From bbd685e3a58885e2eb6627af9c71c3d9fde87d6a Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Mon, 5 Jan 2015 23:07:22 +0000
Subject: [PATCH] Use crcopysafe(9) to make a copy of a process' credential
 struct. crcopy(9) may perform a blocking memory allocation, which is unsafe
 when holding a mutex.

Differential Revision:	https://reviews.freebsd.org/D1443
Reviewed by:	rwatson
MFC after:	1 week
Sponsored by:	EMC / Isilon Storage Division
---
 sys/kern/sys_capability.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/sys/kern/sys_capability.c b/sys/kern/sys_capability.c
index b3099056cff..79975513a4c 100644
--- a/sys/kern/sys_capability.c
+++ b/sys/kern/sys_capability.c
@@ -102,8 +102,7 @@ sys_cap_enter(struct thread *td, struct cap_enter_args *uap)
 	newcred = crget();
 	p = td->td_proc;
 	PROC_LOCK(p);
-	oldcred = p->p_ucred;
-	crcopy(newcred, oldcred);
+	oldcred = crcopysafe(p, newcred);
 	newcred->cr_flags |= CRED_FLAG_CAPMODE;
 	p->p_ucred = newcred;
 	PROC_UNLOCK(p);