Page MenuHomeFreeBSD
Differential D31914

aio: Fix up the opcode in aiocb32_copyin()
ClosedPublic
Actions

Authored by markj on Sep 11 2021, 4:24 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, May 15, 5:23 AM
Unknown Object (File)
May 7 2023, 2:03 PM
Unknown Object (File)
Apr 26 2023, 4:14 AM
Unknown Object (File)
Feb 10 2023, 1:33 AM
Unknown Object (File)
Jan 12 2023, 7:21 AM
Unknown Object (File)
Dec 10 2022, 9:14 PM
Unknown Object (File)
Dec 2 2022, 10:40 AM
Unknown Object (File)
Nov 27 2022, 10:50 PM
Subscribers
imp

Details

Reviewers
asomers
kib
tmunro
Commits
rG2884918c7338: aio: Fix up the opcode in aiocb32_copyin()
Summary

With lio_listio(2), the opcode is specified by userspace rather than
being hard-coded by the system call (e.g., aio_readv() -> LIO_READV).
kern_lio_listio() calls aio_aqueue() with an opcode of LIO_NOP, which
gets fixed up when the aiocb is copied in.

When copying in a job request, we need to dynamically allocate a uio to
wrap the iovec. So aiocb_copyin() needs to get the opcode from the
aiocb and then decide whether an allocation is required. We failed to
do this in the COMPAT_FREEBSD32 case. Fix it.

Reported by: syzbot+27eab6f2c2162f2885ee@syzkaller.appspotmail.com
Fixes: f30a1ae8d529 ("lio_listio(2): Allow LIO_READV and LIO_WRITEV.")

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 41468
Build 38357: arc lint + arc unit

Event Timeline

markj created this revision.Sep 11 2021, 4:24 PM
Herald added a subscriber: imp. · View Herald TranscriptSep 11 2021, 4:24 PM
markj requested review of this revision.Sep 11 2021, 4:24 PM
Harbormaster completed remote builds in B41468: Diff 94980.Sep 11 2021, 4:24 PM
asomers accepted this revision.Sep 11 2021, 4:38 PM

Good catch. Too bad I hadn't gotten around to adding aio_writev support to Nix, or its test suite would've caught this.

This revision is now accepted and ready to land.Sep 11 2021, 4:38 PM
kib accepted this revision.Sep 11 2021, 4:53 PM
Closed by commit rG2884918c7338: aio: Fix up the opcode in aiocb32_copyin() (authored by markj). · Explain WhySep 11 2021, 5:04 PM
This revision was automatically updated to reflect the committed changes.
markj added a commit: rG2884918c7338: aio: Fix up the opcode in aiocb32_copyin().
tmunro added a comment.Sep 11 2021, 8:11 PM

Right. Thanks!

Revision Contents
Changeset List

PathSize
sys/
kern/
2 lines

Diff 94980

View Options

sys/kern/vfs_aio.c

Loading...