Page MenuHomeFreeBSD
Differential D31914

aio: Fix up the opcode in aiocb32_copyin()
ClosedPublic
Actions

Authored by markj on Sep 11 2021, 4:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 12, 1:05 PM
Unknown Object (File)
Wed, Oct 30, 10:09 PM
Unknown Object (File)
Oct 25 2024, 9:13 PM
Unknown Object (File)
Oct 25 2024, 11:13 AM
Unknown Object (File)
Sep 21 2024, 10:41 PM
Unknown Object (File)
Sep 21 2024, 3:57 AM
Unknown Object (File)
Sep 20 2024, 2:10 PM
Unknown Object (File)
Sep 20 2024, 5:28 AM
View All 66 Files
Subscribers
imp

Details

Reviewers
asomers
kib
tmunro
Commits
rGc6c0b631fa26: aio: Fix up the opcode in aiocb32_copyin()
rG2884918c7338: aio: Fix up the opcode in aiocb32_copyin()
Summary

With lio_listio(2), the opcode is specified by userspace rather than
being hard-coded by the system call (e.g., aio_readv() -> LIO_READV).
kern_lio_listio() calls aio_aqueue() with an opcode of LIO_NOP, which
gets fixed up when the aiocb is copied in.

When copying in a job request, we need to dynamically allocate a uio to
wrap the iovec. So aiocb_copyin() needs to get the opcode from the
aiocb and then decide whether an allocation is required. We failed to
do this in the COMPAT_FREEBSD32 case. Fix it.

Reported by: syzbot+27eab6f2c2162f2885ee@syzkaller.appspotmail.com
Fixes: f30a1ae8d529 ("lio_listio(2): Allow LIO_READV and LIO_WRITEV.")

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
kern/
2 lines

Diff 94981

View Options

sys/kern/vfs_aio.c

Loading...