jaildesc: Make sure to drain selinfo sleepers in jaildesc_close()

Otherwise they may be left on a freed selinfo list after the
corresponding jaildesc struct is freed. This can be exploited to
eleva

jaildesc: Make sure to drain selinfo sleepers in jaildesc_close()

Otherwise they may be left on a freed selinfo list after the
corresponding jaildesc struct is freed. This can be exploited to
elevate privileges.

Remove the JDF_SELECTED micro-optimization. doselwakeup() is a no-op if
no one ever called selrecord() on the file description, so I see no
reason to complicate the code to avoid the call.

Add some regression tests.

Approved by: so
Security: FreeBSD-SA-26:19.file
Security: CVE-2026-45251
Fixes: 66d8ffe3046d ("jaildesc: add kevent support")
Reviewed by: kib, jamie
Differential Revision: https://reviews.freebsd.org/D56945

show more ...