In procfs_readdir(), when the directory being read was a process directory,

the target process was being held locked during the uiomove() call.  If the
process calling readdir() was the same as the target process (for instance
'ls /proc/curproc/'), and uiomove() caused a page fault, the result would
be a proc lock recursion.  I have no idea how long this has been broken -
possibly ever since pfind() was changed to lock the process it returns.

Also replace the one and only call to procfs_findtextvp() with a direct
test of td->td_proc->p_textvp.

1 files changed, 3 insertions, 1 deletions

diff --git a/sys/fs/procfs/procfs_vnops.c b/sys/fs/procfs/procfs_vnops.c
index 5367078..d9a5f57 100644
--- a/sys/fs/procfs/procfs_vnops.c
+++ b/sys/fs/procfs/procfs_vnops.c
@@ -741,7 +741,7 @@ procfs_validfile(td)
 	struct thread *td;
 {
 
-	return (procfs_findtextvp(td->td_proc) != NULLVP);
+	return (td->td_proc->p_textvp != NULLVP);
 }
 
 /*
@@ -816,8 +816,10 @@ procfs_readdir(ap)
 			bcopy(pt->pt_name, dp->d_name, pt->pt_namlen + 1);
 			dp->d_type = pt->pt_type;
 
+			PROC_UNLOCK(p);
 			if ((error = uiomove((caddr_t)dp, delen, uio)) != 0)
 				break;
+			PROC_LOCK(p);
 		}
 		PROC_UNLOCK(p);