Page MenuHomeFreeBSD
Differential D31914

aio: Fix up the opcode in aiocb32_copyin()
ClosedPublic
Actions

Authored by markj on Sep 11 2021, 4:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Sep 23, 6:35 PM
Unknown Object (File)
Sun, Sep 17, 8:50 PM
Unknown Object (File)
Thu, Sep 7, 4:23 AM
Unknown Object (File)
Aug 17 2023, 2:05 PM
Unknown Object (File)
Aug 16 2023, 10:10 AM
Unknown Object (File)
Jul 25 2023, 12:59 AM
Unknown Object (File)
Jul 14 2023, 7:40 AM
Unknown Object (File)
Jul 5 2023, 9:27 PM
View All 22 Files
Subscribers
imp

Details

Reviewers
asomers
kib
tmunro
Commits
rGc6c0b631fa26: aio: Fix up the opcode in aiocb32_copyin()
rG2884918c7338: aio: Fix up the opcode in aiocb32_copyin()
Summary

With lio_listio(2), the opcode is specified by userspace rather than
being hard-coded by the system call (e.g., aio_readv() -> LIO_READV).
kern_lio_listio() calls aio_aqueue() with an opcode of LIO_NOP, which
gets fixed up when the aiocb is copied in.

When copying in a job request, we need to dynamically allocate a uio to
wrap the iovec. So aiocb_copyin() needs to get the opcode from the
aiocb and then decide whether an allocation is required. We failed to
do this in the COMPAT_FREEBSD32 case. Fix it.

Reported by: syzbot+27eab6f2c2162f2885ee@syzkaller.appspotmail.com
Fixes: f30a1ae8d529 ("lio_listio(2): Allow LIO_READV and LIO_WRITEV.")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41468
Build 38357: arc lint + arc unit

Revision Contents
Changeset List

PathSize
sys/
kern/
2 lines

Diff 94980

View Options

sys/kern/vfs_aio.c

Loading...