From b58a46347c8dd81137ef164fba1ab6b60c5b94c4 Mon Sep 17 00:00:00 2001
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Thu, 31 Dec 2020 19:55:49 -0800
Subject: [PATCH] jail: revert the attachment part of b4e87a632955

The change to kern_jail_set that was supposed to "also properly clean
up when attachment fails" didn't fix a memory leak but actually caused
a double free.  Back that part out, and leave the part that manages
allprison_lock state.
---
 sys/kern/kern_jail.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 1ecb023717bd..55006939a5ff 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -1835,14 +1835,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 		slocked = 0;
 		if (error) {
 			vfs_opterror(opts, "attach failed");
-			if (born) {
-				sx_slock(&allprison_lock);
-				slocked = PD_LIST_SLOCKED;
-				(void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL);
-			}
-			prison_deref(pr, created
-			    ? slocked
-			    : PD_DEREF | slocked);
+			if (!created)
+				prison_deref(pr, PD_DEREF);
 			goto done_errmsg;
 		}
 	}