Don't call crdup nor uifind under vnode lock.

A locked vnode can get into the way of satisyfing malloc with M_WATOK. This is a fixup to r268087. Suggested by: kib MFC after: 1 week
2014-07-07 14:03:30 +00:00 · 2014-07-07 14:03:30 +00:00 · 5e2554b7f8
commit 5e2554b7f8
parent dbd849d868
1 changed files with 4 additions and 2 deletions
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -718,11 +718,11 @@ do_execve(td, args, mac_p)
 		VOP_UNLOCK(imgp->vp, 0);
 		setugidsafety(td);
 		error = fdcheckstd(td);
-		vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
 		if (error != 0)
 			goto done1;
 		newcred = crdup(oldcred);
 		euip = uifind(attr.va_uid);
+		vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
 		PROC_LOCK(p);
 		/*
 		 * Set the new credentials.
@ -766,7 +766,9 @@ do_execve(td, args, mac_p)
 		if (oldcred->cr_svuid != oldcred->cr_uid ||
 		    oldcred->cr_svgid != oldcred->cr_gid) {
 			PROC_UNLOCK(p);
+			VOP_UNLOCK(imgp->vp, 0);
 			newcred = crdup(oldcred);
+			vn_lock(imgp->vp, LK_SHARED | LK_RETRY);
 			PROC_LOCK(p);
 			change_svuid(newcred, newcred->cr_uid);
 			change_svgid(newcred, newcred->cr_gid);
@ -843,6 +845,7 @@ do_execve(td, args, mac_p)

 	SDT_PROBE(proc, kernel, , exec__success, args->fname, 0, 0, 0, 0);

+	VOP_UNLOCK(imgp->vp, 0);
 done1:
 	/*
 	 * Free any resources malloc'd earlier that we didn't use.
@ -851,7 +854,6 @@ do_execve(td, args, mac_p)
 		uifree(euip);
 	if (newcred != NULL)
 		crfree(oldcred);
-	VOP_UNLOCK(imgp->vp, 0);

 	/*
 	 * Handle deferred decrement of ref counts.