git: a523d882a467 - main - vfs_syscall.c: do not take process lock around the read of P2_NO_NEW_PRIVS
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 02 Aug 2025 23:35:23 UTC
The branch main has been updated by kib:
URL: https://cgit.FreeBSD.org/src/commit/?id=a523d882a4671040aba57549492f8df6676cb855
commit a523d882a4671040aba57549492f8df6676cb855
Author: Konstantin Belousov <kib@FreeBSD.org>
AuthorDate: 2025-08-02 17:57:44 +0000
Commit: Konstantin Belousov <kib@FreeBSD.org>
CommitDate: 2025-08-02 23:02:43 +0000
vfs_syscall.c: do not take process lock around the read of P2_NO_NEW_PRIVS
The flag is write-only, and if we raced with reading the action of
setting the flag, we can as well get it under the lock.
Reviewed by: emaste, kevans
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D51708
---
sys/kern/vfs_syscalls.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 25d40a9806cb..a0e56a8fd8a7 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -982,13 +982,10 @@ kern_chroot(struct thread *td, struct vnode *vp)
error = priv_check(td, PRIV_VFS_CHROOT);
if (error != 0) {
p = td->td_proc;
- PROC_LOCK(p);
if (unprivileged_chroot == 0 ||
(p->p_flag2 & P2_NO_NEW_PRIVS) == 0) {
- PROC_UNLOCK(p);
goto e_vunlock;
}
- PROC_UNLOCK(p);
}
error = change_dir(vp, td);