, sigio, sigio, sio_pgsigio);
 			PROC_UNLOCK(p);
+			SIGIO_UNLOCK();
 			crfree(sigio->sio_ucred);
 			mtx_lock(&Giant);
 			FREE(sigio, M_SIGIO);
 			mtx_unlock(&Giant);
+			SIGIO_LOCK();
 			PROC_LOCK(p);
 		}
 	}

sys/kern/kern_exit.c

@@ -191,9 +191,11 @@ exit1(td, rv)
 	 * Reset any sigio structures pointing to us as a result of
 	 * F_SETOWN with our pid.
 	 */
+	SIGIO_LOCK();
 	PROC_LOCK(p);
 	funsetownlst(&p->p_sigiolst);
 	PROC_UNLOCK(p);
+	SIGIO_UNLOCK();
 
 	/*
 	 * Close open files and release open-file table.

sys/kern/kern_proc.c

@@ -474,6 +474,7 @@ pgdelete(pgrp)
 	PGRP_LOCK_ASSERT(pgrp, MA_NOTOWNED);
 	SESS_LOCK_ASSERT(pgrp->pg_session, MA_NOTOWNED);
 
+	SIGIO_LOCK();
 	PGRP_LOCK(pgrp);
 
 	/*
@@ -481,6 +482,7 @@ pgdelete(pgrp)
 	 * F_SETOWN with our pgid.
 	 */
 	funsetownlst(&pgrp->pg_sigiolst);
+	SIGIO_UNLOCK();
 
 	if (pgrp->pg_session->s_ttyp != NULL &&
 	    pgrp->pg_session->s_ttyp->t_pgrp == pgrp)